We are using BI 4.0 SP4 Patch 12. We have SSO configured and working with AD authentication and kerberos. Users can log in to LaunchPad without entering credentials and things are working as expected except for when a user attempts to "view" a report. They get the login error saying there is a problem. I have checked the settings in the Window AD authentication setup and specified to "cache security context" which is required for database sso, but it still doesn't work.
Then next step I tried was to create a SPN for the sql server service account and this did not work either. My question now is... does the SQL Service account have to be the same service account used for BI? I have a service account specified for SIA and a separate one for SQL Server. Do they have to be the same for end to end sso to work, where a user that is viewing a report in LaunchPad doesn't have to enter db credentials to view a report?
More info:
BI 4 SP4 Patch 12
SQL Server 2008
Tomcat web server
