cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

How do you setup SSO against SAP BW in a clustered SAP BO BI 4.x environment?

Go to solution
Verakso
Participant

on ‎08-28-2017 12:29 PM

0 Kudos

Hi

I must admit, that I have been using this guide How to setup SSO against SAP BW with SAP BO BI4.0 Common Semantic Layer (UNX) or BICS, when it comes to the SSO integration, but it does not tell what to do when you are running SAP BO BI in a cluster.

I have two CMS nodes (and two Tomcat and one Apache reverse proxy), BIT001 and BIT002.

Now, I can make two certificates, one on each server, and import them into SAP BW using STRUSTSSO2, but!

Which of the certificates do I import on the SAP BO BI platform?

Since it is running as a cluster, I connect to the cluster @BIT and not the individual node, so I cannot import two certificates on the BI platform.

So what is best practice in these situations where you have multiple servers in a cluster?

Is it to create a round robin DNS entry for my servers like:

BIT A 10.10.10.100
BIT A 10.10.10.101
(Assuming that is the IP address of the BIT001 and BIT002 servers)

Or is there another approach?

Any feedback is kindly appreciated

Regards
/Thomas

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

BasicTek
Advisor
Advisor
‎08-28-2017 12:47 PM
0 Kudos

Only 1 certificate can only be added to the CMS in a clustered environment (which is used by all members of the cluster), once added you are done there is no need to create a different cert. If you have created 2 it would be good top remove everything you have and reconfigure with just 1 follow https://apps.support.sap.com/sap/support/knowledge/preview/en/1670073

Regards,

Tim

Show replies
Show replies
Verakso
Participant
‎08-28-2017 1:05 PM
0 Kudos

But this is what I do not get either from the linked note

When you create the cert.der you specify the hostname in the CN parameter.

When you have two (or more hosts) do you only chose the first, eg CN=BIT001?

And in that case, how does this work on the BW side, if the firs node BIT001 is down, can it then resolve to BIT002 even though it is not specified in the cert.der file?

I am having a hard time understanding how the Security Token Service actually does work, because, in my mind if BIT001 is used and not responding, how do the STS then knows to establish the connection to BIT002?

BasicTek
Advisor
Advisor
‎08-28-2017 1:09 PM
0 Kudos

you can call it anything, use the environment name not server.

On BW you connect to a message server for load balancing or failover, BI does not provide BW failover

Answers (0)

Ask a Question