cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

New users for AD-->BO SSO

Go to solution
Former Member

on ‎02-16-2015 7:41 AM

0 Kudos

Hi,

We've setup end to end SSO for AD-->BO-->BW.

We've also updated the regedit entry using Note 1343537.

However, we see the below issue:

1. A new user created in BW first has to login to BW to change his initial password

2. Then login with this password to BO using SAP authentication & the non SSO Launchpad URL

3. Once this is done, the automatic mapping takes place & second time on-wards SSO between AD-->BO-->BW works fine.

Please advise if there's a way to circumvent point 1 & 2.......

Thanks a lot !

saba.

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

hemanth2
Product and Topic Expert
Product and Topic Expert
‎02-19-2015 12:54 PM
0 Kudos

Hi Saba,

Hope you are doing good.

Nice to hear from you again.
There is a property on the j2ee side so that you do not have to change the password:

ume.logon.force_password_change_on_sso

Default value is TRUE.

More help:

<http://help.sap.com/saphelp_nw70/helpdata/en/52/4c6c3e58d0d064e10000000a114084/frameset.htm>

Regarding your concern,could you please change the ume.logon.force_password_change_on_sso" to "FALSE" via config tool and restart the J2EE engine and check if the problem still persists.

   

Hope this helps.

_____________

Kind Regards,

Hemanth

SAP AGS
 

Show replies
Show replies
former_member136842
Employee
Employee
‎02-19-2015 1:55 PM
0 Kudos

Hi,

did you scheduled the role and alias import properly? If you do so the SAP Alias will be created automatically after the Update occured. Afterwards it will map automatically to the Win AD Alias.

Regards

-Seb.

Former Member
‎02-19-2015 2:00 PM
0 Kudos

Hi Hemanth,

All's well, thank you.....hope you're doing good too !

The users would be accessing BO directly via launchpad, not via EP...thus, we don't have a Java stack involved here.

Thanks a lot !

saba.

Former Member
‎03-24-2015 10:52 AM
0 Kudos

Thanks a lottttt !!!

Issue resolved

Answers (2)

Answers (2)

DayaJha
Active Contributor
‎02-19-2015 7:47 AM
0 Kudos

Hi Saba,

Please refer the below link

Setup of SAP SSO Service in SAP BO BI4.0 CMC
http://wiki.scn.sap.com/wiki/display/BOBJ/Setup+of+SAP+SSO+Service+in+SAP+BO+BI4.0+CMC

Import SAP BO BI4.0 certificate into SAP BW
http://wiki.scn.sap.com/wiki/display/BOBJ/Import+SAP+BO+BI4.0+certificate+into+SAP+BW


Generate keystore and certificate for SAP BO BI4.0
http://wiki.scn.sap.com/wiki/display/BOBJ/Generate+keystore+and+certificate+for+SAP+BO+BI4.0


How to setup SSO against SAP BW with SAP BO BI4.0 Common Semantic Layer (UNX) or BICS

http://wiki.scn.sap.com/wiki/display/BOBJ/How+to+setup+SSO+against+SAP+BW+with+SAP+BO+BI4.0+Common+S...

Configuring Business Objects 4.0 SSO with SAP BW

https://vynesolutions.wordpress.com/2013/04/16/business-objects-4-0-configuring-sso-with-sap/

Thanks,

Daya

Show replies
Show replies
PaulHodgdon
Participant
‎02-18-2015 5:29 PM
0 Kudos

Do you pull the BI users in through the Role Import tab in BO?

Show replies
Show replies
Former Member
‎02-19-2015 10:38 AM
0 Kudos

Hi Paul,

Yes, as per the Note...post making the regedit change we re-mapped the users & roles in CMC- Role Import tab.

The issue is now whenever a new user is assigned a role in BW, the first time he has to login with SAP (BW) creds to BO, so that the auto mapping between his BW & Ad Id takes place.

His Id then appears in CMC in the User List in the correct AD format.

Second time on-wards SSO works well...

I guess this is by design, but thought there may be a way to get round it

Hi Daya,

These settings are already in place for us.

Thanks a lot !

saba.

Ask a Question