Skip to Content

Webi report through sso

Mar 11 at 03:11 PM


avatar image

Hi experts,

I have configured sso bobj 4.1 to sap BW followed by wiki scn. Seems when we tried

run report webi with option sso got error failed to connect to the olap source.I checked several scn discussion everthing i followed config as per given. seeking your advice.Thanks.

10 |10000 characters needed characters left characters exceeded
* Please Login or Register to Answer, Follow or Comment.

4 Answers

Ivan Yin
Mar 12 at 05:18 AM


There are several reasons that may cause your BI and BW SSO not working.

First of all, please confirm whether you are trying to configure STS or SNC.

This troubleshooting KBA can be helpful for most of the cases. 1500150 - Troubleshooting SAP SSO issues from BI to BW, in XI 3.x and BI 4.x products

If it still doesn't work after going through this KBA, please take screenshots of every steps to configure SSO and upload them here if possible.



10 |10000 characters needed characters left characters exceeded
Arul Ananthan Mar 12 at 07:48 AM


Thanks your reply .i m configured STS and not touched any setting of snc. Note provide is reference for snc type.

##Step i followed

E:\SAPBusinessObjects\SAP BusinessObjects Enterprise XI 4.0\win64_x64\sapjvm\bin>
java -jar "E:\SAPBOBJ_BOR01\SAP BusinessObjects Enterprise XI 4.0\java\lib\PKCS12Tool.jar" -alias DEV –storepass password -dname CN=BOBJDEV

E:\SAP BusinessObjects\SAP BusinessObjects Enterprise XI 4.0\win64_x64\sapjvm\bin>keytool -exportcert -keystore keystore.p12 -storetype pkcs12 -file cert.der -alias DEV

login to BW sytem 000 client strusst02 import certificate

add to acl input i followed :system: DEV ,Certificate owner:BOBJDEV

-Cmc i enable sso service ,system id put DEV,keystore file upload previoulsy upload,password assign created during keystore..

private key alias:DEV

Show 2 Share
10 |10000 characters needed characters left characters exceeded

what is the error message in OLAP connection?


failed to connect to the olap source

Tim Ziemba
6 days ago

try tracing the APS with STS to get a better error

and the issue could be with the BW config so may be needed as well

If you log it don't paste the whole log out here but you can post the error message that is better than the generic olap source failure


10 |10000 characters needed characters left characters exceeded
Arul Ananthan 6 days ago

Hi Tim,

I found in the APS log :

getSAPAssertionTicket|APP01:5152:273913.691165:1|CuNBWUmlr0HYj6g5ucwLadk48f|||||||||||STS: got systemID DEV |4C4B090BF9F741A589744352D899CA8Baebf13|2018 03 16 10:57:20.549|+0800|Information| |==| | |aps_APP01.APS| 5152|273913|Transport:Shared-394/34| |112|0|4|1|BIlaunchpad.WebApp|APP01:8328:89.1169:1|.doIt|PREPESOBO-APP01:5152:273904.691154:1|.getSAPAssertionTicket| QAAPP01:5152:273913.691165:1|CuNBWUmlr0HYj6g5ucwLadk48f|||||||||||STS: got private key and certificate for alias DEV getSAPAssertionTicket|APP01:5152:273913.691165:1|CuNBWUmlr0HYj6g5ucwLadk48f|||||||||||STS: found SAP user DEV~300/USER1 getSAPAssertionTicket|APP01:5152:273913.691165:1|CuNBWUmlr0HYj6g5ucwLadk48f|||||||||||STS: verified logon token for user DEV~300/USER1

The above message showed sso working fine?.

Thanks for your prompt reply.

Show 1 Share
10 |10000 characters needed characters left characters exceeded

This only shows that BI found the SAP user fine and that there STS configuration in the SAP plugin was found. If you look at the tracing KBA the red highlights tell you some of the more important things to find. The next thing to look for was SecurityTokenService2Stub.getSAPAssertionTicket this will show a request and hopefully response from the APS to get a token

Finally the Connection property shows the actual connection to BW. To note if you see SNC in the STS logs then encryption is enabled so there are some variances from my baseline. Turning off SNC can easily tell you if STS is working but the SNC encryption is failing.

Then if we receive any errors from BW they will hopefully show up in the log, some examples were shows at the end of possibly failures. If you see BI is sending the token properly then the foxus needs to be shifted to the BW site and the dev_ logs. It usually means a setting in BW was not done properly