Skip to Content
0

SAP BO-BI 4.2 (SP04) - Problem with "looping" Login page on new FIORI BI Launchpad..?

May 25, 2017 at 02:05 PM

3k

avatar image

Have checked all of the settings documented HERE - and am using the same ADMINISTRATOR (Enterprise) account credentials that work OK in the regular CMC and Old Launchpad on the same BI Platform and Tomcat environment.

1.) CMC -> Applications -> RESTFul WebService is configured with Fully-Qualified Domain Name (FQDN).



2.) Checked that the REST SDK APIs, simple API is working OK using the FQDN.



3.) Confirmed that the Web Application Container Server (WACS) is running OK on that environment by testing the CMC -> BI Administrators' Cockpit using the same Administrator (Enterprise) credentials.

4.) We can get to the Login-Page for the new FIORI BI Launchpad, and had updated the Bing.properties file to expose everything on the Login-Page.



5.) We enter exactly the same System, User Name, Password & Authentication values into the new FIORI BI Launchpad....and get the "Three-Dots" Fiori-Processing overlay for a couple of seconds...but then it reverts back to the Login-Screen.

...We never get to the FIORI Launchpad "Home" page...

No Error-Messages or anything...just kicks us back to the Login-Screen.

6.) We have CONFIRMED that the CMS-Connection is actually taking place via the FIORI BI Launchpad by testing that page with a BLANK password.



Based on all of the above - it appears that everything is configured correctly, and is passing VALID login info to the CMS from the FIORI BI Launchpad.

However, it is not "completing" the hand-over to the new HOME page for the FIORI BI Launchpad

Are there any new SECURITY Settings or PERMISSIONS that need to be granted to give users access to the new FIORI BI Launchpad..?

Thanks in advance for any advice on how to resolve this issue.

10 |10000 characters needed characters left characters exceeded
* Please Login or Register to Answer, Follow or Comment.

7 Answers

Denis Konovalov
May 25, 2017 at 05:11 PM
0

try in Chrome, see if you get same issue or not.
By default it should be accessible to Administrator, without any other steps. Right of the bat.

Share
10 |10000 characters needed characters left characters exceeded
Bharath B N
May 25, 2017 at 05:35 PM
0

1. Please check each time logon fail - session count increasing in CMC->Sessions.

2. In Browser press F12 and select network tab (If IE browser please press Play button).

Then Enter Username and Password press Enter .

Please watch the network - there must one response with 401 Response code .

Check this response is coming from Tomcat(8080 port) or WACs(6405 port) (REST).

-Bharath

Share
10 |10000 characters needed characters left characters exceeded
Mark Richardson May 25, 2017 at 06:07 PM
0

Denis / Bharath -

Can't use CHROME on this network. IE-11.0.42 only.

1. Session Count and User ID are not updating / increasing in CMC -> Sessions after looping login attempts.

2. Ran the process as suggested above - and monitored the network-traffic on the IE Browser at the Login Attempt...

No HTTP 401 errors - but we got two (2) HTTP 404 "File not found" errors on 8080.

Specific to - Key Value Request GET /BOE/portal/1705180929/Bing/resources/sapui5/resources/sap/ui/core/messagebundle_en_CA.properties HTTP/1.1

Took a look down into the SAPUI5 directory on the Tomcat Catalina path - and that file does not exist.

It is an ENGLISH-CANADA specific Properties file. Looks like it did not get deployed correctly during the upgrade..?

Should I do an UNDEPLOY and REDEPLOY of everything on the Web-Layer using the WDEPLOY tools..?

My sense is that the Upgrade process didn't update the Web-Applications correctly in the move from SP03 -> SP04.

Let me know.

Thanks,
Mark

Share
10 |10000 characters needed characters left characters exceeded
Bharath B N
May 25, 2017 at 06:29 PM
0

Hi Mark,

I agree your point. But if that is the case - authentication error shouldn't come.

One last attempt:

1. Please clear the browser cache and reload the URL : http://host:8080/BOE/BILaunchpad

2. can you watch the network call which API is getting this error message from backend: New_Fiori_BI_Launchpad_Blank_Password.jpg

-Bharath

Share
10 |10000 characters needed characters left characters exceeded
Bharath B N
May 25, 2017 at 06:41 PM
0

One more thing is any one of the BI launchpad (BOE/BI or BOE/BILaunchpad) is logged in, then Same browser if user hits other one, that shouldn't ask for credentials .

-Bharath

Show 3 Share
10 |10000 characters needed characters left characters exceeded

OK - so logging into Regular Launchpad and then the New UI5 Launchpad in the same Browser got us a more descriptive error...

"User has no rights to login to New BI Launchpad. Please contact administrator."

The error is the same for a REGULAR User and our Administrator (Enterprise) Account - so that takes us back to the problem from the CMC Security settings problem from earlier.

In your Screenshot from the CMC there is an option - that we don't see in our CMC after the upgrade.

Your screenshot from CMC -

What we see in our CMC (after the upgrade to SP04) -

For whatever reason - that new " Logon to new Fiorified BI Launch Pad" right is not visible in our CMC after the upgrade to SP04...and that is why we can't LOGIN to it.

Is there any way to fix what we are seeing in the CMC..?
0

did you cleared tomcat work folder and restarted ?

0

Hi Mark,

Were you able to figure out this issue?

I upgraded our environment to 42 SP5. When I login, I get no error messages and the login screen comes back.

In fiddler, I see 404 error: https://<lb url>t/BOE/portal/1804141933/PlatformServices/sapui5/resources/sap/ui/core/messagebundle_en_US.properties

Thanks, Roopa

0
Roopa Puranik Oct 03, 2017 at 07:01 PM
0

Hi,

We are on BI 4.2 SP4 P2, Red Hat Linux, SSL configured, Load Balance (LB) URL, Oracle repo db, Tocmat8 with 2 tomcat servers and 2 CMS servers: Tomcat is in DMZ.

