Configuring Single Sign-on for SAP HANA



Similar documents
Table of Contents. How to Find Database Index usage per ABAP Report and Creating an Index

SAP Master Data Governance- Hiding fields in the change request User Interface

Understanding HR Schema and PCR with an Example

Process Archiving using NetWeaver Business Process Management

Enterprise Software - Applications, Technologies and Programming

R/3 and J2EE Setup for Digital Signature on Form 16 in HR Systems

Business One in Action - How can we post bank fees and charges while posting Incoming or Outgoing Payment transactions?

SAPFIN. Overview of SAP ERP Financials COURSE OUTLINE. Course Version: 15 Course Duration: 2 Day(s)

HR400 SAP ERP HCM Payroll Configuration

Maintaining Different Addresses and Ids for a Business Partner via CRM Web UI

How to Create a Support Message in SAP Service Marketplace

NetWeaver Business Client (NWBC) for Incentives and Commissions Management (ICM)

Integrating Easy Document Management System in SAP DMS

Budget Control by Cost Center

K in Identify the differences between the universe design tool and the information design tool

AC200. Basics of Customizing for Financial Accounting: General Ledger, Accounts Receivable, Accounts Payable COURSE OUTLINE

Third Party Digital Asset Management Integration

Integration of SAP Netweaver User Management with LDAP

Data Archiving in CRM: a Brief Overview

Alert Notification in SAP Supply Network Collaboration. SNC Extension Guide

Portfolio and Project Management 5.0: Excel Integration for Financial and Capacity Planning

TM111. ERP Integration for Order Management (Shipper Specific) COURSE OUTLINE. Course Version: 15 Course Duration: 2 Day(s)

User Experience in Custom Apps

Single Sign-On between SAP Portal and SuccessFactors

Secure MobiLink Synchronization using Microsoft IIS and the MobiLink Redirector

Sending Additional Files from SAP Netweaver PI to third Party System

UI Framework Simple Search in CRM WebClient based on NetWeaver Enterprise Search (ABAP) SAP Enhancement Package 1 for SAP CRM 7.0

Integration of Universal Worklist into Microsoft Office SharePoint

Application Lifecycle Management

How to Schedule Report Execution and Mailing

How To Use the BPC Mass User Management Tool in BPC 10.0 NW

SAP NetWeaver BRM 7.3

USDL XG WP3 SAP use case. Kay Kadner

BW Workspaces Use Cases

How To Use the ESR Eclipse Tool with the Enterprise Service Repository

UI Framework Task Based User Interface. SAP Enhancement Package 1 for SAP CRM 7.0

SAP Sustainability Solutions: Achieving Customer Strategies

Installation Guide Customized Installation of SQL Server 2008 for an SAP System with SQL4SAP.VBS

Data Source Enhancement Using User Exit

Compliant, Business-Driven Identity Management using. SAP NetWeaver Identity Management and SBOP Access Control. February 2010

Variable Exit in Sap BI How to Start

Business Requirements... 3 Analytics... 3 Typical Use Cases... 8 Related Content... 9 Copyright... 10

UI Framework Logo exchange without skin copy. SAP Enhancement Package 1 for SAP CRM 7.0

Log Analysis Tool for SAP NetWeaver AS Java

Sample Universe on Microsoft OLAP Cube

How-to-Guide: Middleware Settings for Download of IPC Configuration (KB) Data from R/3 to CRM System

ERP Quotation and Sales Order in CRM WebClient UI Detailed View. SAP Enhancement Package 1 for SAP CRM 7.0 CRM Sales - SFA

How to Add an Attribute to a Case, Record and a Document in NW Folder Management (ex-records Management)

SAP DSM/BRFPlus System Architecture Considerations

Learning Series: SAP NetWeaver Process Orchestration, secure connectivity add-on 1c SFTP Adapter

Intelligent Business Operations Chapter 1: Overview & Strategy

BICS Connectivity for Web Intelligence in SAP BI 4.0. John Mrozek / AGS December 01, 2011

Consume an External Web Service in a Nutshell with good old ABAP

Accounts Receivable. SAP Best Practices

Query, Read, Create and Update CLOUD FOR CUSTOMER ODATA SERVICE QUERY, READ, CREATE AND UPDATE

Sales Planning Detailed View. SAP Enhancement Package 1 for SAP CRM 7.0 CRM Sales - SFA

Project Governance The Role Of The Business Process Owner

OData in a Nutshell. August 2011 INTERNAL

SAP Business ByDesign Reference Systems. Scenario Outline. SAP ERP Integration Scenarios

