Hello All,
I need some idea where to investigate and solve my issue on SAP BI 4.1 SP3 using WinAD with SSO authentification.
Normally, all is correctly setup :
- Service Account is created (already used on another service)
- Service Account is running TomCat and SIA
- We create ServiceAccount.keytab
- We setup kbr5.ini
[libdefaults]
default_realm = REALM
dns_lookup_kdc = true
dns_lookup_realm = true
default_tgs_enctypes = rc4-hmac
default_tkt_enctypes = rc4-hmac
udp_preference_limit = 1
[realms]
REALM = {
kdc = DCHOSTNAME.REALM
default_domain = REALM
}
- and bscLogin.conf files
com.businessobjects.security.jgss.initiate {
com.sun.security.auth.module.Krb5LoginModule required debug=true ;
};
- We create *.properties files
global.properties
sso.enabled=true
siteminder.enabled=false
vintela.enabled=true
idm.realm=REALM
idm.princ=SPN
idm.allowUnsecured=true
idm.allowNTLM=false
idm.logger.name=simple
idm.logger.props=error-log.properties
idm.keytab=C:/Windows/ServiceAccount.keytab
idm.allowS4U=true
- We change the TomCat Java option
-Djava.security.auth.login.config=C:\Windows\bscLogin.conf
-Djava.security.krb5.conf=C:\Windows\krb5.ini
-Dcom.wedgetail.idm.sso.password=*****
-Djcsi.kerberos.debug=true
- During Tomcat Boot, we obtain Credentials
- kinit is ok
- AD/SSO connection is OK using Designer (for instance)
- AD/SSO connection is not working on launchPad :
I need some idea, to control and solve this issue.
Best regards
Laurent