cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Win AD SSO not working in Win 10 desktops

Former Member

on ‎10-18-2017 6:25 PM

0 Kudos

Hello Everyone,

I have an issue in performing SSO to BO Launchpad using Win AD in Win 10 machines.It is because of the feature called "Windows Credential guard" which comes along with Win 10.If we disable credential guard, SSO is working fine in Win 10 machines.In case of Win 7 machines, SSO is working fine as expected.But my requirement is to Perform SSO with credential guard in Win 10 because it brings lot of security features.

Also I have performed the BO service account's delegation settings in the below scenarios.

1. Trust this user for delegation to any service(Kerberos only)

Win 7 -----SSO working fine.Win 10(With credential guard)---Not working.

Win 10(Without credential guard)--Working fine.

2. Trust this user for delegation to specified services only. ---Kerberos

Win 7 -----Not working.Win 10(With credential guard)---Not working.

Win 10(Without credential guard)--Not working.

I would be great helpful if you share your experiences in this kind of Win AD SSO issues with Win 10 desktops.

Thanks in advance,

Manhoj

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (3)

Answers (3)

Former Member
‎10-31-2017 10:34 PM
0 Kudos

Manhoj, Did you find a solution?

Show replies
Show replies
Former Member
‎11-01-2017 8:55 AM
0 Kudos

Hi Mahesh,

Still working with SAP.

SAP is trying to push it to Microsoft as it involves constrained delegation.

Regards,

DellSC
Active Contributor
‎10-19-2017 3:23 PM
0 Kudos

Which browser are you using? Is BI Launchpad set up as a Trusted Site?

You also may want to look at the following SAP Notes:

1379894-Configure IE for SSO

1767654-Configure Firefox for SSO

1887193-Configure Chrome for SSO

-Dell

Show replies
Show replies
former_member185603
Active Contributor
‎10-18-2017 6:49 PM
0 Kudos

Did you look at this KB article? SAP is saying in the KB ,that it is a Microsoft issue.


2485300 - Windows AD SSO does not work on Windows 10 version client machines

Show replies
Show replies
Former Member
‎10-19-2017 4:55 AM
0 Kudos

Hi Jawahar,

Thanks for your response.I have tried that, its basically suggesting to use constrained delegation & disabling credential guard.

Constrained delegation --- Not working in Win 7 & 10 machines.

Disabling credential guard--- We cannot go for this option as it involves many security features packaged with our company's security policy.

The next step is to configure constrained delegation working at-least in Win 7 machines, so that we can narrow down further to Win 10 with Microsoft.

Thanks,

Manhoj

BasicTek
Advisor
Advisor
‎10-19-2017 4:14 PM
0 Kudos

If you followed KBA 2182400 to setup constrained delegation and it failed then it was not setup properly. To note clients cache their previous kerberos tickets so when setting it up you must clear the cache (dos prompt klist purge) before attempting SSO (also mentioned in that KBA).

-Tim

rogerperkins
Explorer
‎02-09-2024 9:28 PM
0 Kudos
On the web/app server(s) you must add the line idm.allowS4U=true to your global.properties (which is CaSe sensitive) and restart the web/app
Ask a Question