When I login to BILaunchpad using the LB URL https://<lburl.com>/BOE/BILaunchpad, I get a logon screen but after I login I get an error message: Logon failed for WACS. Contact system administrator for necessary rights.

HTTPS is enabled in WACS

http://<localhost>:6405/biprws/v1/about -- works fine

Restful Web Service URL is set to: http://<localhost>:6405/biprws -- The url works fine in the browser

I ran the fiddler tool and I noticed I get a 404 error same as what Mark noticed: error: /BOE/portal/1705180929/Bing/resources/sapui5/resources/sap/ui/core/messagebundle_en_US.properties HTTP/1.1

However, if I login to tomcat URL http://<tomcathost>:8080/BOE/BILaunchpad I am able to login ok.

What am I missing?

Thank you all in advance for your help!

Show 15 Share
10 |10000 characters needed characters left characters exceeded

Please change the URL in CMC->Applications->RestFul web services to https://<wacs>/biprws

Make sure same url is working fine from outside of installed machine.

-Bharath

0

Hi Bharath,

Thanks for your reply. Do you mean <wacs> host name of the server where the WACS proc server is installed?

If so I tried http://<localhost>:6405/biprws -- this works

but with "https" in the URL it does not work -- https://<localhost>:6405/biprws or https://<localhost>/biprws

Thanks!


0

As you mentioned in comment HTTPS is enabled for WACS.

Please navigate to CMC->Servers->Core Servers List-> WebApplication Container Server right click and go to Properties and check port number for https for WACS .

Then update CMC->Applications->RestFul web services to https://<wacs_installed_machine_ip>:<https_port>/biprws

Please check REST URL from out side of BOE installed machine.

Please share the status.

-

Bharath

0

Hi Bharath,

I have 7443 port set in the WACS server. Per your suggestion I tried setting the port number along with IP in the Restful WS URL. Then tested the URL https://<wacs_installed_machine_ip>:<https_port>/biprws and it worked!! So I tried the BILaunchpad and and I was able to login. The link was not secure though as I generated the keystore file to enable https, which is ok. I asked my workers to try and they still get the same error. I tried again with my ID on different machines and I get the error too. We tried on IE and Chrome, cleared cache multiple times and tried and still the same error. I just don't understand whats going on!! On my machine where it works I cleared cache and tried and it works. I am stumped!!

Thanks, Roopa

0

I have an update. I noticed that on the machines where its not working if I first try the URL that is in the WACS server (https://<wacs_installed_machine_ip>:<https_port>/biprws) I get a warning message that this is not a secure site and I click on Advanced and click on Proceed anyway. After this step I can then login to the BILaunchad with no issues. I had my co-workes try the same and it works for them. Seems like the issue is with the certificate?

0

you have to import/trust your self signed certificates for this to work.

p.s.
why would you put tomcat into DMZ ?????

0

Denis,

This is our external environment and that's why Tomcat is in DMZ. I guess cert is not an issue as it is self signed. I just need to have my network team generate an authorized cert.

Had a call with SAP support, they told me that I need to have our Load Balance accept process calls from port 7443 as this is the port that is configured in the WACS. So I updated the port to 8443 in the WACS which is already configured on load balance URL. I tried BILaunchpad again and it still does not work. They also had me add BOE WACS (via edit common services) to WACS server. However, the issue is still that the BILaunchpad works only if I try this link first https://<WACS_IP>:7443/BOE/BILaunchpad and then the LB url BILaunchpad works. This is not making any sense to me. :(

Thanks!

0

by placing tomcat in the DMZ you actually weaken your security.
Now your DMZ has a bunch of holes in it because you have to open very many ports from tomcat to BOE backend.
Reverse proxy, LB, or web server should be in the DMZ and redirect calls to tomcats, which should be in the network.
This way DMZ has only 2 ports open - one in, one out.

on the other stuff - let the SAP support work it out. Test all this without SSL/HTTPS first. Once basics work, then secure it.

0

Tomcat is our Web server.

Anyway, we are trying to accomplish similar to these: https://archive.sap.com/discussions/message/15657987#15657987

https://blogs.sap.com/2015/04/01/wacs-load-balancing-for-restful-web-services/

We may need to just deploy Restful WS on web server, not sure!!

0

If your Tomcat is hosting BOE apps - its not a web server and you need to open lots of ports from it to BOE.
You also can't deploy restful to web server, its WACS only at this point. Maybe in the next SP it'll be deployable to tomcat (Maybe. Not sure. Subject to change. its just rumors).

0

Yea its out Web App server. We have /webapps deployed on the Tomcat server. In this case I still cannot deploy restful to our webapp server?

0

right now restful can only be on WACS.

0

I upgraded to 42 SP5 and I configured the restful URL to use tomcat host and port but now I am not able to access any reports. I get "Not Found (RWS 00005)" error.

Is there any documentation specifically around this?

Thanks!

0

1. you should start a new tread on this.
2. the transition should be seamless. please provide more details - which reports, where and how exactly the error occurs, what changes in CMC exactly you did, etc...

1

Okay Thank You.

0
Yoav Yahav Dec 24, 2017 at 10:52 AM
0

Thanks for this great article

Did anyone mange to configure Fiorified to open Web Intelligence report in reading mode instead of the HTML viewer ?

Did anyone mange to create a tile which shows a chart/table ?

Does the How to Use the Read and Query Work-list in SAP BusinessObjects BI - is supported in Fiorified 4.2 SP4 ? if so thorough which tool?

BR

Yoav Y.

Share
10 |10000 characters needed characters left characters exceeded