on 04-04-2024 3:35 PM
Hi,
I have a problem in Single-Sign-On on SAP Business Object 4.3 SP4 across multiple domains.
Single-sign-on works on the primary domain but not on others.
Manual login works for all domains.
I have set the following SPNs:
HTTP/hostname.domain.com serviceaccount
HTTP/hostname serviceaccount
BICMS/serviceaccount.domain.com serviceaccount
In the CMC, in Windows Active Directory, Service principal name is: BICMS/serviceaccount.domain.com
In global.properties I set:
idm.princ=serviceaccount
idm.realm=DOMAIN.COM (in ALL CAPS)
The Keytab file was created as follows: ktpass -out bosso.keytab -princ serviceaccount@DOMAIN.COM -pass "complexpassword" -kvno 255 -ptype KRB5_NT_PRINCIPAL -crypto ALL
SSO test with kinit works for all domains from the Command Prompt:
kinit USEROTHERDOMAIN@OTHERDOMAIN.COM
Response: New ticket is stored in cache file...
When I try to log in to SSO with secondary domain users, I am redirected to the BI Launchpad logon page and there are no errors in stderr.log.
In Wireshark I find the error KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN
Server Intelligence Agent is running with: DOMAIN\serviceaccount
For the configurations I followed the guide note 2629070.
Do you have any suggestions for resolution?
Thank you
Here's a similar but somewhat opposite issue: https://community.sap.com/t5/technology-q-a/ad-manual-login-and-sso-in-multiple-domains/qaq-p/856403... The information about configuring the krb5.ini file might be helpful.
-Dell
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
78 | |
9 | |
8 | |
6 | |
6 | |
6 | |
6 | |
6 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.