Fixed Asset in SAP Business One 9.0

SAP Cloud Strategy - Timeless Software. Frank Stienhans on behalf of Kaj van de Loo SAP

SAP Portfolio and Project Management

Mass Maintenance of Procurement Data in SAP

How to Configure Access Control for Exchange using PowerShell Cmdlets A Step-by-Step guide

SAP Service Tools for Performance Analysis

Run SAP like a Factory

Finding the Leak Access Logging for Sensitive Data. SAP Product Management Security

Download and Install Crystal Reports for Eclipse via the Eclipse Software Update Manager

Implementing SSO between the Enterprise Portal and the EPM Add-In

Quick Guide EDI/IDoc Interfacing to SAP ECC from External System

Using User Exit for Variables in BEx Reporting

RUN BETTER Become a Best-Run Business with Remote Support Platform for SAP Business One

SOP through Long Term Planning Transfer to LIS/PIS/Capacity. SAP Best Practices

Xcelsius Dashboards on SAP NetWaver BW Implementation Best Practices

Duet Enterprise Add SAP ERP Reports and SAP BI Queries/Workbooks to Duet Enterprise Configuration

Learning Series: SAP NetWeaver Process Orchestration, business to business add-on EDI Separator Adapter

SAP How-To Guide: Develop a Custom Master Data Object in SAP MDG (Master Data Governance)

Certificate SAP INTEGRATION CERTIFICATION

Ariba Network Integration to SAP ECC

Introducing the SAP Business One starter package. A Great Start to help you to Streamline Your Small Business

AP Integration with BRFplus VERSION V APRIL SAP AG

SAP Sybase SQL Anywhere New Features Improve Performance, Increase Security, and Ensure 24/7 Availability

Next Generation Digital Banking with SAP

Configuring Distribution List in Compliant User Provisioning

LO Extraction Part 1: SD Application Short Overview

SAP Central Process Scheduling (CPS) 8.0 by Redwood

SAP HANA Cloud Integration Document Version: Template Guide for SAP Sales and Operations Planning

SAP Best Practices for Subsidiary Integration in One Client Production with Intercompany Replenishment

Delta Queue Demystification

Supporting SAP POS Best Practices Setting Log File Sizes and Retention

How To Configure MDM to Work with Oracle ASM-Based Products

Business Process Change Analyzer in SAP Solution Manager 7.1

How to Set Up an Authorization for a Business Partner in Customer Relationship Management (CRM) Internet Sales: Sample Case

BUSINESS STRUCTURE: FUNCTIONS AND PROCESSES

Creating New Dashboard Packages for SAP Business One 8.8

Migration Guide Remote Support Component 1.0 to SAP Solution Manager 7.1. Target Audience System Administrators Technology Consultants

Setting up Single Sign-On (SSO) with SAP HANA and SAP BusinessObjects XI 4.0

Matthias Steiner SAP. SAP HANA Cloud Platform A guided tour

Transcription:

Configuring Single Sign-on for SAP HANA Applies to: SAP BusinessObjects Business Intelligence platform 4.0 Feature Pack 3. For more information, visit the Business Objects homepage. Summary This document aims to describe the process for configuring single sign-on to HANA database through JDBC for BI Client Tools. Author: Frederic MOITEL Company: SAP Created on: 6 February 2012 Author Bio Frederic MOITEL is an Information Developer at SAP Company. 2012 SAP AG 1

Table of Content Overview... 3 Configuring Kerberos and JAAS... 3 Kerberos configuration... 3 JAAS configuration... 3 Configuring the BI platform Client Tools... 4 Configuring the information design tool for local connections... 4 Configuring the information design tool for connections stored on the CMS... 4 Configuring Web Intelligence Rich Client... 5 Configuring Web Intelligence Rich Client in HTTP mode... 5 Configuring SAP BusinessObjects Web Intelligence... 5 Troubleshooting single sign-on configuration... 6 Invalid keytab... 6 Missing LoginModule in the bsclogin.conf file... 6 Cannot connect to the CMC... 6 Related Content... 7 Copyright... 8 2012 SAP AG 2

