Skip to Content

BO 4.2 - Win AD login with multiple domains only possible with user@DOMAIN.COM?

Hello,

I am implementing Windows AD Single Sign On on a Business Objects Server 4.2 SP5. The Windows Domain Server contains 4 domains:

Domain1.com -> contains the BI Service users

Domain2, 3 and 4.com contains the endusers

We followed the instructions very carefully and finally I am able to login with the BI Service Users of the default domain (Domain1.com) on the BI Launchpad and CMC.

When i want to login with my user (which is stored in Domain2.com) I am not able to do this without adding username@DOMAIN1.COM (capital letters! case sensitive!).

Is there any other way to change this behaviour? Endusers shouldn´t know which domain they are in and also the case sensitive is weird.

Was reading all notes regarding 2-way forest trust and so on but didn´t find any solution for this one here.

Help would be much appreciated.

Thanks,

Mario

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

3 Answers

  • Best Answer
    avatar image
    Former Member
    Jan 30 at 08:41 PM

    Hi Mario,

    For any other domain/forest than the default one you have to login to BI applications (CMC, Launchpad, etc) as user@DOMAIN.COM (Domain should always be in caps) and for client tools (UDT, webi rich client, CR, etc) you have to use "DOMAIN\user".
    This is a by design behavior (KBA-1476374). If the users don't know their domain names you can implement SSO (KBA-1631734) and it automatically logs them in (no need to type username and password).


    Regards,

    Nilesh Gawande

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    Jan 31 at 12:48 PM

    Glad to hear that. SSO for windows AD does work for multiple domains/forests. It is just that you should have 2-way trust between those forests.

    Regards,

    Nilesh

    Add comment
    10|10000 characters needed characters exceeded

  • Jan 31 at 07:53 AM

    Hi Nilesh,

    thanks for your reply. Finally I was able to solve this by implementing Silent Single Sign On and this is working perfectly.

    I was not sure about if Silent SSO should work also with Multi Domain but finally it does! I missed a configuration file and that´s why it didn´t work in the very beginning (i missed a "=" in the global.properties file).

    Thanks for your help!

    Add comment
    10|10000 characters needed characters exceeded