Business Objects Ad Authentication Error
Contents |
Posted by Joshua Fletcher in Josh's BI Ravings on Jun 11, 2012 9:35:45 AM Please find below an SSO cheat sheet for BI4. I have used the latest KB note on AD SSO which is 1631734, written by Steve Fredell.Please note business objects active directory authentication that in this example below, I am assuming that Tomcat is being used
Business Objects Ldap Authentication
for the web application server, and it is by default installed on the same instance as the BusinessObjects BI4
Sap Business Objects Sso Configuration
application. In a distributed scenario, certain actions will take place on the Web App instance, and others on the BusinessObjects BI4 instance.Instead of just letting you walk through the process yourself, I
Sap Business Objects 4.1 Single Sign On
also wanted to give you a more visual guide. So below, please find a DSLayer special edition, video walkthrough of this guide: Firstly, let's define our server names and IPs (you must obviously adjust these and the commands below to reflect your server names and IPs:Domain Name: DOMAIN (FQDN: DOMAIN.INTERNAL)Service Account: biservice (password: Password1)Domain Controller: adserver.DOMAIN.INTERNALBusinessObjects Server: bi4server.DOMAIN.INTERNALBusinessObjects AD Group: DOMAIN\UserGroupStep 1Create an Active Directory business objects sso not working service account, biservice (pass: Password1). Ensure the user config has ‘Password never expires' option checked on.On the BusinessObjects server, add the DOMAIN/biservice user to the Local Administrators group. Also assign the biservice user the right ‘Act as part of Operating System' in the Local Security Policy snap-in.Step 2Run the following command on the Active Directory server to create appropriate Service Principal Names (SPNs):setspn -a BICMS/biservice.domain.internal biservicesetspn -a HTTP/bi4server biservicesetspn -a HTTP/bi4server.domain.internal biserviceVerify the SPNs have been created by running ‘setspn -l biservice'.Step 3Change the user config of ‘biservice' user in Active Directory configuration, and under the Delegation tab, turn on ‘Trust this user for delegation to any service (Kerberos only)'.Step 4Under the AD Authentication area in the Central Management Console, take the following actions:Enable Windows Active Directory (AD)AD Administration Name = DOMAIN\biserviceDefault AD Domain: DOMAIN.INTERNALAdd AD Group: DOMAIN\UserGroupUse Kerberos AuthenticationService principal name = BICMS/biservice.domain.internalEnable Single Sign On for selected authentication modeClick Save to save all your entries. Check under the Groups area to make sure your AD group has been added.Step 5Modify the Server Intelligence Agent (SIA) process on the BusinessObjects server to run as the DOMAIN\biservice user.Step 6Test this by logging in
BIManaging DataBI Intranets & ExtranetsPerformance ManagementProject ManagementTool SelectionUser AdoptionIndustry SolutionsInsuranceManufacturingSales and MarketingService PacksIn the News... Home/BI 4.0/Configuring IDT for Windows AD Authentication Configuring IDT for Windows AD Authentication Ryan Muldowney— May 1, 2014 —Leave a comment The Information Design Tool or IDT is the new universe authoring business objects 4.1 windows ad sso tool for SAP BusinessObjects BI 4. This tool allows you to create the sap note 1631734 new UNX format universes that are required by some of the new BusinessObjects tools. However, if you want to business objects active directory configuration do this using your Windows Active Directory login, there's an extra step involved before you can start with this tool. If you try to log in with your Windows AD account right http://scn.sap.com/blogs/josh_fletcher/2012/06/11/active-directory-sso-for-sap-businessobjects-bi4 after installing IDT, you're going to most likely get an error like "Unable to locate a login configuration" or "Could not load configuration file C:\Windows\krb5.ini (The system cannot find the file specified)". Users of past versions of the BusinessObjects client tools might be thrown by this -- Windows AD logins always worked out of the box before! The problem lies in the fact that IDT, as well http://alteksolutions.com/wp/index.php/2014/05/configuring-idt-for-windows-ad-authentication/ as a few of the other "new" tools from BusinessObjects, is written in Java. Because of this, IDT uses something called Kerberos to communicate with your Windows Active Directory domain controller. Kerberos needs to know some information about your domain in order to talk to it -- that's where the mysterious "krb5.ini" file comes in. Thankfully, if you can already log into BI Launchpad with your Windows account, these files will already exist on your BI server. Following the steps in SAP Note 1621106, copy the krb5.ini and bscLogin.conf files from your BI server to your local machine where the client tools are installed. The default path is C:\Windows, but the note explains how you can configure a different location. If you object to this extra setup and would rather not deal with copying files from your BI server, well SAP has a note for that too. As Note 1765515 explains, you're out of luck. Your best bet is to find a way to deal with this setup, because this will be the new normal for now! Web Intelligence Best Practices Guide We put together a Best Practices Guide for Web Intelligence Development that inc
Support Central Documentation × BMC Decision Support - Network Automation 8.5 Pages … Home https://docs.bmc.com/docs/display/bdsna85/Configuring+BusinessObjects+for+use+with+LDAP Installing Preparing for installation Setting up the installation environment Recently http://davidlai101.com/blog/2015/02/03/setting-up-sap-businessobjects-single-sign-on-based-on-winad-logins/ Viewed Pages Hint: type "g" and then "r" to quickly open this menu Space Global Register | Log in Tools Attachments (6) Page History Restrictions Page Information Resolved comments Link to this Page… View in Hierarchy business objects View Source View Scaffolding XML Export to HTML Export to PDF Export to Word Add Page Properties BMC Decision Support - Network Automation 8.5 Pages Blog Space Tools Search Collapse all Expand all Collapse all Setting up the installation environment 329149596 Configuring BusinessObjects for use with LDAP Skip to end of banner business objects active JIRA links Go to start of banner Skip to end of metadata Created by Dorothy Poole, last modified by Sulekha Gulati on Jan 15, 2015 Go to start of metadata This topic describes how to configure BusinessObjects Business Intelligence (BI) for use with Lightweight Directory Access Protocol (LDAP). In addition to using these instructions, review SAP documentation for information about configuring LDAP authentication. SAP BusinessObjects BI platform documentation describes how to access the SAP BusinessObjects Business Intelligence documentation. Before you begin Review the following prerequisites and gather the information that you need for this procedure. Review the information in Authentication and authorization. BusinessObjects BI must already be installed in your environment before you can set up LDAP. Determine the proper sequence for completing this procedure based on your authentication needs: If you are not going to use BusinessObjects BI Enterprise authentication in your environment, complete this procedure before installing BMC Decision Support – Netw