Hi,
can anyone tell me how to do security for reports...i mean to say is, i have sales data. now i want to restrict the sales data to particular persons only (like, sales manager has to see only their particular region, not for other regions and sales person has to see their own sales,etc,.. ) please help me...
Thanks in advance
Cheers,
KIRAN
I have installed BI 4.0 on windows 2008 with Tomcat 6 / MSSQL. Authentication with AD is configured based on Admin guide. I can log in CMC / Bi Launch Pad manually with Windows AD Authentication.
Kerberos SSO with AD doesn't work. I got the error message as "Account Information Not Recognized: Active Directory Authentication failed to log you on. Please contact your system administrator to make sure you are a member of a valid mapped group and try again. If you are not a member of the default domain, enter your user name as UserName@DNS_DomainName, and then try again. (FWM 00006)"
The error shows at trace file Webapp_BIlaunchpad_trace.000001.glf as follows:
com.crystaldecisions.sdk.plugin.authentication.ldap.internal.SecWinADAuthentication||Authentication failed.
java.lang.IllegalArgumentException: EncryptionKey: Key bytes cannot be null!
at sun.security.krb5.EncryptionKey.<init>(EncryptionKey.java:214)
at sun.security.krb5.EncryptionKey.acquireSecretKeys(EncryptionKey.java:191)
at sun.security.krb5.EncryptionKey.acquireSecretKeys(EncryptionKey.java:159)
Tomcat log shows:
Debug is true storeKey false useTicketCache false useKeyTab false doNotPrompt false ticketCache is null isInitiator true KeyTab is null refreshKrb5Config is false principal is null tryFirstPass is false useFirstPass is false storePass is false clearPass is false
[Krb5LoginModule] user entered username: @XX.YY.COM
Using builtin default etypes for default_tkt_enctypes
default etypes for default_tkt_enctypes: 3 1 23 16 17.
There is no username passed.
I followed administator guide and created global.properties and BIlaunchpad.properties under custom folder. Kinit is OK. "setspn -l bodservice" looks good too.
global.properties:
sso.enabled=true
siteminder.enabled=false
vintela.enabled=true
idm.realm=XX.YY.COM
idm.princ=BOSSO/bodservice.XX.YY.com
idm.allowUnsecured=true
idm.allowNTLM=false
idm.logger.name=simple
idm.logger.props=error-log.properties
idm.keytab=C:\winnt\BODvintela.keytab
BIlaunchpad.properties
authentication.default=secWinAD
cms.default=XXXX:6400
authentication.visible=true
bscLogin.conf
com.businessobjects.security.jgss.initiate
{com.sun.security.auth.module.Krb5LoginModule required debug=true;
};
Krb5.ini
[libdefaults]
default_realm = XX.YY.COM
dns_lookup_kdc = true
dns_lookup_realm = true
udp_preference_limit = 1
[realms]
XX.YY.COM = {
kdc =XXXX.XX.YY.COM
default_domain = XX.YY.COM
}
We have XI 3.1 with AD SSO for InforView. I follows most configuration steps but there is no luck for 4.0. Any idea? Thanks for your help.
Edited by: Dong Li on Jul 28, 2011 11:16 PM
Update: I worked with SAP Support. SSO works for manually inputting the password at Tomcat configuration. It seems there is something wrong with Keytab. We will create new keytab.
Hi Experts,
We found that our BO server's input/output file repository servers has saved large amount of files (~60G in total) under our server's local directory while we have less than 10000 bi reports. Please suggest how to housekeep any unused files / empty directories safely. Thanks.
Vicky
Hi,
Does anyone know what the following error mean? I get this error when scheduling a WebIntelligence report. It ran for 15mins and then failed with the error.
"An internal error occured while calling 'getMap' API. (Error : ERR_WIS_30270).
Thanks in advance.
Regards,
Cindy.
Hi
our company is moving from 4.1 sp2 to sp6 and rather than upgrading we are taking the re implementing approach, we have new 4 tier environment for sp6 which are installed and configured and now we have to migrate all content from 4.1 sp2 to sp6 and we are trying to decide whether to use UMT or promotion management. folllowing are my questions:
1- our content contains crystal, webi , explorer, universes,connections,Access levels, security, users and groups and folders, open doc, short cuts etc, what is best for us to sue UMT or promotion and why?
