Skip to Content
0

SAP BO 3.1 SP5 Manual AD Authentication works but SSO does not

Mar 31, 2017 at 05:36 PM

130

avatar image

We followed @tim.ziemba document SSO Kerberos XI 3.1 SP 3 or later

Issue :

InfoView Manual Authentication for all Windows AD Users but SSO Does not

Please help.

let me know if you need additional information.

10 |10000 characters needed characters left characters exceeded
* Please Login or Register to Answer, Follow or Comment.

3 Answers

Tim Ziemba
Apr 25, 2017 at 05:50 PM
0

did you get the credentials obtained in the tomcat logs? Is SSO failing with a login screen, or is there an error. An error indicates SSO is actually enabled, and your AD configuration is probably incorrect (SPN's delegation, DNS, values in global.properties, etc), login screen can mean SSO isn't enabled (check for credentials obtained) or sometimes also means the AD configuration is incorrect.

Regards,

Tim

Share
10 |10000 characters needed characters left characters exceeded
Sandm support May 08, 2017 at 06:49 AM
0
Hi Tim, No failing error messages, it is prompting to main page, after entering windows ad credentials manually it is working fine. But sso is enabled in CMC and also correct DNS values in properties files. I have verified the logs and not showing credentials obtained. Please suggest other any settings need to check. thanks
Share
10 |10000 characters needed characters left characters exceeded
Tim Ziemba
May 17, 2017 at 02:48 PM
0

no credentials obtained means that the value for idm.princ@IDM.REALM in your global.properties is not working, or you don't have

-Djcsi.kerberos.debug=true in your tomcat java options. With that tracing enabled, tomcat restarted (preferably delete any old logs) KBA 1631734 instructs to look for credentials obtained. If that fails the values in the global.properties are not correct (lok for typos, spaces, etc)

Regards,

Tim

Share
10 |10000 characters needed characters left characters exceeded