SAP Knowledge Base Article - Preview

1631734 - How To Setup Windows Active Directory plugin and SSO for BI4.x - Best Practices

Symptom

  • ***IMPORTANT UPDATE***
  • We have a BRAND NEW 4.2 SSO guide in KBA 2629070 which should be backward compatible to all version of 4.2 and 4.1
  • If you have SSO users on windows 10 using IE 11 or Chrome and do not want to modify the registry to enable SSO then KBA 2629070 should be used
  • If your AD environment uses AES by default then use KBA 2629070 configuration can use AES out of the box
  • If your environment will be using SSL on the web/app KBA 2629070 configuration uses SSL (HTTPS) out of the box as well
  • All the latest configuration options, all the latest security settings, constrained delegation,  commands to avoid duplicate SPN's, easier to implement web/app settings for non tomcat deployments, etc are in KBA 2629070
  • If you are using server Windows AD 2003 (no longer on the PAM for 4.1 and 4.2) or BI 4.0 (out of support as well) then this guide is still the best option, most of the above settings can be implemented but are contained separately in other guides in the reference section below
  • How to configure BI4 for manual Active Directory (AD) logon
  • How to configure BI4 for AD Single Sign-on (SSO)
  • Attempting to automatically logon and receiving a logon page
  • SSO fails with various errors such as (but not limited to) the ones listed below...
  • If bypassing SSO by using HTTP://<WebApplicationServer>:port/BOE/BI/logonNoSso.jsp there is no error and manual logon can be used

NOTE: when using the attached document, pay special attention to section 8 which has relevant best practice information for both Manual AD and SSO setup


Read more...

Environment

  • SAP BusinessObjects Business Intelligence 4.x Doc was created for 4.0 but compatible with 4.1 4.2 all support packages and patches 
  • Active Directory 2008 2012 potentially newer versions

Product

SAP BusinessObjects Business Intelligence platform 4.0 ; SAP BusinessObjects Business Intelligence platform 4.1

Keywords

how to configure directions documentation documents steps to follow vintela ventila vintella ventela set up setup vintela config configuration configuring AD Active Directory single sign on sign-on slient automatic opendocument intermittent error fail trouble troubleshoot shoot test java tomcat websphere weblogic oracle application server netweaver JDK java SDK development kit XI4 XI 4.0  XI 4.1 XI41 XIR4 XI 4.x BI4.0 BI zie MNHWW mkba htkba biauth Account Information Not Recognized: Active Directory Authentication failed to log you on. Please contact your system administrator to make sure that you are a member of a valid mapped group and try again. If you are not a member of the default domain, enter your user name as UserName@DNS_DomainName, and then try again. (FWM 00006) HTTP 500 error or page cannot be displayed HTTP 404 error HTTP 400 bad request or bad tag jcsi.kerberos: Could not decrypt service ticket with Key type ##, KVNO ##, Principal "HTTP/XXX.YYY.ZZZ" using key:Principal username@REALM.COM

, KBA , master kba , bi ad sso , BI-BIP-AUT , Authentication, ActiveDirectory, LDAP, SSO, Vintela , How To

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP ONE Support launchpad (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.