Dear experts,
After update SAP BO 4.0 SP05 to SAP BO 4.1 SP04 we have the problem with SSO to http://<boserver>/BOE/BI.
Our environment:
SAP BO 4.1 running on AIX 6.1, integrated Tomcat7, one server (no cluster)
In fact, tomcat is able to communicate with AD, in debug mode I see
[DEBUG] Mon Aug 04 14:57:23 CEST 2014 jcsi.kerberos: ** credentials obtained .. ** messages.
BUT after starting http://bodev.vse.sk/BOE/BI logon page to BI launchpad is comming, no SSO action.
Our custom properties files:
global.properties
sso.enabled=true
trusted.auth.user.retrieval=REMOTE_USER
siteminder.enabled=false
vintela.enabled=true
idm.realm=AD.VSE.SK
idm.princ=krbbod
idm.allowS4U=true
idm.allowUnsecured=true
idm.allowNTLM=false
idm.logger.name=simple
idm.logger.props=error-log.properties
idm.keytab=/home/bodadm/keytab/krbbod.keytab
BIlaunchpad.properties
authentication.visible=true
cms.visible=true
sso.types.and.order=vintela
(last line I added after reading some discussions, but it didn't solve the problem)
After update I've generated the new TrustedPrincipal.conf and saved it into /usr/sap/sap_bobj/enterprise_xi40/aix_rs6000 (also using -Dbobj.trustedauth.home=/usr/sap/sap_bobj/enterprise_xi40/aix_rs6000 in JAVA_OPTS), but it didn't help.
Before update to 4.1, SSO was working without problems.
Can you help me?
How can I be sure, that tomcat is passing the correct username and using the shared secret from TrustedPrincipal.conf when logging to CMS? Is it possible to debug it?
Best regards,
Slavomir Kysel