Skip to Content
avatar image
Former Member

Webi report through sso

Hi experts,

I have configured sso bobj 4.1 to sap BW followed by wiki scn. Seems when we tried

run report webi with option sso got error failed to connect to the olap source.I checked several scn discussion everthing i followed config as per given. seeking your advice.Thanks.

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

4 Answers

  • Mar 12 at 05:18 AM

    Hi,

    There are several reasons that may cause your BI and BW SSO not working.

    First of all, please confirm whether you are trying to configure STS or SNC.

    This troubleshooting KBA can be helpful for most of the cases. 1500150 - Troubleshooting SAP SSO issues from BI to BW, in XI 3.x and BI 4.x products

    If it still doesn't work after going through this KBA, please take screenshots of every steps to configure SSO and upload them here if possible.

    Regards,

    Ivan

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    Mar 12 at 07:48 AM

    Hi,

    Thanks your reply .i m configured STS and not touched any setting of snc. Note provide is reference for snc type.

    ##Step i followed

    E:\SAPBusinessObjects\SAP BusinessObjects Enterprise XI 4.0\win64_x64\sapjvm\bin>
    java -jar "E:\SAPBOBJ_BOR01\SAP BusinessObjects Enterprise XI 4.0\java\lib\PKCS12Tool.jar" -alias DEV –storepass password -dname CN=BOBJDEV

    E:\SAP BusinessObjects\SAP BusinessObjects Enterprise XI 4.0\win64_x64\sapjvm\bin>keytool -exportcert -keystore keystore.p12 -storetype pkcs12 -file cert.der -alias DEV

    login to BW sytem 000 client strusst02 import certificate

    add to acl input i followed :system: DEV ,Certificate owner:BOBJDEV

    https://wiki.scn.sap.com/wiki/display/BOBJ/Import+SAP+BO+BI4.0+certificate+into+SAP+BW

    -Cmc i enable sso service ,system id put DEV,keystore file upload previoulsy upload,password assign created during keystore..

    private key alias:DEV

    Add comment
    10|10000 characters needed characters exceeded

  • Mar 15 at 07:31 PM

    try tracing the APS with STS to get a better error https://apps.support.sap.com/sap/support/knowledge/preview/en/2578098

    and the issue could be with the BW config so https://apps.support.sap.com/sap/support/knowledge/preview/en/1976414 may be needed as well

    If you log it don't paste the whole log out here but you can post the error message that is better than the generic olap source failure

    -Tim

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    Mar 16 at 06:10 AM

    Hi Tim,

    I found in the APS log :

    getSAPAssertionTicket|APP01:5152:273913.691165:1|CuNBWUmlr0HYj6g5ucwLadk48f|||||||||com.businessobjects.pjs.services.sts.SAPTokenImpl||STS: got systemID DEV |4C4B090BF9F741A589744352D899CA8Baebf13|2018 03 16 10:57:20.549|+0800|Information| |==| | |aps_APP01.APS| 5152|273913|Transport:Shared-394/34| |112|0|4|1|BIlaunchpad.WebApp|APP01:8328:89.1169:1|.doIt|PREPESOBO-APP01:5152:273904.691154:1|.getSAPAssertionTicket| QAAPP01:5152:273913.691165:1|CuNBWUmlr0HYj6g5ucwLadk48f|||||||||com.businessobjects.pjs.services.sts.SAPTokenImpl||STS: got private key and certificate for alias DEV getSAPAssertionTicket|APP01:5152:273913.691165:1|CuNBWUmlr0HYj6g5ucwLadk48f|||||||||com.businessobjects.pjs.services.sts.SAPTokenImpl||STS: found SAP user DEV~300/USER1 getSAPAssertionTicket|APP01:5152:273913.691165:1|CuNBWUmlr0HYj6g5ucwLadk48f|||||||||com.businessobjects.pjs.services.sts.ServiceHelper||STS: verified logon token for user DEV~300/USER1

    The above message showed sso working fine?.

    Thanks for your prompt reply.

    Add comment
    10|10000 characters needed characters exceeded

    • This only shows that BI found the SAP user fine and that there STS configuration in the SAP plugin was found. If you look at the tracing KBA the red highlights tell you some of the more important things to find. The next thing to look for was SecurityTokenService2Stub.getSAPAssertionTicket this will show a request and hopefully response from the APS to get a token

      Finally the Connection property shows the actual connection to BW. To note if you see SNC in the STS logs then encryption is enabled so there are some variances from my baseline. Turning off SNC can easily tell you if STS is working but the SNC encryption is failing.

      Then if we receive any errors from BW they will hopefully show up in the log, some examples were shows at the end of possibly failures. If you see BI is sending the token properly then the foxus needs to be shifted to the BW site and the dev_ logs. It usually means a setting in BW was not done properly https://apps.support.sap.com/sap/support/knowledge/preview/en/1976414

      -Tim