cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Lumira Desktop connection to BI Platform using Windows AD - Not working

Go to solution
Former Member

on ‎01-28-2016 6:27 PM

0 Kudos

We've recently deployed Lumira Server for BI Platform and it is working just fine.  I'm able to create my lums file in Lumira Desktop and save it to the BI Platform and view it in the BI Launchpad. 

This is all done however, using an Enterprise user.  I want to use our Windows AD accounts when logging in to the BI Platform but when doing so I'm encountering the error :

          "It was not possible to establish an SAP BI platform user session. Check the user name and password"

I know my user and password are correct and they have admin access to the platform.   Am I missing something in the set up of Lumira Server?  The URL I'm connecting to is correct, http://myservername:6405/biprws  

We prefer to use our AD accounts to log in but every example I've seen out there (not many), the users have logged in via Enterprise credentials.

Lumira Server for BI Platform version = 1.28.5

Lumira Desktop = 1.28.5 (x64)

BOBJ Platform = 4.1 SP4

Thanks for reading!

Jeff.

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎02-11-2016 12:48 AM
0 Kudos

Thank you everyone who has responded with some suggestions.  I have yet to get it working with Lumira.  Manual AD Authentication and SSO works fine with the launchpad but still trying to get it together with Lumira Server which appears to use the WACS server. 

Did anyone else 'enable' or uncomment the section in the RestWebService/biprws/WEB-INF/web.xml called 'Kerberos Filter Section'?  When I do and add my realm and principal name (tried many spns), the WACS server starts but with errors (RESTful Web Service fails to start).

I'm still looking for a solution. SAP Support has told me to upgrade to 1.29 (I did, didn't help) and to configure Desktop Governance (I can't, were at 4.1 SP4, DG requires SP5). 

Thanks,

Jeff.

Show replies
Show replies
alan_han
Employee
Employee
‎02-15-2016 9:09 AM
0 Kudos

Hi Jeff,

Assuming you are trying to connect to BI Platform from Lumira Desktop, using your Windows AD credentials, by clicking on the "SAP BI Platform" link in the left sidebar. First you need to enable Kerberos authentication on your WACS server. To do so, simply log in to CMC, go to Servers, and go to the Properties page of WACS. If you scroll down you'll see "krb5.ini" and "bscLogin.conf" file configuration.

If you already have WinAD authentication configured successfully on your Tomcat (which means you can log in to BI launchpad using WinAD credentials), you can then simply point to the location of the "krb5.ini" and "bscLogin.conf" files in the WACS properties page, then restart the WACS server.

You must also enable Kerberos authentication on Lumira Desktop, as documented in KBA 2210624.

Now, you should be able to connect from Lumira Desktop to BI Platform, via the WACS server, using WinAD credentials.

FYI, The kerberos section in the "web.xml" file is for configuring WinAD SSO on the WACS server. This is currently only supported for Desktop Governance workflow, not for SSO from LD to BIP.

Let me know if you have any further questions.

Regards,

Alan

vani_valasangad
Employee
Employee
‎02-15-2016 10:00 AM
0 Kudos

Hi Jeff,

Yes, Points mentioned by Alan are perfect.

Also you can follow or look into the below blog which may help you

Regards,

VAni

Answers (2)

Answers (2)

former_member384109
Participant
‎01-29-2016 6:14 AM
0 Kudos

Hi jeff,

First you need configure SSO between windows ad and your BI system.

please follow url.it can help you.

http://scn.sap.com/blogs/josh_fletcher/2012/06/11/active-directory-sso-for-sap-businessobjects-bi4

Regards,

Ankit Patel

Show replies
Show replies
Former Member
‎01-28-2016 6:40 PM
0 Kudos

I should mentioned that I have updated the SAPLumira config file to include

     -Djava.security.auth.login.config=C:\WINNT\bscLogin.conf

     -Djava.security.krb5.conf=C:\WINNT\krb5.ini     

And I have placed the krb5.ini and bscLogin files in C:\WINNT folder on the server (running Lumira Desktop from the same server that is running the server services as well).

Thanks,

Jeff.

Show replies
Show replies
Former Member
‎01-28-2016 6:55 PM
0 Kudos

I believe there is a bug in the 1.28 release that prevents AD validation from working.  Our current environment is v1.29, and I am almost positive that we had to upgrade to 1.29 because we wanted to do exactly what you are talking about - use NT validation against AD for Lumira.

It is a bit cludgy however.  You use AD authentication to log in and then you get an SSO option in the software that you use to do the connection into the environment.

Not sure if these apply to your situation but you can check KBA # 2210624 and BI Platform 4.1 Admin Guide section 12.1.8.2.4.1 for more specific instructions.

former_member205064
Active Contributor
‎01-29-2016 6:03 AM
0 Kudos

i have 1.28 and manual AD is working fine.

This is wat i did:-

Configure WebApplicationContainerServer  mentioning the path of the file bsclogin and krb5.ini at Active Directory Configuration Settings, under its properties.

updated the SAPLumira.ini file locally with

-Djava.security.auth.login.config=c:\windows\bscLogin.conf

-Djava.security.krb5.conf=c:\windows\krb5.ini

and placed the file bscLogin and Krb5 locally at the same location.

i will recommend you to move keep the files at c:\windows and update the ini file

Ask a Question