Solved: Infoview AD SSO TO SAP SSO integration

Hi experts,

I need some advice on integration SAP SSO and AD SSO.

I have setup SAP SSO and AD SSO seperately. I need to go through infoview with AD SSO and open a Xcelsius dashboard directly. The dashboard is populated with data from SAP BW hence the SAP SSO.

How do i couple this AD SSO with SAP SSO so that i through a link to a dasboard opens the dashboard without getting the login screen and at the same time get the access to SAP BW data?

My server is windows 2003 SP2, BOBJ 3.1 XI SP2 FP2.9

Any help og clues is much appreciated.

Thanks in advance.

Rgds,

SAP Managed Tags:
SAP BusinessObjects Business Intelligence platform

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Accepted Solutions (1)

Hi,

this will require what is called server side trust and user mapping leveraging SNC.

Ingo

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Thank you Ingo,

Do you have a procedure that describes step by step how i do this setup? or maybe a technote?

Thanks

Rgds,

Kim

Hi Again,

Do i need to do it the client side SNC way or the server sie SNC way? that confuses me a bit.

Thanks in advance

Rgds

Kim

Hi,

client side vs server side depends on the workflow you are trying to realize.

Client Side SNC - and lets be specific - THICK Client - for example logon into Crystal Reports DEsigner with Windows AD / SAP and still get SSO - that is where client side SNC can help (just one example)

Server Side SNC can help when we are talking about web based authentication.

and yes - server side trust is in the product documentation.

ingo

Hi,

I am trying to access infoview and open an xcelsius dashboard that sources to SAP BW! that means that when users login in to their computer using their daily day AD Login they can open a link to infoview/dashboard directly, so is that client side SNC or Server side SNC?

Rgds,

Kim Laursen

hi Kim,

when you say "when users login in to their computer using their daily day AD Login they can open a link" so that means that you would like that the browser is leveraging the AD credentials that the user used to logon to the actual computer ?

If so for sure you will need client side SNC where you combine Windows AD with SAP credentials and more important you need software on each client system.

regards

Ingo

Hi Ingo,

Thank you!

What software do i need on the client system? As is i have a server and the clients around are supposed to open the link to infoview/dashboard directly, so the client dont have anything installed as is now!

Rgds,

Kim

Hi,

SNC is an interface and you can see a list of certified solutions in the EcoHub.

There is software from several companies like Secude, RSA, TFS, ...

Ingo


Hi,
> 
> SNC is an interface and you can see a list of certified solutions in the EcoHub.
> 
> There is software from several companies like Secude, RSA, TFS, ...

Actually, Secude is not on EcoHub anymore, since they were acquired by SAP and their SNC library is not using Kerberos, so won't do what is described in this thread. I suggest you look at http://ecohub.sdn.sap.com/irj/ecohub/solutions/trustbrokersecureclient product to solve this problem.

Edited by: Tim Alsop on May 21, 2011 8:30 AM

Hi,

SECUDE as company wasn't acquired. "assets" were acquired.

http://www.sap.com/corporate-en/press/newsroom/press.epx?pressid=14606

SECUDE does very well have solutions that more than capable of solving the above problem - and others as well ...

Ingo

If you are using AD sso with infoview (vintela or IIS) then you can still use the server trust with secude libraries, KB 1500150 has all the links and troubleshooting steps. If you need help with AD SSo to infoview all KB's can be found from [here|http://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/com.sap.km.cm.docs/oss_notes_boj/sdn_oss_boj_bi/sap(bD1lbiZjPTAwMQ==)/bc/bsp/spn/scn_bosap/notes%7B6163636573733d36393736354636443646363436353344333933393338323636393736354637333631373036453646373436353733354636453735364436323635373233443330333033303331333433373336333333373334%7D.do]

Regards,

Tim


If you are using AD sso with infoview (vintela or IIS) then you can still use the server trust with secude libraries, KB 1500150 has all the links and troubleshooting steps. If you need help with AD SSo to infoview all KB's can be found from [here|http://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/com.sap.km.cm.docs/oss_notes_boj/sdn_oss_boj_bi/sap(bD1lbiZjPTAwMQ==)/bc/bsp/spn/scn_bosap/notes%7B6163636573733d36393736354636443646363436353344333933393338323636393736354637333631373036453646373436353733354636453735364436323635373233443330333033303331333433373336333333373334%7D.do]
> 
> 
> Regards,
> 
> 
> Tim

If (as I believe is the case here) the SAP BI system has an SNC/Kerberos library installed, and being used for SAP GUI SSO with SNC, then the connection between BOBJ and BI cannot be done using the Secude SNC library. This is because the SAP BI system can only use one SNC library at a time, so cannot support authentication requests form SAP GUI using SNC/Kerberos and from BOBJ using SNC/x.509.

Thanks,

TIm

hi Tim,

your point is correct that the SAP Server can only handle on SNC library and in the case where the customer is looking for an actual CLIENT SIDE SNC (= SAP GUI = THICK CLIENT) then the library mentioned before wouldn't work but as mentioned before there are several vendors out there - including SECUDE - which have solutions for thick client / thin client or the combination of both.

regards

Ingo Hilgefort

If (as I believe is the case here) the SAP BI system has an SNC/Kerberos library installed, and being used for SAP GUI SSO with SNC

I didn't see the customer reference this, only that they login to their workstations with AD. I was going by the assumption that they didn't mention what type of SNC was inplemented or hadn't decided on one yet.

Regards,

Tim

Hi,

I have now enabled server side trust and the user AD to SAP BW user mapping.

I have following various kinds of documention herunder below to links.

/people/ingo.hilgefort/blog/2009/07/03/businessobjects-enterprise-and-client-side-snc-part-1-of-2

/people/ingo.hilgefort/blog/2009/07/03/businessobjects-enterprise-and-client-side-snc-part-2-of-2

I the last bit where i need to put in the SNC Account Name under tab entitlement systems i gives me an error when trying to start a dashboard from infoview. "Cannot access external data - session is closed"

If i dont fill out the SNC Account Name field it gives me the following error:

"Unable to connect to SAP BW server incomplete logon data.."

The busines objects server has been installed with SAP Cryptographics software, certificates on both sides. Env. variables has been set so the users automatically maps to eachother.

Do you have any suggestion what could be wrong? am i missing something?

Further, when i press the link to infoview it does not automatically transfer me to infoview it leads me the login screen, why is that? my intention was to go directly to infoview without login.

Thanks.

Rgds,

Kim

Hi Kim,

not sure which documentation you are reading but assuming we are talking about Server Side Trust configuration then this configuration does NOT include a SNC user on the Entitlement page.

Server Side trust is explained and documented as part of the installation guide for the SAP Integration Kit

regards

Ingo

Since you said you are using sapcrypto, you can use KB 1500150 to troubleshoot the configuration and open a case with the authentication if you cannot figure it out when verifying the steps.

Regards,

Tim

Answers (0)

Ask a Question

Top Q&A Solution Author

User

Count

Infoview AD SSO TO SAP SSO integration

Accepted Solutions (1)

Accepted Solutions (1)

Answers (0)

Vendor Invoice Screen 'Payment' tab screen field '...

I have data like Date, Net, Gross. I want to deriv...

Re: Re Generate Co files and data files

Re: error during install SAP S/4HANA Server 2022

Re: BODS Job Stored Procedure