on 05-17-2012 11:40 AM
Hi friends,
As we have BOXI3.1 SP2 integrated with Windows Active directory for single sign on.
As our client changed password at Windows AD level but it is not updated in BusinessObjects.When they are trying to login not happening .
Could you please share your experience in solving this issue.
Activities done
1) I refered the admin document it shows only initial configuration details but not the process related to password change .....like if there is any change in password at windows AD side. what the action has to be taken at BO side
2) I refer the configuration details in CMC level 'Athentication' option I found '' SYNCRONYZATION OF CREDENTIALS'' it was enabled it shows it will update the users datsource credentials & synchronise the current credentials at logon time .
Hence my doubt is do we have to make any work around at BO side or do i suggest the client its a problem of Windows AD side
Please suggest
Thanks & Regards
Hello Mohammed,
Are you using SSO to the Database as well?
Synchronization of credentials is not used for SSO to Infoview.
Was the service account's (i.e., the account running BO services) password changed?
If that is the case then there are two places where this should be updated:
1.)Stop SIA>Right click and go to properties and update the password for the account.
Note: At this point AD logins to thick clients and CMC should start working.
2.)For SSO to work you will either need a keytab or the following switch in the Web application server JVM options: -Dcom.wedgetail.idm.sso.password= <your service account password>
If you are using the former you will have to create keytab again and for the latter, modify it to contain the new password.
Also what happens when you hit update in the windows AD page: CMC>Authentication>Windows AD
Does that update fine or throw an error. If it throws an error stating administrator's credentials couldn't be verified you will have to make sure the AD administrator's credentials are corrected as well.
Cheers,
Vikram.V
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Mohammed,
We use keytab to Encrypt service account password. If you using keytab than you can see below lines in your web.xml file for InfoViewApp:
<init-param>
<param-name>idm.keytab</param-name>
<param-value>c:\winnt\vinsso.keytab</param-value>
</init-param>
You need to re-generate the the keytab file and place in the appropriate location as mentioned in your web.xml file with the new password.
And if you not using the keytab file than as said by Vikram, you have to update your password under Java option for your Tomcat.
-Dcom.wedgetail.idm.sso.password= <your service account password>
Hope it will help you.
Regards,
Deepak
Hi Deepak,
Do I get it right that in the string
-Dcom.wedgetail.idm.sso.password= <your service account password>
in the Tomcat java options the password is typed after the = sign? a lot of documentation doesn't say that you should replace the word password with your own password although it might seem obvious:
-Dcom.wedgetail.idm.sso.password=password
Regards,
Carlos
User | Count |
---|---|
87 | |
10 | |
10 | |
9 | |
7 | |
6 | |
6 | |
5 | |
4 | |
3 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.