I'm very frustrated with SSO.

system · October 15, 2007, 7:55pm

Hi, I have searched the forum and read over 50+ posts in regards to get SSO working. I had tried different methods, and none of them worked. Can someone assist? I’m now using Kerberos, and my users are able to log in to infoview using their active directory credentials. However, SSO just doesn’t work. I will get this error message: "Account Information Not Recognized: Active Directory Authentication failed to log you on. Please contact your system administrator to make sure you are a member of a valid mapped group and try again. "

I’m using Java infoview on BO XI R2 SP2 with FP2.5. What else I can do? I’ve tried almost everything that you can think of, and this SSO is still not working.
I checked Business Objects knowledge base, and it’s totally useless. This site is more helpful.

doctortt (BOB member since 2007-08-03)

system · October 15, 2007, 7:59pm

try this post ActiveDirectory/LDAP and Encyclopedia (.NET vs J2EE)

it seems the most straight forward way is to generate and pass the login token from IIS to Tomcat…instructions are in the post

phidelt689 (BOB member since 2007-07-11)

system · October 15, 2007, 8:04pm

Thanks again. I tried this method and didn’t work; however, I’m not sure if I did it correctly. I created a file called login.asp and updated the servername. I then dumped the file under D:\Program Files\Business Objects XI\BusinessObjects Enterprise 11.5\Web Content
What else do I need to do to get this file activated besides dropping this file there?

doctortt (BOB member since 2007-08-03)

system · October 15, 2007, 9:10pm

you have to configure the web.config file in the infoview folder (below) and configure the AD settings in CMC.

Open up web.config file from C:\Program Files\Business Objects\BusinessObjects Enterprise 115\Web Content\Enterprise115\InfoView in Notepad.
Ensure your web.config files contains the Following values:

<add key="appName" value="InfoView" />
<add key="cmsDefault" value="SystemName:6400" />
<add key="cmsVisible" value="true" />
<add key="ssoEnabled" value="true" />
<!-- Default Authentication progID (secEnterprise, secLDAP, secWindowsNT, secWinAD) -->
<add key="authenticationDefault" value="secWinAD" />
<add key="authenticationVisible" value="true" />

Search for <system.web> in the web.config file.
Add the following two lines below the <system.web> line.
Note: It is not okay to change the order of the following two lines and it is not okay to type them anywhere but below the <system.web> line.

<authentication mode="Windows" />
<identity impersonate="true" />

Save the web.config file.
Restart the IIS Server.

phidelt689 (BOB member since 2007-07-11)

system · October 16, 2007, 2:14pm

tried above, and it didn’t work

doctortt (BOB member since 2007-08-03)

system · October 16, 2007, 4:54pm

i suggest you read through the various posts…it’s a multiple step process…making sure the service acct has full admin rights on the AD domain controller including right to delegate on the domain, configuring the AD tab in CMC, changing the web.config file, and setting up IIS/Tomcat to work with the ASP/JSP pages…also i dont use the NTLM option not kerberos and disable NT authentication…i assume you have both iis and java version installed?

phidelt689 (BOB member since 2007-07-11)

system · October 18, 2007, 7:02am

Hi Doctor

If you are on BO XI R2 SP2 with FP2.5 does the term “Vintela” mean anything to you.
This enables BO (when using a Java webserver like Tomcat) to allow full single sign-on. Prior to this the only ways were to either use a third party piece called Siteminder or to use the IIS to Tomcat token passing routine.

There are documents around somewhere i’ll try and dig something up for you. Be aware … i’m told it’s a very painful exercise, but Vintela is the key.

richmona (BOB member since 2003-04-15)

system · October 26, 2007, 5:43pm

Hi Richmona,

Can you answer this question for me in this post? Thanks.

AJ

phidelt689 (BOB member since 2007-07-11)

system · October 28, 2007, 11:55pm

Hi we created a file called index.asp , placed it in

installdirectory\inetpub\wwwroot

and then followed these instructions

On the server , right click on My Computer & Manage
Navigate to Internet Information Services\Web Sites\Default Web Site
Right click on Default Web Site & Properties
Click on Documents.
Add the index.asp page to the list, and ensure that its at the top of the list

bear in mind that we use a dedicated server for BOXI, so your website name might be different

richmona (BOB member since 2003-04-15)

system · October 29, 2007, 12:45pm

thanks a lot. will try that.

doctortt (BOB member since 2007-08-03)

system · October 29, 2007, 6:26pm

thanks richmona…so are you saying that the JSP code is not needed?

phidelt689 (BOB member since 2007-07-11)

system · October 30, 2007, 3:36am

phidelt689,

What richmona is talking about is using IIS to create tokens and pass them to Tomcat. You only need to create a very simple asp page to do this and it works. But what he was refering to earlier -

is the real SSO for Tomcat or any Java app. And yes it is a very painful exercise, I have been trying but still no where yet…

Truc (BOB member since 2005-08-22)

system · October 30, 2007, 3:39am

You can search this forum for “Vintela” and you’ll get a few hits. Try this post:

Apparently a few ppl have got it working but the exact details of how are not clear.

richmona - have you tried Vintela?

Truc (BOB member since 2005-08-22)