Skip to Content
0
Former Member
Nov 29, 2009 at 08:39 PM

BO SSO XI 3.1 - SSO works but not manual AD

62 Views

We have followed Tim's guide and got the manual AD and SSO working for client tools and Infoview. We have Xcelsius dashboards and want to configure SSO for QaaWs also.

We followed note 1203218 and made changes to web.xml under dswsbobje.

Initially we had "Pre-autentication was invalid" error. We were not using keytab for infoview but instead had the password in Java options. Looks like keytab file is mandatory for QaaWs. We changed the bscLogin.conf

Before:

com.businessobjects.security.jgss.initiate {

com.sun.security.auth.module.Krb5LoginModule required debug=true;

};

Afer:

com.businessobjects.security.jgss.initiate {

com.sun.security.auth.module.Krb5LoginModule required storeKey=true

useKeyTab=true keyTab="C:
WINNT
BOSSO.KEYTAB" principal="BOSSO/bobjuser.mycompany.com"

doNotPrompt=true debug=true;

};

Under Java options we left this option as is -Dcom.wedgetail.idm.sso.password=boepass.

Now we have the following problems:

1. Manual AD to CMC or Infoview is not working. Throwing "Account information not recognized: The Active Directory Authentication plugin could not authenticate at this time" error.

2. SSO to client tools and InfoView still works fine.

3. SSO to QaaWs tool still doesn't work. Manual AD to QaaWS doesn't work (worked before)

4. SSO for the dashbaord in InfoView works (this is our goal but without breaking others)

We did debugging:

1. We can see commit succeded in stdout under tomcat

2. kinit works with keytab

3. Packet tracing - BOE to AD: Looks ok. AS-REP with ticket info. BOE to client machine - responds with above AD plugin error.

Not sure where the problem is. We want to achieve manual ad to CMC, SSO to infoview and cleint tools including QaaWs, SSO to xcelsius dashbaords in Infoview.

Thanks