Solved: Microsoft Windows AD authentication thru Kerberos ...

Former Member · ‎07-05-2017

Hello

In order to connect users to the BI platform (BI launchpad or Central Management Console), we have implemented Microsoft Windows AD authentication thru Kerberos Protocol.

Our IS Security entity requests us more accuracy regarding the working of this authentication.

They would like to know what are the authentication credentials sent to Windows during the validation of the user's login?

Are they credentials of the user or credentials of the global service account.

Thank you for your help

BasicTek · ‎07-05-2017

While many customers thing AD SSO is a function of BI it is in fact not. To achieve kerberos SSO you must setup everything in Microsoft (service account, delegation, SPN's even browser, etc) Once Microsoft SSO is setup then a successful authenticated Microsoft users that is mapped into BI can access BI. So this question is better directed at your Microsoft admin.

https://msdn.microsoft.com/en-us/library/bb742516.aspx

Here is a Microsoft article on how kerberos works, depending on your configuration, the exactly how could vary. Essentially a negotiation occurs at the browser and the user (not service account) is authenticated. The service account does play a role in delegating the user to various resources like the BI server.

regards,

Tim

Microsoft Windows AD authentication thru Kerberos Protocol

Accepted Solutions (1)

Accepted Solutions (1)

Answers (0)

Re: How to configure SAP system in Eclipse ?

Re: BTP CI/CD Error while UPLOAD set

Re: LLM, RAG and Cloud Foundry: No space left on d...

Re: CF Deployment Error: Error getting tenant t0

Re: Refresh not working in CL_SALV_TABLE