Skip to Content
0
Former Member
Apr 30, 2010 at 09:31 AM

Dual SSO and BW for BOBJ

82 Views

Hi,

A BOBJ XI 3.1 system have been setup using Microsoft-AD authentication

and SSO using Kerberos. In the backend, it is linked to a BW 7.01 system(BW1) where SNC is enabled.This allows for SSO using Microsoft Active

Directory into BOBJ InfoView for User Group A.

We have a SAP CRM project coming in to implement BOBJ reporting on a

separate BW 7.01 system (BW2). Users will be logging into BOBJ InfoView

using a link from SAP Portal, and customization will be performed in SAPCRM to use the standard OpenDocument function to call on reports in BOBJ.

This setup will require Portal to use another LDAP directory as the UME

and implement SAPLogon tickets to achieve SSO for User Group B.

Can BOBJ Enterprise XI 3.1 support 2 SSO authentication mechanisms at the

same time, with 2 separate BW installations? (seamlessly, without the

user having to choose the authentication mechanism or system).

In addition, we have the following queries:

1) Parameters in web.xml files are required to change to use SAPLogon

tickets. eg: authentication.default & opendoc.authentication.default =

secSAPR3. Will this conflict with the Kerberos settings as the defaults

are now changed to SAPLogon tickets?

2) With 2 backend BW systems, will the SSO mechanism identify the correct

BW user ID to use in the respective universes? (Universe Designer ->

Connection Parameters -> "Use SSO when refreshing reports at view time").

3) In BOBJ Enterprise CMC, there is an authentication option for

"default" system. How will this setting affect which BW system is used to

authenticate? Can BOBJ know that the Kerberos token is for BW1 and

SAPLogon ticket is for BW2 and identify the respective system correctly?Do note that there might be overlaps between users in User Group A and Bie. a user can exist in both user groups.

Regards,

Medy