cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Setup Windows AD SSO (BO 4.1 SP7) to work for OpenDocument links

Go to solution
mhmohammed
Active Contributor

on ‎03-09-2016 2:49 PM

0 Kudos

Hello everyone,

I've already setup Windows AD SSO for BO 4.1 SP7 and it works perfectly fine, users get logged in when they access BI LaunchPad link. Now, we've a Webi report's Document Link in an internal website, so when a user clicks on it, they're getting directed to OpenDocument page where they need to enter their credentials. What do I need to do to setup the SSO for this OpenDocument page as well?

Thanks,
Mahboob Mohammed

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

former_member263026
Explorer
‎03-10-2016 1:28 PM
0 Kudos

Hello,

Check please to the following kbas,  think this can helps you:

http://service.sap.com/sap/support/notes/ 2289077

http://service.sap.com/sap/support/notes/1732613

Regards,

Asma

Show replies
Show replies
mhmohammed
Active Contributor
‎03-10-2016 2:50 PM
0 Kudos

Hi Asma,

Earlier I thought about changing that Document Link port to 8080, but needed confirmation. Also, I had gone through this SAP KBA, don't remember why I didn't try it earlier.

I just changed the port in Open Document as 8080 and it worked.

Thanks,
Mahboob Mohammed

former_member263026
Explorer
‎03-10-2016 3:06 PM
0 Kudos

Hi Mohammed,

Good news.

Because by default OpenDocument URL uses WACS port number (6405). However,

SSO no longer works in BI 4.x with WACS.


Thanks,

Asma

Answers (3)

Answers (3)

Former Member
‎03-10-2016 12:08 AM
0 Kudos

Do you have a Global file in the custom folder? If so, is there something in there. I think open document should override the Global file however.  You probably already checked but have to ask.

Show replies
Show replies
mhmohammed
Active Contributor
‎03-10-2016 1:54 PM
0 Kudos

I've Global.properties in place already.


Thanks,

Mahboob Mohammed

Former Member
‎03-09-2016 4:05 PM
0 Kudos

Mohamad,

We are still not on 4.1 ( which we will be in a few days) but on 3.1 we had to modify the contents of web.xml under \Install Directory\Tomcat7\webapps\OpenDocument\Web-Inf to get this to work.

I am assuming there would be something similar in 4.1 too.

Show replies
Show replies
DellSC
Active Contributor
‎03-09-2016 4:18 PM
0 Kudos

4.1 is different.  Instead of changing web.xml, there are a set of properties files in webapps\BOE\WEB-INF\config folder that have to be updated.  The files in the "Default" sub-folder do NOT get changed.  Instead, you create new ones with the same names in the "Custom" folder to set any of the properties that you want to override, such as configuring for AD Authentication and SSO.


-Dell


DellSC
Active Contributor
‎03-09-2016 3:00 PM
0 Kudos

In the webapps\BOE\WEB-INF\config\custom folder under your Tomcat installation, make a copy of BILaunchpad.properties that has the SSO configuration in it and call it OpenDocument.properties.  Copy the file to the appropriate folder under warfiles as well.  Stop Tomcat and restart it for the new properties to take effect.

-Dell

Show replies
Show replies
mhmohammed
Active Contributor
‎03-09-2016 3:33 PM
0 Kudos

Thanks for the response Christy. Before posting this question, I already had OpenDocument.properties file created under Tomcat\webapps\BOE\WEB-INF\config\custom folder and it didn't work. After seeing your response, I copied that file to appropriate location under warfiles as well, restarted Tomcat, and it still doesn't work. Any thoughts?

FYI: I've followed Josh's blog to setup the SSO, except subtle different in 2 steps. I'm running the Tomcat as well Service account's credentials (when compared to Step 5 in his blog), and I have the service account's password hard coded in Tomcat Configurations -> Java Options because the ktpass command to create a keytab is failing (when compared to Step 11 in his blog, ktpass worked for him).

Also, I see few people adding 'sso.types.and.order=trustedVintela' line in BILaunchPad.properties file, I don't know what that is about. SSO in my case works fine even without that line.

