cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

BI4 Web Application Server with Vintela SSO on Tomcat7

Go to solution
lieven_debock
Explorer

on ‎02-22-2013 10:52 AM

0 Kudos

Hi Folks,

I'm trying to use Tomcat7 as Web Application Server for BI4 SP5.

Steps so far

=> Deployment under Tomcat6 (Tomcat 6.0.36): OK. => Look for Sapnote on "External Tomcat 6 BI4 x64 for hints how to do that".

=> Configuration of SSO using Vintela on Tomcat6: OK => Sapnote 1001783 is very helpfull here.

=> Side-By-Side Installation of Tomcat7 (Tomcat 7.0.37) + WDeploy: OK => Sapnote 1768835 helps for the correct Java Options.

=> Vintela SSO configuration using Sapnote 1001783. Alas: Option to log on with secWinAD works fine.

          Pass-Through Autentication no longer works.

Entry in stdout =>

com.businessobjects.webpath.rebean3ws.Activator
Debug is  true storeKey false useTicketCache false useKeyTab false doNotPrompt false ticketCache is null isInitiator true KeyTab is null refreshKrb5Config is false principal is null tryFirstPass is false useFirstPass is false storePass is false clearPass is false
  [Krb5LoginModule] user entered username: ldebock@MY_DOMAIN.LOCAL

Acquire TGT using AS Exchange
principal is ldebock@MY_DOMAIN.LOCAL
EncryptionKey: keyType=23 keyBytes (hex dump)=0000: 8D 29 B7 2E BE 99 C3 7A   D7 DA 96 C2 EB 85 35 CB  .).....z......5.

Commit Succeeded

No relavant entry in stErr.

Any Clues anyone ?

    

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

lieven_debock
Explorer
‎02-04-2014 8:27 AM
0 Kudos

Ok, exactly one year further on the road..

Last year, I reverted back to Tomcat6, since there SSO on AD worked fine in that constellation.

This year, I'm facing an upgrade to BI 4.1 SP2 (or higher).

Guess what,... BI4.1 comes with Tomcat7 !!

So, I really needed to cope with Tomcat7 and Vintela SSO.

The good news is, .. I got it operational..

The bad news, I tried several things untill success.

But failed to identify what really did the trick.

The In's...

It's a distributed environment: BI Server on one machine, the WAS on another (virtual) machine.

On the BI Server, Tomcat6/Sun Java 1.6 is operational with SSO (Vintela) on Active Directory Operational.

On the other WAS I deployed Tomcat7(.0.50) on (Sun/Oracle) Java 1.7(.51)

Went through note 1631734, but ended without a working solution.

What did I miss from note 1631734: The right 'Act As Part of the operating system' lacked.

All the rest was available. Watch out with the krb5.ini file... In the PDF 'spaces' were stripped. This caused KINIT to malfunction. Adding the spaces fixed that.

Google for" Java7 JAAS and Kerberod Single Sign-On on Active Directory.."

=> Added DWORD value 'AllowTgtSessionKey'

Added Apache Native Library to the Tomcat Environment

Also Helpfull: Add -Dsun.security.krb5.debug=true to the Tomcat Java Startup Parameter.. Since Vintela Logging doesn't report anything...

So,

     If you go for Tomcat 7 On Java 1.7, In a distributed environment, Note 1631734 will get you an end on the road. But you'll be lucky to reach the finish (In my humble opinion)

Best,

Lieven

Show replies
Show replies

Answers (2)

Answers (2)

Former Member
‎02-23-2013 8:16 AM
0 Kudos

Hi Lieven,

Follow the steps as stated in the SAP note # 1631734 - Configuring Active Directory Manual Authentication and SSO for BI4.

If the manual authentication works fine, please let us know if it also works for the web applications like the BI Launchpad apart from the client tools.

The message in the log file shows that a Windows AD login using manual authentication is successful for the user 'ldebock' from the domain 'MY_DOMAIN.LOCAL'.  There is no information on the SSO part. If you see something like "credentials obtained" in the tomcat log file then its evident that the vintela filter is loading successfully.

If SSO isn't working for BI Launchpad, then the BILaunchpad.properties file must be checked and the tomcat java options must contain the appropriate parameter for enabling SSO as given in the attachment doc in the note above. Along with these we need the client(or)http spns created.

Once you have followed the steps as depicted in the note and find that the SSO doesn't work for BI Launchpad, do share us the BILaunchpad.properties file and the tomcat logs.

Sincerely,

Shafi

Show replies
Show replies
denis_konovalov
Active Contributor
‎02-22-2013 12:48 PM
0 Kudos

what JVM version are you using with Tomcat7 ?

Show replies
Show replies
Ask a Question