cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SSO configuration between BI and BOBJ

Go to solution
former_member209962
Participant

on ‎07-15-2014 10:47 AM

0 Kudos

Hi Friends,

We have also configure SSO between BI & BO using below link.

http://wiki.scn.sap.com/wiki/display/BOBJ/How+to+setup+SSO+against+SAP+BW+with+SAP+BO+BI4.0+Common+S...

But when i am trying to create a olap connection in IDT with SSO connection test is getting failed with below error.

com.businessobjects.mds.olap.OlapException: [Internal] SSO token or User password is empty.

I checked CMC -> Servers and checked APS and it already has Security Token Service .

kindly help to solve this issue and also is there any way we can test the sso which we have configured ??

Thanks

Basis


Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

s_yuksektepe
Explorer
‎07-16-2014 10:59 AM
0 Kudos

Hi Tabrayz,

I had the similar problem, please check your Private Key alias is correctly entered. Refer to step 6 of:

Setup of SAP SSO Service in SAP BO BI4.0 CMC - Business Intelligence (BusinessObjects) - SCN Wiki

Hope this will help you to

regards

Sem

Show replies
Show replies
former_member209962
Participant
‎07-16-2014 11:43 AM
0 Kudos

Hi Sem

In place of system ID PALM i ahve given bi system SID.

and private key alias i used same mywin.

do we have to create a user with mywin name in bo???

kindly advice.

Thanks

Basis

s_yuksektepe
Explorer
‎07-16-2014 12:46 PM
0 Kudos

Step 0; go to the right folder

cd "E:\Apps\SAP BusinessObjects\SAP BusinessObjects Enterprise XI 4.0\java\lib\"

Step 1 : create keystore file (keystore.p12)

"E:\Apps\SAP BusinessObjects\SAP BusinessObjects Enterprise XI 4.0\win64_x64\sapjvm\bin\java" -jar PKCS12Tool.jar -alias <aliasname> -storepass <password> -dname CN=<clustername>

  • - alias : free to choose, later to be used as “SID” in BW or “System ID” in CMC
  • - storepass : to be used in step 2 and in CMC
  • - CN : free to choose, use BI4 clustername for reference

Step 2 : create certificate (cert.der)

"E:\Apps\SAP BusinessObjects\SAP BusinessObjects Enterprise XI 4.0\win64_x64\sapjvm\bin\keytool" -exportcert -keystore keystore.p12 -storetype pkcs12 -file cert.der -alias <aliasname>

  • - keystore : created in step 1 : keystore.p12
  • - alias : same used in step 1
  • - a password prompt will come up : use “storepass” from step 1

Step 3: locate the files and share

  • - certificate and keystore are located in “E:\Apps\SAP BusinessObjects\SAP BusinessObjects Enterprise XI 4.0\java\lib\”
  • - send the file “cert.der” , import the certificate in BW (STRUSTSSO2)

Step 4:

CMC -->  Authentication --> SAP --> tab Options

Go to section “SAP SSO Service”

  • System ID         : <aliasname> (alias name as used with generating the certificate)
  • Upload             : browse for the file “keystore.p12” as generated before
  • Key Store Password      : same as “-storepass” used with generating the keystore file
  • Private Key Password   : same as “-storepass” used with generating the keystore file
  • Private Key Alias           : same as “-alias” used with generating the keystore file

Select “Update”

Step 5: How to check if SSO is working

  • - Login to CMC
  • - Maintain OLAP connections
  • - Provide all properties for your connection
  • - Authentication = SSO
  • - Save

Regards,

Sem

former_member209962
Participant
‎07-17-2014 8:11 AM
0 Kudos

Hi Sem,

Thanks for providing detail steps.

I have followed these steps and i am able to create olap connection in CMC with authentication = SSO and save But how i can test it??

From IDT tool when i am creating olap connection with oss  then i am getting same error.

com.businessobjects.mds.olap.OlapException: [Internal] SSO token or User password is empty

Thanks

Basis

s_yuksektepe
Explorer
‎07-17-2014 9:16 AM
0 Kudos

Hi Tabrayz,

How to test:

  • Login to BI Launchpad
  • Maintain Web Intelligence
  • Create new document
  • Select BEx connection
  • Select the connection that was created in the previous step
  • When “Favorites” and “InfoArea” show up, this already means that you are connected through SSO

Additional questions and documents which might help you further:

  • Be sure that the “Security Token Service” is part of one of the running AdaptiveProcessingServers (APS). If not, add it to one of the running APS or create a new APS that contains this service. The   “Security Token Service” has no parameters to configure.