Thanks,

Mahboob Mohammed

former_member185603
Active Contributor
‎03-09-2016 3:36 PM
0 Kudos

You may have to cleanup the Tomcat cache from work folder, to take affect on the new settings.

DellSC
Active Contributor
‎03-09-2016 3:38 PM
0 Kudos

You should have copies of all of your custom .properties files under the appropriate folder in Warfiles - that's how you make sure they don't get overwritten when running wdeploy or installing a service pack or patch to your system.

Please post the contents of your OpenDocument.properties file.

Thanks!

-Dell

mhmohammed
Active Contributor
‎03-09-2016 3:40 PM
0 Kudos

The contents of OpenDocument.properties file are the same as BILaunchPad.properties.

authentication.visible=true
authentication.default=secWinAD
Thanks,
Mahboob Mohammed
mhmohammed
Active Contributor
‎03-09-2016 3:45 PM
0 Kudos

Thanks for the response Jawahar!

Which folder(s) / file(s) under ..tomcat\work? Or everything under ..tomcat\work?

Thanks,
Mahboob Mohammed

former_member185603
Active Contributor
‎03-09-2016 3:47 PM
0 Kudos

Tomcat\work\catalina\

Stop Tomcat.

Delete the localhost folder and start the Tomcat.

DellSC
Active Contributor
‎03-09-2016 4:07 PM
0 Kudos

Add "sso.types.and.order=vintela" to it and try again.

-Dell

mhmohammed
Active Contributor
‎03-09-2016 4:12 PM
0 Kudos

Hi Jawahar,

I did as you said, stopped Tomcat, deleted localhost folder under Tomcat\work\catalina\ and restarted Tomcat. Now, when I go to CMC or BI LaunchPad pages, it just says "Waiting for <servername>". The page hasn't opened even once after I did that change. Did I miss/mess something?


Update:

I see the CMC login page when I go to its link and also, got logged on to BI LaunchPad directly when accessing its link.

But, the Open Document still doesn't work. I got the Document Link of one of the reports, logged out of BI LaunchPad and now when I paste that link in Browser and Enter, I get the Open Document login page (doesn't get logged on automatically) and even if I enter my Windows AD credentials, it doesn't get logged on.


Any thoughts?


Thanks,
Mahboob Mohammed

mhmohammed
Active Contributor
‎03-09-2016 4:28 PM
0 Kudos

Everyone,

I found this SAP KBA 1732613, will try that and see what happens.


Thanks,
Mahboob Mohammed

mhmohammed
Active Contributor
‎03-09-2016 5:02 PM
0 Kudos

I tired making the changes as you said and in this KBA 1732613. I've the idm.realm and idm.princ name in Upper case and it still doesn't work. The other line I added to the BILaunchPad and OpenDocument.properties file is cms.default=@CLUSTERNAME.

The SSO for OpenDocument still doesn't work, I get the login page, and it doesn't work even if I enter my Windows AD credentials. It gives me an error as below, even if I try to login with username @FQDN.

Account information not recognized: Active Directory Authentication failed to log you on. Please contact your system administrator to make sure you are a member of a valid mapped group and try again. If you are not a member of the default domain, enter your user name as UserName@DNS_DomainName, and then try again. (FWM 00006)

Any thoughts?

Thanks,

Mahboob Mohammed

mhmohammed
Active Contributor
‎03-09-2016 5:14 PM
0 Kudos

FYI: I removed cms.defualt=@CLUSTERNAME from BILaunchpad and OpenDocument.properties files.

I see that the Document Link has port 6405 in it, is that the issue? Do I have to modify that in some place to use 8080?

Thanks,
Mahboob Mohammed

former_member185603
Active Contributor
‎03-09-2016 9:06 PM
0 Kudos

Can you check with admin account? Just want to make sure there is no access rights issue

mhmohammed
Active Contributor
‎03-09-2016 9:10 PM
0 Kudos

Hi Jawahar,

Yeah, I checked with Administrator's credentials (Enterprise authentication obviously) and I was able to login successfully.

FYI: SSO works fine when I try BI LaunchPad link.

Thanks,

Mahboob Mohammed

Ask a Question