2- for the first intial bulk migrate should be use live to live or export to BIAR and why?
3- If we want to do incremental migration, then what should be the sequence of content to be moved,e.g. should folders and access levels be moved first and so on? what is good sequence to do incremental migration for future?
Thanks
Recently I was getting this irritating error, but after clicking "Run this time", then everything works.
To clear this up, I installed the latest version of Java, 1.8.0_66 (32-bit) (but I have a 64-bit machine). Everything still works fine.
When I open Java panel, it only shows 1.8.0_66 in 32-bit folder, but I do have 64-bit Java also installed. Why doesn't it show 1.8.0_45 ?
I wouldn't have realized any of this version issue, but a user called who previously had the "Run this time" issue, and we directed the IT tech to make sure she has the matching version of Java (32-bit, 64-bit) for her machine. But now she's dead in the water, with this error:
When I first saw this error, I was like, "Oh, make sure she's got the matching version of Java", then I looked at my own machine and got a tiny bit confused . . .
Hi All
We having issue password failure and lm trying to capture this in the audit log
In audit logs on the BO servers where can l locate the right job that triggered the failed password attempts.
I run some audit report against event type and document name but no results.
Please Help
Coupon
Hello SSO experts ! ;o)
Is it possible to get SSO for WebI Rich Client 4.1 in 3-tier mode ?
Env. : Windows Server 2012 R2, BO BI 4.1 SP7, Tomcat7, JRE 8, Windows AD, SQL Server 2014
I get SSO+WinAD for WebI RC in "2-tier" mode but not in "3-tier" mode.
SSO+WinAD is OK for BILP.
I start WebI RC from BILP but it seems that "...\Documents\My SAP BusinessObjects Documents\LocData\VM-BOBI41_cloud_xyz@6400_j2ee.extranet" file is not updated correctly (in bold) on client:
-----
connection.common.cluster_name=@VM-BOBI41:6400
connection.common.config_name=VM-BOBI41.cloud.xyz:6400
connection.common.last_authmode=secEnterprise
connection.common.last_user=
connection.common.mode=HTTP_MODE
connection.http.locale=fr_FR
connection.http.provider=WSTK_HTTP_Tunneling
connection.http.sso_provider=
connection.http.url=http://vm-bobi41:8080/BOE/portal/1512210115/AnalyticalReporting/jsp/shared/WSTKBridge.jsp
connection.http.urlbase=http://vm-bobi41:8080/BOE/portal/1512210115
connection.http.web_authmode=
-----
I've tried this:
----
connection.common.cluster_name=@VM-BOBI41:6400
connection.common.config_name=VM-BOBI41.cloud.xyz:6400
connection.common.last_authmode=secWinAD
connection.common.last_user=
connection.common.mode=HTTP_MODE
connection.http.locale=fr_FR
connection.http.provider=WSTK_HTTP_Tunneling
connection.http.sso_provider=vintella
connection.http.url=http://vm-bobi41:8080/BOE/portal/1512210115/AnalyticalReporting/jsp/shared/WSTKBridge.jsp
connection.http.urlbase=http://vm-bobi41:8080/BOE/portal/1512210115
connection.http.web_authmode=secWinAD
----
but without success.
Any idea/solution to make SSO work for WebI Rich Client 4.1 in 3-tier mode ?
Thanks in advance.
Regards,
Stephane
I installed Crystal Reports Server 2008. The server is a new install of windows 2003 server fully service packed... The ony connection to SQL is through an ODBC connection to a seperate MSSQL Server. I did not set a password for the CMC and checked the "change administrator password later". When I try to log in to the CMC I get
Error: Server srvreports:6400 not found or server may be down (FWM 01003) null
I am connecting through an ODBC using a trusted connection... Should I not do it this way?
I have tried uninstalling several times... including specifying a password.
Thank you in advance for the assistance
Hello,
After having applied instructions of "SAP note 2149200 - Java 8 support issue on Tomcat 7.0.55 and Tomcat 8", I've this working platform :
- Windows Server 2012 R2
- Tomcat 7.0.59
- JRE 8_66
- BO BI 4.1 SP7
- SQL*Server 2014 (Repository + data)
Tomcat 7.0.59 is the last release that works on this platform, applying "SAP note 2149200" instructions.