  • Perhaps restart of the server will help

Regards

Sem

former_member209962
Participant
‎07-17-2014 11:03 AM
0 Kudos

Hi Sem,

Once again thanks for detail information.

As per your recomendations i try to test SSO but getting below error.

com.businessobjects.sdk.core.server.CommunicationException$UnexpectedServerException: [[error.openSapBwBrowsingSessionFailed] 0] <Language=en_US;Data Source=hostname;SapLoginMode=0;Cube Type=Unknown;JCO_ASHOST=hostname;SaveLanguage=true;JCO_R3NAME=SIDCLNT400;TargetProvider=SAPNETWEAVER7X;NetworkLayer=SAPBW_BICS;Authentication Mode=2;JCO_CLIENT=400;JCO_LANG=EN;JCO_SYSNR=00;>,<com.businessobjects.mds.olap.OlapException: [Internal] SSO token or User password is empty.>

About Security Token Service i check CMC--SERVERS-APS right click Edit common services I can security token service there, so it means this service already added and running rite? or do i have to do anything extra.

Thanks

Basis

s_yuksektepe
Explorer
‎07-17-2014 12:28 PM
0 Kudos

Hi Tabrayz

As per your recomendations i try to test SSO but getting below error.



com.businessobjects.sdk.core.server.CommunicationException$UnexpectedServerException: [[error.openSapBwBrowsingSessionFailed] 0] <Language=en_US;Data Source=hostname;SapLoginMode=0;Cube Type=Unknown;JCO_ASHOST=hostname;SaveLanguage=true;JCO_R3NAME=SIDCLNT400;TargetProvider=SAPNETWEAVER7X;NetworkLayer=SAPBW_BICS;Authentication Mode=2;JCO_CLIENT=400;JCO_LANG=EN;JCO_SYSNR=00;>,<com.businessobjects.mds.olap.OlapException: [Internal] SSO token or User password is empty.>

I assume you replaced your real <hostname> with JCO_ASHOST=hostname, and SID with <SID> in this logfile.

  • Is your BO Engine running on Netweaver platform? If so, please check in netweaver administrator The creds of JCo RFC Provider Service: http://host:port/nwa --> configuration --> infrastructure --> Jco --> Repository configuration.
  • Please launch the SAP NetWeaver BI Diagnostics & Support Desk Tool, which might give you additional information regarding J2EE configuration issues, please also refer to 937697 - Usage of SAP NetWeaver BI Diagnostics & Support Desk Tool: <http|https>://<j2ee_server>:<j2ee_port>/irj/servlet/prt/portal/prtroot/com.sap.ip.bi.supportdesk.default
  • On the ABAP side, check Jco RFC connection under TCP/IP  





About Security Token Service i check CMC--SERVERS-APS right click Edit common services I can security token service there, so it means this service already added and running rite? or do i have to do anything extra.




Thanks


Basis

No, you don't have to do anything extra.

If all of the checks seems to be correct, please raise an incident at SAP.

Regards

Sem

former_member209962
Participant
‎08-21-2014 7:58 AM
0 Kudos


Dear Sem,

Problem is solved after upgrading to BI4.1 SP4  as per below Note

Note 1658179 t

Thank you everyone for they help.

Thanks

Basis

Answers (1)

Answers (1)

former_member202257
Contributor
‎07-16-2014 10:11 AM
0 Kudos

Hi,

Did you try creating the OLAP connection via CMC --> OLAP Connections? You can check if you get an error there too.

Show replies
Show replies
former_member209962
Participant
‎07-16-2014 10:25 AM
0 Kudos

Hi Shwetha,

I have created OLAP connecting from CMC But when i am  saying Connect to server to choose a cube

its asking for user id and password and then getting connected.

I belive if SSO is configured it should not ask for id password rite?

Thanks

Basis

former_member202257
Contributor
‎07-16-2014 11:06 AM
0 Kudos

I do not think that is the case, it would still prompt you to enter the credentials while checking the connection.

SSO would work when you are trying to access the BI Launchpad via some application like portal.

Ask a Question