on 01-28-2016 6:27 PM
We've recently deployed Lumira Server for BI Platform and it is working just fine. I'm able to create my lums file in Lumira Desktop and save it to the BI Platform and view it in the BI Launchpad.
This is all done however, using an Enterprise user. I want to use our Windows AD accounts when logging in to the BI Platform but when doing so I'm encountering the error :
"It was not possible to establish an SAP BI platform user session. Check the user name and password"
I know my user and password are correct and they have admin access to the platform. Am I missing something in the set up of Lumira Server? The URL I'm connecting to is correct, http://myservername:6405/biprws
We prefer to use our AD accounts to log in but every example I've seen out there (not many), the users have logged in via Enterprise credentials.
Lumira Server for BI Platform version = 1.28.5
Lumira Desktop = 1.28.5 (x64)
BOBJ Platform = 4.1 SP4
Thanks for reading!
Jeff.
Thank you everyone who has responded with some suggestions. I have yet to get it working with Lumira. Manual AD Authentication and SSO works fine with the launchpad but still trying to get it together with Lumira Server which appears to use the WACS server.
Did anyone else 'enable' or uncomment the section in the RestWebService/biprws/WEB-INF/web.xml called 'Kerberos Filter Section'? When I do and add my realm and principal name (tried many spns), the WACS server starts but with errors (RESTful Web Service fails to start).
I'm still looking for a solution. SAP Support has told me to upgrade to 1.29 (I did, didn't help) and to configure Desktop Governance (I can't, were at 4.1 SP4, DG requires SP5).
Thanks,
Jeff.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Jeff,
Assuming you are trying to connect to BI Platform from Lumira Desktop, using your Windows AD credentials, by clicking on the "SAP BI Platform" link in the left sidebar. First you need to enable Kerberos authentication on your WACS server. To do so, simply log in to CMC, go to Servers, and go to the Properties page of WACS. If you scroll down you'll see "krb5.ini" and "bscLogin.conf" file configuration.
If you already have WinAD authentication configured successfully on your Tomcat (which means you can log in to BI launchpad using WinAD credentials), you can then simply point to the location of the "krb5.ini" and "bscLogin.conf" files in the WACS properties page, then restart the WACS server.
You must also enable Kerberos authentication on Lumira Desktop, as documented in KBA 2210624.
Now, you should be able to connect from Lumira Desktop to BI Platform, via the WACS server, using WinAD credentials.
FYI, The kerberos section in the "web.xml" file is for configuring WinAD SSO on the WACS server. This is currently only supported for Desktop Governance workflow, not for SSO from LD to BIP.
Let me know if you have any further questions.
Regards,
Alan
Hi jeff,
First you need configure SSO between windows ad and your BI system.
please follow url.it can help you.
http://scn.sap.com/blogs/josh_fletcher/2012/06/11/active-directory-sso-for-sap-businessobjects-bi4
Regards,
Ankit Patel
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
I should mentioned that I have updated the SAPLumira config file to include
-Djava.security.auth.login.config=C:\WINNT\bscLogin.conf
-Djava.security.krb5.conf=C:\WINNT\krb5.ini
And I have placed the krb5.ini and bscLogin files in C:\WINNT folder on the server (running Lumira Desktop from the same server that is running the server services as well).
Thanks,
Jeff.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
I believe there is a bug in the 1.28 release that prevents AD validation from working. Our current environment is v1.29, and I am almost positive that we had to upgrade to 1.29 because we wanted to do exactly what you are talking about - use NT validation against AD for Lumira.
It is a bit cludgy however. You use AD authentication to log in and then you get an SSO option in the software that you use to do the connection into the environment.
Not sure if these apply to your situation but you can check KBA # 2210624 and BI Platform 4.1 Admin Guide section 12.1.8.2.4.1 for more specific instructions.
i have 1.28 and manual AD is working fine.
This is wat i did:-
Configure WebApplicationContainerServer mentioning the path of the file bsclogin and krb5.ini at Active Directory Configuration Settings, under its properties.
updated the SAPLumira.ini file locally with
-Djava.security.auth.login.config=c:\windows\bscLogin.conf
-Djava.security.krb5.conf=c:\windows\krb5.ini
and placed the file bscLogin and Krb5 locally at the same location.
i will recommend you to move keep the files at c:\windows and update the ini file
User | Count |
---|---|
83 | |
10 | |
10 | |
9 | |
7 | |
6 | |
5 | |
5 | |
4 | |
3 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.