on 03-02-2015 12:12 PM
Dear Experts,
I am trying to activate Windows AD authentication for BOBJ Tools .
Version - BOBJ 4.1 SP2
I have done below activity -
On AD Server
1. Created Service account biservice with Administrator rights & a userA.
2. Created a User Group - BO User and added biservice (Service account) and UserA
3. Run below 3 Commands as per blog - http://scn.sap.com/blogs/josh_fletcher/2012/06/11/active-directory-sso-for-sap-businessobjects-bi4
setspn -a BICMS/biservice.abc.com biservice
setspn -a HTTP/bobjserver biservice
setspn -a HTTP/bobjserver.abc.com biservice
4. I have also tested with setspn -L biservice. I am getting all above objects.
On BOBJ Server -
1. on CMC -> Authetication -> Windows AD
Given Parameter -
1. AD Administrator - abc\biservice
2. AD Administrator pw
3. Default AD Domain - abc.com
4. AD User Group - abc\BO User
5. Autheticaion Option - User Kerbores authetication
Service Principal name - BICMS/biservice.abc.com
Checked Enable SSO opiton
6. AD alias option same as mentioned in above blog.
Test Performed - I am able to see the Users in CMC -> User management under Group Hierarchy "BO User".
-> I have tried with NTLM option and it's working fine.
ISSUE - While selecting Kerbores authentication in CMC -> Authentication -> Windows AD I am getting error "Kerboers target BICMS/biservice.abc.com in unknwon (FWM 00003).
I have installed wireshark as well but getting -
Can anyone have idea how do i resolve this ?
Thanks for your help.
With Regards,
Rishit Kamdar
The domain name in the CMC is case sensitive. be sure you are using upper case in both the krb5.ini file and the CMC.
Are you able to log into the manage servers option in the CCM using the AD account?
You can reference KBA 1631734 - Configuring Active Directory Manual Authentication and SSO for BI4
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Dear All,
I am able to login to Manage Server with AD User and AD Authentication as well as WebI tool.
I am also able to login to CMC & BI Launch Pad with AD User & AD Authentication (Wtih Manual login - right now don't want SSO for Launch Pad & CMC)
BUT ----
I am not able to login to IDT as well as not able to connect to BOBJ Server through swf file.
Can anyone suggest what I am missing ?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Rishit,
Change the default AD Domain to upper case : ABC.COM and also make sure there are no extra spaces in the service principal name box.
-Ambarish-
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
86 | |
10 | |
10 | |
9 | |
7 | |
7 | |
6 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.