SAP Knowledge Base Article - Preview

1323391 - What are the Microsoft requirements to perform kerberos SSO in multiple AD forests environments with BI

Symptom

  • What are the current Best Practices for multiple forest active directory integration
  • I have 2 or more Active Directory Forests and need to configure them for kerberos single sign-on ( spnego )
  • I can't map groups from 1 or more active directory domains or forests
  • I map in groups but users do not appear
  • Users from 1 or more forests or cannot logon via SSO (vintela)
  • Important to note: many, are not aware their "other domain" is in another AD forest so the term users in a domain cannot logon, map in, etc
  • A good way to tell if another domain is in another forest (typical multiple domains = domain1.xyz.local & domain2.xyz.local) typical multiple forest (domain1.xyz.local domain2.abc.extranet) the root domain is usually different although in some rare circumstances the root domain is the same, and only a tool such a Microsoft Domains and Trusts will reveal the forest relationship

Read more...

Environment

  • SAP Business Objects Enterprise XI 3.1
  • SAP BusinessObjects Business Intelligence Platform 4.0 4.1 4.2 4.x all SP's all patches
  • Microsoft Windows 2008 and above

Product

SAP BusinessObjects Business Intelligence platform 4.0 ; SAP BusinessObjects Business Intelligence platform 4.1 ; SAP BusinessObjects Enterprise XI 3.1

Keywords

multiple forest issues multi domains zie biauth htkba mkba sign on silent tomcat java XIR4 XIR3 XI 3.x login log in , KBA , bpkba , htkba , biauth , BI-BIP-AUT , Authentication, ActiveDirectory, LDAP, SSO, Vintela , How To

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP ONE Support launchpad (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.