Skip to Content
0
Former Member
Mar 19, 2009 at 04:29 PM

SharePoint 2007 PIK + BOE XI 3.1 (.NET - NTLM SSO vs Java - Kerberos SSO)

119 Views

I was able to successfully deploy a dev environment where the SharePoint 2007 PIK was setup for .NET InfoView and the web parts work correctly when connecting through .NET InfoView using NTLM SSO.

However, when trying to duplicate this in an environment where Java InfoView SSO w/ Kerberos/Vintela is working successfully stand-alone -- SharePoint 2007 with the PIK setup for Java InfoView has a problem passing the credentials to InfoView.

I get the following:

Unable to access the BusinessObjects Enterprise infrastructure at <servername> for user: . Contact your reporting administrator for assistance.

If I go to the web.config under the virtual directories web root for IIS and enable prompting for the password, I get the same message when entering the credentials manually - only because the parameter is filled in for user it displays the username in the error message as opposed to a blank space. Again -- InfoView on its own accepts SSO and Kerberos tickets pass without issue.

When checking the system32\logfiles I can see that the credentials are being read successfully.

1) When I enable trace logging in the web.config where does this go? I see the standard logs under C:\Program Files\Common Files\Microsoft Shared\web server extensions\12\LOGS - but no change to any error logging when trace is enabled.

2) Has anyone been able to successfully implement the SharePoint 2007 PIK for Java InfoView using Kerberos SSO ?

Below is an example of the key portion of my web.config on the SharePoint 2007 server:

<appSettings>
    <add key="FeedCacheTime" value="300" />
    <add key="FeedPageUrl" value="/_layouts/feed.aspx?" />
    <add key="FeedXsl1" value="/Style Library/Xsl Style Sheets/Rss.xsl" />
    <add key="ReportViewerMessages" value="Microsoft.SharePoint.Portal.Analytics.UI.ReportViewerMessages, Microsoft.SharePoint.Portal, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" />
    <!-- Authentication mode can be secWinAD, secWindowsNT, secEnterprise -->
    <add key="BusinessObjects Enterprise Authentication Mode" value="secWinAD" />
    <!-- Management server is the name of the server where the CMS resides -->
    <add key="BusinessObjects Central Management Server" value="BOSERVER" />
    <!-- Token expiry in minutes to limit re-authentication -->
    <add key="BusinessObjects Enterprise Token Timeout" value="600" />
    <!-- InfoObject ProgID Exclusion Types (any valid Enterprise Prog-Id comma separated) -->
    <add key="BusinessObjects Enterprise Object Exclusions" value="CrystalEnterprise.ObjectPackage,CrystalEnterprise.Program,CrystalEnterprise.AFDashboardPage" />
    <!-- Displaying problem tracking messages in web part pages -->
    <add key="BusinessObjects Enterprise Trace Enabled" value="False" />
    <!-- Whether to prompt the logon page for the user to input the username&password -->
    <add key="BusinessObjects Enterprise Credential Prompt" value="False" />
    <!-- Analytic viewer Url Object Types that use Analytic Viewer Url Key -->
    <add key="BusinessObjects Enterprise Analytic Viewer Object Types" value="CrystalEnterprise.Analytic" />
    <!-- Document viewer Url Object Types that use Document Viewer Url Key -->
    <add key="BusinessObjects Enterprise Document Viewer Object Types" value="CrystalEnterprise.Report,CrystalEnterprise.Analysis,CrystalEnterprise.MyInfoView,CrystalEnterprise.Webi,
CrystalEnterprise.Rtf,CrystalEnterprise.Txt,CrystalEnterprise.Pdf,CrystalEnterprise.Excel,CrystalEnterprise.Powerpoint,
CrystalEnterprise.Word,
CrystalEnterprise.FullClient,CrystalEnterprise.AFDashboardPage" />
    <!-- Analytic viewer Url %id%, %type%, %lang% and %token% are substitution variables -->
    <add key="BusinessObjects Enterprise Analytic Viewer Url" value="http://boserver:8080//PerformanceManagement/jsp/openAnalytic.jsp?sType=%type%&amp;DocumentId=%id%&amp;token=%token%&amp;lang=%lang%&amp;RepositoryType=C" />
    <!-- Document viewer Url %id%, %type%, %lang% and %token% are substitution variables -->
    <add key="BusinessObjects Enterprise Document Viewer Url" value="http://boserver:8080//OpenDocument/opendoc/openDocument.jsp?sKind=%type%&amp;sIDType=CUID&amp;iDocID=%id%&amp;token=%token%&amp;lang=%lang%" />
  </appSettings>

I also verified in the SharePoint Administration portal that in the authorization security section that Windows+Kerberos authentication is enabled. I have also tried adding ":6400" at the end of server name, however that shouldn't matter since NTLM works fine without that portion in my other dev environment.