NB: the last available release is Tomcat 7.0.67 and many others may be released to solve weaknesses.
Any release > 7.0.59 gives HTTP 500 errors described in 2149200 SAP note.
Neither "ecj-4.4.jar" nor "ecj-4.4.2.jar" seems to work with Tomcat release > 7.0.59 .
Have you experienced such a problem ?
Any idea to solve it ?
It's a very serious problem not to be able to update with last security patches a Tomcat server opened to the web. 
Thanks in advance.
Regards,
SP
Hi,
can anyone tell me how to do security for reports...i mean to say is, i have sales data. now i want to restrict the sales data to particular persons only (like, sales manager has to see only their particular region, not for other regions and sales person has to see their own sales,etc,.. ) please help me...
Thanks in advance
Cheers,
KIRAN
Hi Experts,
We found that our BO server's input/output file repository servers has saved large amount of files (~60G in total) under our server's local directory while we have less than 10000 bi reports. Please suggest how to housekeep any unused files / empty directories safely. Thanks.
Vicky
Hi all,
My company is using SAP Business Objects BI v4 SP02 Patch 11.
Currently we have 1 application server connect to 1 database server
Application server
- running on IBM AIX Machine
- OS 6.1
- 16GB Memory
- 50GB Hard Disk
- installed with WebSphere v7.0.0.21
- installed with BOBJ BI v4 SP02 Patch 11
- BOBJ has been configured as follows :-
a) SIA node name = SIA_PROD1 (with default 16 services)
b) SIA port no = 6410
c) CMS name = CRPRD1
d) CMS port no = 6400
e) CMS database connected to METADATA
f) AUDIT database for CMS connected to AUDIT
Database server
- running on IBM AIX Machine
- OS 6.1
- 16GB Memory
- 150GB Hard Disk
- installed with IBM DB2 server software
- 3 databases have been created which are METADATA , REPORT and AUDIT
Now we would like to add another 2 new physical servers to serve as a backup/high availability purposes. 1 for APPL and another 1 for DBASE.
We've completed clustering the DBASE with IBM PowerHA (active - passive) but we're not sure on how to configure BOBJ BI v4 for the new server.
Questions during installation on the new server :-
a) Do I need to key-in SIA_PROD1 or create a new one called SIA_PROD2 ?
b) Do I need to key-in 6410 or create a new port no for above SIA node ?
c) Do I need to key-in 6400 or create a new port no for CMS ?
d) Is there any different in deploying BOE file ?
For time being only above confused me. I've read "Business Intelligence Platform Administrator Guide" but the explanation is too general.
See attached file on what type of clustering I want to perform.
Also if possible, kindly highlight me any important things that I may left out.
Thank You.
Hello,
We have recently upgraded to BI 4.1 and I am trying to reconfigure the auditing reports we had. Previously we were using the default ms sql 2008 express edition and on BI 4.1 (clean installation to formatted machine), we again used an ms sql 2008 database instead of the default sybase sql anywhere database.
The problem is when I try the sample universes designed for BO 4.0, it just doesn't work. In IDT when checked for integrity, it gives lots of errors which makes me think BO 4.1 requires a different set of sample auditing universes. Has SAP published or announced to publish such sometime? I searched the forums but with no luck couldn't find anything.
Or, is it possible to adapt and use the BO 4.0 universes in some way?
Designing my own auditing universe is out of options unfortunately.
Thank you in advance.
Hi,
Does anyone know what the following error mean? I get this error when scheduling a WebIntelligence report. It ran for 15mins and then failed with the error.
"An internal error occured while calling 'getMap' API. (Error : ERR_WIS_30270).
Thanks in advance.
Regards,
Cindy.
Hi Experts
Can anyone please provide documents/Explanation on BI 4.0/4.1 Server architecture and what each server does/ how the information flows between the servers when any event is triggered.
Thanks
Sh
Hi Experts,
We found that our BO server's input/output file repository servers has saved large amount of files (~60G in total) under our server's local directory while we have less than 10000 bi reports. Please suggest how to housekeep any unused files / empty directories safely. Thanks.
Vicky
I have installed BI 4.0 on windows 2008 with Tomcat 6 / MSSQL. Authentication with AD is configured based on Admin guide. I can log in CMC / Bi Launch Pad manually with Windows AD Authentication.