Overview The SAP BusinessObjects Business Intelligence platform provides single sign-on to database for connections to SAP HANA 1.0 SP3 through JDBC. The single sign-on to database functionality uses Windows AD with Kerberos in Java. Users log in to the BI platform from an SAP BusinessObjects application by using their Windows AD credentials. For more information about Windows AD authentication, see the SAP BusinessObjects BI platform Administrator Guide. Configuring Kerberos and JAAS The process of configuring Kerberos and JAAS involves these steps: creating the Kerberos configuration file creating the JAAS login configuration file Kerberos configuration The Krb5.ini Kerberos configuration file must specify the Kerberos realm and key distribution center information. An example is below: [domain_realm].2k8addomain.com = 2K8ADDOMAIN.COM 2k8addomain.com = 2K8ADDOMAIN.COM [libdefaults] default_realm = 2K8ADDOMAIN.COM dns_lookup_kdc = true dns_lookup_realm = true forwardable = true default_tkt_enctypes = RC4-HMAC default_tgs_enctypes = RC4-HMAC [realms] 2K8ADDOMAIN.COM = { admin_server = VMDOMCONTLR kdc = VMDOMCONTLR kpasswd_server = VMDOMCONTLR default_domain = 2k8addomain.com } JAAS configuration The bsclogin.conf JAAS configuration file must reference the service principal that is defined in the CMS and the keytab file. An example is below: com.businessobjects.security.jgss.initiate { com.sun.security.auth.module.krb5loginmodule required debug=true; }; com.businessobjects.security.jgss.accept { com.sun.security.auth.module.krb5loginmodule required storekey=true keytab="c:/windows/vmboecons.keytab" donotprompt=true usekeytab=true realm="2k8addomain.com" principal="boexi40siavmboecons/cons.2k8addomain.com" 2012 SAP AG 3

debug=true; }; Configuring the BI platform Client Tools You must configure the BI platform Client Tools to point to the Kerberos and JAAS configuration files. The next sections focus on the following applications: the information design tool Web Intelligence Rich Client Java or HTML interface of SAP BusinessObjects Web Intelligence Configuring the information design tool for local connections 1. Exit from the information design tool. 2. Open the InformationDesignTool.ini file for editing. It is located at the <bip-installdir>\win32_x86 directory. 3. Add the following lines to the file: -Djava.security.auth.login.config=C:\<location>\bscLogin.conf -Djava.security.krb5.conf=C:\<location>\Krb5.ini where <location> is the configuration file directory on the machine where the Connection Server is running. 4. Save the file. 5. Restart the information design tool. Configuring the information design tool for connections stored on the CMS The objective is to configure the Adaptive Connectivity Service, which allows the information design tool to access Java-based data sources remotely. Important: This procedure allows you to configure single sign-on for all other Java services hosted by the Adaptive Processing Server, such as the Data Federation services. You use Data Federation services when querying on a multisource-enabled universe built on an SAP HANA connection. 1. Open the CMC. 2. Under Connectivity Services, stop the Adaptive Connectivity Service hosted by the Adaptive Processing Server. 3. Go to the Properties page. 4. Add the following options to the Command Line Parameters property: -Djava.security.auth.login.config=C:\<location>\bscLogin.conf -Djava.security.krb5.conf=C:\<location>\Krb5.ini 2012 SAP AG 4

5. Click Save. 6. Restart the service. Configuring Web Intelligence Rich Client The following procedure applies to the Web Intelligence Rich Client application that a user logs in to through the Windows Start menu or by double-clicking a WID document, independently of its connection mode (Connected, Offline, and Standalone). 1. Close your document and exit from Web Intelligence Rich Client. 2. Create the following environment variables in your system: o o java.security.auth.login.config=c:\<location>\bsclogin.conf java.security.krb5.conf=c:\<location>\krb5.ini 3. Restart Web Intelligence Rich Client. Configuring Web Intelligence Rich Client in HTTP mode The following procedure applies to the Web Intelligence Rich Client application in Connected mode that a user launches from the BI launch pad. You need to configure the Adaptive Connectivity Service to enable single sign-on with Web Intelligence Rich Client. See Configuring the information design tool for connections stored on the CMS. Configuring SAP BusinessObjects Web Intelligence The following procedure applies to the Java or HTML interface of SAP BusinessObjects Web Intelligence that a user launches from the BI launch pad. The objective is to configure Web Intelligence reporting services hosted by the Web Intelligence Processing Server. 4. Open the CMC. 5. Under Web Intelligence Services, stop the reporting service hosted by the Web Intelligence Processing Server. 2012 SAP AG 5

