Hi guys,
I´m implementing "SAP Authentication" and "SSO" between BO 4.0 SP5 P7 and BW 7.3 servers.
Follow the steps that I did until now:
1) Generated the keystore and the certificate.
In my BO Server (Linux), I executed the follow command line to generate the keystore (BO Linux Server):
/sap_bobj/enterprise_xi40/java/lib>/sap_bobj/enterprise_xi40/linux_x64/sapjvm/bin/java -jar PKCS12Tool.jar -alias key -storepass admin1 -dname CN=hostname(BO server)
Command line to generate the certificate (BO Linux Server):
/sap_bobj/enterprise_xi40/java/lib>/sap_bobj/enterprise_xi40/linux_x64/sapjvm/bin/keytool -exportcert -keystore keystore.p12 -storetype pkcs12 -file cert.der -alias key
2) Importing certificate in BW system
I accessed the BW system, on sotrustsso2 and imported the certificate. Follow:
3) SAP Authentication on CMC
I configured my BW system and imported the roles/user to BOE.
On the option tab (into SAP Authentication menu), I´ve imported the keystore file and inputed the keys/alias and system id.
-----------------
So far, I´m able to access the Launch Pad using SAP Authentication Mode and using a user from BW system.
This access is working fine and I´m able to re-use the users that were created on BW side.
Right now, I need to re-use the restrictions of data and structure for this users in my Webi Intelligence reports.
I created a OLAP connection based in a BEX Query and designed my Webi Intelligence report on the top of this OLAP connection.
When I created the OLAP connection, I configured the authentication as "SSO", so the user that is logged on the LaunchPad, should be the same that will run the query on BW structure.
When I tried to create a report under my OLAP connection (using a BW user logged on LaunchPAD - SAP Authentication ON), I got the follow message in the moment that I selected the OLAP connection:
-------------
java.util.concurrent.ExecutionException: com.businessobjects.sdk.core.server.CommunicationException$UnexpectedServerException: [[error.openSapBwBrowsingSessionFailed] 0] <Initial Catalog=MC_GTORCA;Language=en_US;Data Source=172.22.0.150;SapLoginMode=0;Cube Type=Query;JCO_ASHOST=172.22.0.150;SaveLanguage=true;JCO_R3NAME=BWD;Initial Cube=Q_MC_GTORCA_001;TargetProvider=SAPNETWEAVER7X;JCO_CLIENT=100;Authentication Mode=2;NetworkLayer=SAPBW_BICS;JCO_LANG=EN;JCO_SYSNR=20;>,<Error: com.sap.conn.jco.JCoException: (103) JCO_ERROR_LOGON_FAILURE: Issuer of SSO ticket is not authorized on 172.22.0.150 sysnr 20
Key: JCO_ERROR_LOGON_FAILURE
Group: 103
Type:
com.sap.conn.jco.JCoException: (103) JCO_ERROR_LOGON_FAILURE: Issuer of SSO ticket is not authorized on 172.22.0.150 sysnr 20
Issuer of SSO ticket is not authorized on 172.22.0.150 sysnr 20
Issuer of SSO ticket is not authorized on 172.22.0.150 sysnr 20
Issuer of SSO ticket is not authorized
Issuer of SSO ticket is not authorized
-------------
I applied some SAP notes but didn´t solve the issue so far.
I´ve already created an specifically APS Server on CMC, containing the STS (Security Token Services).
Anyone know how to solve this issue?
Any idea?
Best Regards,
Bruno Heissler