Kerberos SSO with AD doesn't work. I got the error message as "Account Information Not Recognized: Active Directory Authentication failed to log you on. Please contact your system administrator to make sure you are a member of a valid mapped group and try again. If you are not a member of the default domain, enter your user name as UserName@DNS_DomainName, and then try again. (FWM 00006)"
The error shows at trace file Webapp_BIlaunchpad_trace.000001.glf as follows:
com.crystaldecisions.sdk.plugin.authentication.ldap.internal.SecWinADAuthentication||Authentication failed.
java.lang.IllegalArgumentException: EncryptionKey: Key bytes cannot be null!
at sun.security.krb5.EncryptionKey.<init>(EncryptionKey.java:214)
at sun.security.krb5.EncryptionKey.acquireSecretKeys(EncryptionKey.java:191)
at sun.security.krb5.EncryptionKey.acquireSecretKeys(EncryptionKey.java:159)
Tomcat log shows:
Debug is true storeKey false useTicketCache false useKeyTab false doNotPrompt false ticketCache is null isInitiator true KeyTab is null refreshKrb5Config is false principal is null tryFirstPass is false useFirstPass is false storePass is false clearPass is false
[Krb5LoginModule] user entered username: @XX.YY.COM
Using builtin default etypes for default_tkt_enctypes
default etypes for default_tkt_enctypes: 3 1 23 16 17.
There is no username passed.
I followed administator guide and created global.properties and BIlaunchpad.properties under custom folder. Kinit is OK. "setspn -l bodservice" looks good too.
global.properties:
sso.enabled=true
siteminder.enabled=false
vintela.enabled=true
idm.realm=XX.YY.COM
idm.princ=BOSSO/bodservice.XX.YY.com
idm.allowUnsecured=true
idm.allowNTLM=false
idm.logger.name=simple
idm.logger.props=error-log.properties
idm.keytab=C:\winnt\BODvintela.keytab
BIlaunchpad.properties
authentication.default=secWinAD
cms.default=XXXX:6400
authentication.visible=true
bscLogin.conf
com.businessobjects.security.jgss.initiate
{com.sun.security.auth.module.Krb5LoginModule required debug=true;
};
Krb5.ini
[libdefaults]
default_realm = XX.YY.COM
dns_lookup_kdc = true
dns_lookup_realm = true
udp_preference_limit = 1
[realms]
XX.YY.COM = {
kdc =XXXX.XX.YY.COM
default_domain = XX.YY.COM
}
We have XI 3.1 with AD SSO for InforView. I follows most configuration steps but there is no luck for 4.0. Any idea? Thanks for your help.
Edited by: Dong Li on Jul 28, 2011 11:16 PM
Update: I worked with SAP Support. SSO works for manually inputting the password at Tomcat configuration. It seems there is something wrong with Keytab. We will create new keytab.
I am trying to find list of WEBI reports using a specific table. This specific table is used in only 1 universe.
Though I could successfully find list of reports that use this universe, I am unable to find drill down further and find the subset of reports using this table/object.
SELECT si_name, SI_KIND, si_id, SI_PARENTID,SI_AUTHOR,SI_OWNER FROM CI_INFOOBJECTS, CI_APPOBJECTS
WHERE PARENTS("SI_NAME='WEBI-UNIVERSE'","SI_NAME ='MyUniverse'")
Is it possible to find the information I am looking for using query builder.
Also, for a given WEBI report I am trying to find the list of report names and the folder they reside in:
Select SI_NAME, SI_ID, SI_PATH, SI_KIND, SI_OWNER From CI_INFOOBJECTS, CI_APPOBJECTS WHERE
PARENTS("SI_NAME='Folder Hierarchy'",
"PARENTS('SI_NAME=''WEBI-UNIVERSE'' ', 'SI_NAME=''MyUniverse'' ')" )
The above query just gives me the folder names. I am looking to find the report names as well the the folder (and preferably the path) in a single query. Is that possible.
Hi Experts,
We found that our BO server's input/output file repository servers has saved large amount of files (~60G in total) under our server's local directory while we have less than 10000 bi reports. Please suggest how to housekeep any unused files / empty directories safely. Thanks.
Vicky