Setup of SAP SSO Service in SAP BO BI4.0 CMC - Business Intelligence (BusinessObje... Page 1 of 5 Getting Started Community WIKI SAP Community Welcome, Guest Login Register Store Search the Community Business Intelligence (BusinessObjects) / … / How to setup SSO against SAP BW with SAP BO BI4.0 Common Semantic Layer (UNX) or BICS Setup of SAP SSO Service in SAP BO BI4.0 CMC Creado por Former Member, modificado por última vez por Simone Caneparo el mar 15, 2013 Product versions: SAP BO BI4.0 1. Steps required for setting SAP SSO Service in SAP BO BI4.0 CMC 1. Log into SAP BO BI4.0 CMC as Administrator, 2. Go to Authentication -> SAP Setup Entitlement Systems 3. Import Roles 4. Check if SAP Authentication is enabled on the Option tab 5. Import keystore keystore.p12 file The message No key store file has been uploaded indicates no previous uploads https://wiki.scn.sap.com/wiki/display/BOBJ/Setup+of+SAP+SSO+Service+in+SAP+BO... 30/01/2019 Setup of SAP SSO Service in SAP BO BI4.0 CMC - Business Intelligence (BusinessObje... Page 2 of 5 (Please refer to Generate keystore and certificate for SAP BO BI4.0 for more details about how to create keystore) 6. Setup Key Store/Private Key password, Private Key Alias and System ID System ID is PALM in this example. It has been defined when certificate is imported in SAP BW. Please refer to Import SAP BO BI4.0 certificate into SAP BW for more details (In below example the password is the same for both . It is admin1) 7. Setup Security Token Service The Security Token Service is running as part of Adaptive Processing Server (APS) Go to CMC -> Servers and check if APS has Security Token Service https://wiki.scn.sap.com/wiki/display/BOBJ/Setup+of+SAP+SSO+Service+in+SAP+BO... 30/01/2019 Setup of SAP SSO Service in SAP BO BI4.0 CMC - Business Intelligence (BusinessObje... Page 3 of 5 If not, stop APS and add Security Token Service, then start APS References and links How to setup SSO against SAP BW with SAP BO BI4.0 Common Semantic Layer (UNX) or BICS Import SAP BO BI4.0 certificate into SAP BW Setup of SSO againt SAP BW for SAP BO BI4.0 BICS or JCO connections Generate keystore and certificate for SAP BO BI4.0 Sin etiquetas 18 Comentarios Guest Hi Sinisa, Thanks for the information. Great post but in first screenshot on post, you are using BI40 as username to logon Application server. What must this users roles? How we should configure it? If you enlight me on that subject I'll be appreciated. Thanks and Regards David Ocean Josh Pare Sinisa, these posts have been a great help in trying to learn this new functionality within BOE. Is there a way to remove the keystore from the CMC once a file has been uploaded? Thanks, -Josh Andreas J.A. Schneider So SNC is not required anymore? Erik Sabol Hi Sinisa, I have multiple APS services running in my environment, each with a different sub-services (BEx, MDAS, etc.). Do I have to assign Security Token Service to all of them? Thanks! Erik. Josh Pare Andreas, the SAP SSO service in BI4.0 is not a replacement for SNC. SNC is still used for pre-existing 3.1 technologies, i.e older universes, crystal++. Erik, only the APS' running the DSL bridge would need the security token service also running. Guest I have the same question as Josh. I've imported the key store, but now want to remove it. If I empty all the fields, I can't update the page. How can I do this? UPDATE: Note 1651327 specifically says removing the key store is not possible (dated Nov 2011). This article describes how to remove the STS service from the APS, which should mean that the key store is no longer used. Josh Pare That is correct David. I wrote that article after finding it is not possible. There is an idea place submission on this if you'd like to vote for it, however at the current time it is not possible to simply remove the keystore. Removing the STS service is the only way possible to ensure STS is not being called. https://wiki.scn.sap.com/wiki/display/BOBJ/Setup+of+SAP+SSO+Service+in+SAP+BO... 30/01/2019 Setup of SAP SSO Service in SAP BO BI4.0 CMC - Business Intelligence (BusinessObje... Page 4 of 5 Former Member Hello, Sinisa, I would like to recommend you to update point two about link to the post http://wiki.sdn.sap.com/wiki/display/BOBJ/How+to+create+CRYSTAL_ENTITLEMENT+SAP+role and for example SAP Note 1680005. I miss it, here. Update: I am not able to find, what has to be a type of CRYSTAL user. Could you append here the SAP Note regarding this? Thank you. Hans Segers Dear all, What is the procedure to setup SSO to multiple BW systems, say a DEV and a PRD system ? Thanks Hans Josh Pare From a single BI system you would just add the certificate to any BW systems you wish to connect to, you'll also need to create the ACL entry, no work on the BI side though only the BW sides. -josh Nandan Tadahal You can use IDT to verify if the SSO is working fine. 1. Create a BICS connection in the IDT. 2. Select the “Use Single Sign on” authentication mode. 3. Enter the BW system details (Client, System ID and application server details). BW system details can be obtained by selecting System Properties from SAP Logon. 4. Click on “Test Connection”. Daniel Klein @Guest from June 20, 2011: this user is used to retrieve the user details and roles from the target system. He is NOT used for authentication or data fetching during query runtime. See http://www.sapsecuritypages.com/sap-authentication-cmc/ Former Member I assume that only one BW system can be connected to SAP BO BI as an SSO system since we don't have any administration for different storefiles!? etc.. Customer wants test bw and prod bw on SAP BO BI 4.1 DEV as SSO connectivity. Wobi, wondering Former Member @Wobi: Re: Setup of SAP SSO Service in SAP BO BI4.0 CMC Former Member Thanx Ladislav - I remembered that we can't manage several keyfiles: but it's not necessary at BO side - BW can handle this! "From a single BI system you would just add the certificate to any BW systems you wish to connect to, you'll also need to create the ACL entry, no work on the BI side though only the BW sides." as Josh explains some lines above! So its possible! Former Member What I would add is: usually I get a BW user from a different clientnumber than the 000 - so my bw users coming form Client 100 had Trouble with Desginstudio SSO We had to add the ACL also for Client 100 to get Designstudio SSO finally to work - wb https://wiki.scn.sap.com/wiki/display/BOBJ/Setup+of+SAP+SSO+Service+in+SAP+BO... 30/01/2019 Setup of SAP SSO Service in SAP BO BI4.0 CMC - Business Intelligence (BusinessObje... Page 5 of 5 Former Member Well this time it seems we had to keep the ALIAS in CAPITAL Letters - that was the best info from SAP Support â—¾ wobi Former Member Dear All, we have configure SSO as mentioned above.how we need to test SSO from BW system BO. Contact Us Privacy SAP Help Portal Terms of Use Legal Disclosure Copyright Preferencias para cookies https://wiki.scn.sap.com/wiki/display/BOBJ/Setup+of+SAP+SSO+Service+in+SAP+BO... Follow SCN 30/01/2019
