Hello
I am trying to setup Single-Sin-On(SSO) in the following environment
BI 4.0 SP05 on Windows 2008 R2
Windows AD authentication
Tomcat 6
SSL enabled
I have followed all the steps described in the guides and threads I could find to enable SSO. Following are the files I have made changes to
- server.xml to add httpmaxheadersize
<Connector port="8080" protocol="HTTP/1.1" connectionTimeout="20000" redirectPort="8443" compression="on" URIEncoding="UTF-8" compressionMinSize="2048"
noCompressionUserAgents="gozilla, traviata" compressableMimeType="text/html,text/xml,text/plain,text/css,text/javascript,text/json,application/json" maxHttpHeaderSize="65536" />
However, I also have another connector element for enabling SSL
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" keystorePass="<password>" keystoreFile="C:\SSL\.keystore" />
- global.properties file in the \\Tomcat6\...\custom
- I have added the following lines in Tomcat Configuration Java options
-Dcom.wedgetail.idm.sso.password=<password for the service account>
-Djcsi.kerberos.debug=true
I stopped Tomcat > Deleted the log files and > Started Tomcat back. But I am not able to get the SSO working. When I try to open BI Launchpad from within the server I get the error
HTTP Status 500 - com.wedgetail.idm.sso.ProtocolException: com.wedgetail.idm.spnego.server.SpnegoException: com.dstc.security.util.asn1.Asn1Exception: Bad tag encountered: 78.
When I try the same from Client station I get the GSSException : Failure unspecified at GSS API level error.
Is this possible at all to use SSO with SSL and Windows AD authentication? If so, what has to be done different?
Thanks