I am workinig on setting up SSO for BO4.0 in the following environment:
Windows 2008 Server
Apache Tomcat 7.0
BusinessObjects BI Platform 4.0
The instructions from http://scn.sap.com/docs-DOC-26314 have been followed along with the instructions at http://scn.sap.com/blogs/josh_fletcher/2012/06/11/active-directory-sso-for-sap-businessobjects-bi4 AND Steve Fredell's document referenced at http://alteksolutions.com/sp/index.php/2012/02/active-directory-andsso-bi4/.
I receive an error when testing the manual logon to the BI Launchpad (step 8 on the first two documents, section 6 of the S. Fredell document). When trying to navigate to the BI Launchpad, the logon page displays but it automatically displays the error:
Account Information Note Recognized: Active Directory Authentication failed to log you on. Please contact your system administrator to make sure you are a member of a vald mapped group and try again. If you are not a member of the default domain, enter your user name as UserName@DNS_DomainName, and then try again. (FWM 00006).
And, I do not get a 'commit succeeded' entry in the tomcat7-stdout log. Instead, I get:
Debug is true storeKey false useTicketCache false useKeyTab false doNotPrompt false ticketCache is null isInitiator true KeyTab is null refreshKrb5Config is false principal is null tryFirstPass is false useFirstPass is false storePass is false clearPass is false [Krb5LoginModule] user entered username: @ABC.ABC
[Krb5LoginModule] authentication failed Generic error (description in e-text) (60)
(NOTE: ABC.ABC is in place of the actual domain info.)
However, it will allow me to manually tupe in my AD credentials. Once I do this, even though I got the FWM 0006 error, then I get the 'commit succeeded' entry in the tomcat7-stdout log file.
I have also tried continuing on with the instruction with step 9, however, I continue to get the FWM 00006 error on the BI Launchpad logon screen and I do not get the 'credentials obtained' in the stdout log file. At this point after implementing the items in step 9, since the Tomcat (java tab) now knows the service account password, it should log me on automatically and it does not. I can't help but think it is related back to the FWM 00006 error.
I've, along with coworkers, have checked the syntax of the krb5.ini, bscLogin.conf, and global.properties files and all are good. The spns on the AD service account also appear to be good.
Any suggestions or recommendations? I'm under a time crunch, so if I can't get this working, I may be looking at a SiteMinder soultion for SSO in BO.
Thanks!