cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

BusinessObjects Single Sign On issues( Windows AD)

Former Member

on ‎05-17-2012 11:40 AM

0 Kudos

Hi friends,

As we have BOXI3.1 SP2 integrated with Windows Active directory for single sign on.

As our client changed password at Windows AD level but it is not updated in BusinessObjects.When they are trying to login not happening .

Could you please share your experience in solving this issue.

Activities done

 

1) I refered the admin document it shows only initial configuration details but not the process related  to password change  .....like if there is any change in password at windows AD side. what the action has to be taken at BO side

2) I refer the configuration details in CMC level 'Athentication' option I found '' SYNCRONYZATION OF CREDENTIALS'' it was enabled it shows it will update the users datsource credentials & synchronise the current credentials at logon time .

Hence my doubt is do we have to make any work around at BO side or do i suggest the client its a problem of Windows AD side

Please suggest

Thanks & Regards

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (1)

Answers (1)

Former Member
‎05-17-2012 2:18 PM
0 Kudos

Hello Mohammed,

Are you using SSO to the Database as well?

Synchronization of credentials is not used for SSO to Infoview.

Was the service account's (i.e., the account running BO services) password changed?

If that is the case then there are two places where this should be updated:

1.)Stop SIA>Right click and go to properties and update the password for the account.

Note: At this point AD logins to thick clients and CMC  should start working.

2.)For SSO to work you will either need a keytab or the following switch in the Web application server JVM options: -Dcom.wedgetail.idm.sso.password= <your service account password>

If you are using the former you will have to create keytab again and for the latter, modify it to contain the new password.

Also what happens when you hit update in the windows AD page: CMC>Authentication>Windows AD

Does that update fine or throw an error. If it throws an error stating administrator's credentials couldn't be verified you will have to make sure the AD administrator's credentials are corrected as well.

Cheers,

Vikram.V

Show replies
Show replies
Former Member
‎05-18-2012 5:20 AM
0 Kudos

Thanks vikram

Thanks for your valuable input,

one thing I couldn't understand is

For SSO to work you will either need a keytab ?

what this Keytab allabout ?and regarding web app server we are using TOMCAT.

Thanks in advance

Regards

Fasi

former_member719672
Participant
‎05-18-2012 3:05 PM
0 Kudos

Hi Mohammed,

We use keytab to Encrypt service account password. If you using keytab than you can see below lines in your web.xml file for InfoViewApp:

 

<init-param>

<param-name>idm.keytab</param-name>

<param-value>c:\winnt\vinsso.keytab</param-value>

</init-param>

You need to re-generate the the keytab file and place in the appropriate location as mentioned in your web.xml file with the new password.

And if you not using the keytab file than as said by Vikram, you have to update your password under Java option for your Tomcat.

-Dcom.wedgetail.idm.sso.password= <your service account password>

Hope it will help you.

Regards,

Deepak

Former Member
‎05-21-2012 2:20 PM
0 Kudos

Hi Deepak,

Do I get it right that in the string

-Dcom.wedgetail.idm.sso.password= <your service account password>

in the Tomcat java options the password is typed after the = sign? a lot of documentation doesn't say that you should replace the word password with your own password although it might seem obvious:

-Dcom.wedgetail.idm.sso.password=password

Regards,

Carlos


Former Member
‎05-21-2012 2:30 PM
0 Kudos

Yes Carlos, that is correct.

let's assume the password for the account being used for SSO is XYZ, then this is how the switch should look:

-Dcom.wedgetail.idm.sso.password=XYZ

Cheers,

Vikram.V

Ask a Question