6. Open the cs.cfg file for editing. It is located at the <bip-installdir>\dataaccess\connectionserver directory. 7. In the JavaVM section of the file, add the following Java VM options: <Options> <Option>-Djava.security.auth.login.config=C:\<location>\bscLogin.conf</Option> <Option>-Djava.security.krb5.conf=C:\<location>\Krb5.ini</Option> <Options> 8. Save the file. 9. Restart the service from the CMC. Troubleshooting single sign-on configuration Following are some exceptions you may encounter when configuring single sign-on to database. Invalid keytab Mechanism level: Specified version of key is not available (44)) Failure unspecified at GSS-API level (Mechanism level: Specified version of key is not available (44) This exception means the keytab file has not been generated correctly. Only the file generated with kvno option equal to 0 is accepted. Run a ktpass command to create the keytab file, for example: ktpass -out -mapuser sbo.servicedomain.com -pass password -kvno 0 -ptype KRB5_NT_PRINCIPAL -crypto RC4-HMAC-NT Missing LoginModule in the bsclogin.conf file No LoginModules configured for com.businessobjects.security.jgss.accept This exception means the LoginModule of single sign-on to database is missing. See the JAAS configuration file for information. Cannot connect to the CMC If you cannot connect to the CMC, verify that you have specified the following property in the com.businessobjects.security.jgss.initiate LoginModule: useticketcache=true This property is used to cache the generated logon ticket. 2012 SAP AG 6

Related Content SAP BusinessObjects BI platform Administrator Guide SAP BusinessObjects Web Intelligence Rich Client User Guide Data Access Guide For more information, visit the Business Objects homepage. 2012 SAP AG 7

Copyright Copyright 2012 SAP AG. All rights reserved. No part of this publication may be reproduced or transmitted in any form or for any purpose without the express permission of SAP AG. The information contained herein may be changed without prior notice. Some software products marketed by SAP AG and its distributors contain proprietary software components of other software vendors. Microsoft, Windows, Excel, Outlook, and PowerPoint are registered trademarks of Microsoft Corporation. IBM, DB2, DB2 Universal Database, System i, System i5, System p, System p5, System x, System z, System z10, System z9, z10, z9, iseries, pseries, xseries, zseries, eserver, z/vm, z/os, i5/os, S/390, OS/390, OS/400, AS/400, S/390 Parallel Enterprise Server, PowerVM, Power Architecture, POWER6+, POWER6, POWER5+, POWER5, POWER, OpenPower, PowerPC, BatchPipes, BladeCenter, System Storage, GPFS, HACMP, RETAIN, DB2 Connect, RACF, Redbooks, OS/2, Parallel Sysplex, MVS/ESA, AIX, Intelligent Miner, WebSphere, Netfinity, Tivoli and Informix are trademarks or registered trademarks of IBM Corporation. Linux is the registered trademark of Linus Torvalds in the U.S. and other countries. Adobe, the Adobe logo, Acrobat, PostScript, and Reader are either trademarks or registered trademarks of Adobe Systems Incorporated in the United States and/or other countries. Oracle is a registered trademark of Oracle Corporation. UNIX, X/Open, OSF/1, and Motif are registered trademarks of the Open Group. Citrix, ICA, Program Neighborhood, MetaFrame, WinFrame, VideoFrame, and MultiWin are trademarks or registered trademarks of Citrix Systems, Inc. HTML, XML, XHTML and W3C are trademarks or registered trademarks of W3C, World Wide Web Consortium, Massachusetts Institute of Technology. Java is a registered trademark of Oracle Corporation. JavaScript is a registered trademark of Oracle Corporation, used under license for technology invented and implemented by Netscape. SAP, R/3, SAP NetWeaver, Duet, PartnerEdge, ByDesign, SAP Business ByDesign, and other SAP products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of SAP AG in Germany and other countries. Business Objects and the Business Objects logo, BusinessObjects, Crystal Reports, Crystal Decisions, Web Intelligence, Xcelsius, and other Business Objects products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of Business Objects S.A. in the United States and in other countries. Business Objects is an SAP company. All other product and service names mentioned are the trademarks of their respective companies. Data contained in this document serves informational purposes only. National product specifications may vary. These materials are subject to change without notice. These materials are provided by SAP AG and its affiliated companies ("SAP Group") for informational purposes only, without representation or warranty of any kind, and SAP Group shall not be liable for errors or omissions with respect to the materials. The only warranties for SAP Group products and services are those that are set forth in the express warranty statements accompanying such products and services, if any. Nothing herein should be construed as constituting an additional warranty. 2012 SAP AG 8

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information