on 08-21-2013 12:16 PM
Hi All,
In our SAP BO BI 4.0 SP04 Patch 4 platform on Windows we have configured SSO for web services clients as is described in this note:
1646920 - How to configure Web Services Single Sign-On (dswsbobje) with Tomcat for SAP BusinessObjects Business
Intelligence platform 4+
We have review again and again this configuration and all seem to be ok, but it doesn't work.
We obtain this message from server:
"login excepción (error: FWM00006). Pre-authentication information was invalid (24)"
First I have to say that we have correctly configured SSO with BI Launch pad.
We have read stdout.log Tomcat file and this is what we see:
[Krb5LoginModule] user entered username: SKMADTCSAP14$
[Krb5LoginModule] authentication failed Pre-authentication information was invalid (24)
This also what we see when analize kerberos protocol whith Wireshark.
It has sense for me if the user is SKMADTCSAP14$. It shows a credentials error because it is not my AD user. I think it must be???. SKMADTCSAP14 is our host name.
I don't understand why don't it uses my user for preauthentication. How does Tomcat get this user?. What did we do wrong?.
Thanks in advance,
Carlos Castrillón
Hi,
Our issue was finally solved. There was the following problem...
Although we apply SAP Note correctly:
In our case Active Directory account has contrained delegation checked (not delegation to any service) and in this case, a not is said in the note we must apply what is said in the note:
1730540 - Error: "An error occurred while logging on. (LO 02040)" while logging in to Live Office using AD SSO in BI 4.0
A new entry,
<init-param>
<param
-name>idm.allowS4U</param-name>
<param
-value>true</param-value>
</init-param>
must be added to dsdwbobje web.xml file
Regards,
Carlos
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello Karthik,
With the instructions below, there are two area's that need to be uncommented. First is the Kerberos Proxy Filter then you need to scroll down and theres another small area which has Kerberos Filter
.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Carlos,
I am having the same issues on SP 6, patch 4, windows 2008 x64
Acquire TGT using AS Exchange
[Krb5LoginModule] authentication failed
Pre-authentication information was invalid (24)
What is currently working for us
1. BI Launchpad SSO = Working (Using keytab security)
2. SSO via webclient tool = working
What is not working
1. SSO for web service tools, e.g analysis for office, Query as webservice.
2. Manual AD login works with these tools.
I have trippled check everything and cant work it out....
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
78 | |
10 | |
9 | |
7 | |
6 | |
6 | |
5 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.