We set up our BO 4.0 SP4 patch4 to SSO with Windows AD follow by the following blog:
http://scn.sap.com/blogs/josh_fletcher/2012/06/11/active-directory-sso-for-sap-businessobjects-bi4?utm_source=twitterfeed&utm_medium=twitter
Users can login BILaunchPAD without typing user name and password.
But,the sso is not working for CMC. Users have to input ID and pwd to login CMC.
If the users are not in the default domain , they need to login with ID + "domain name" to login.
My question are:
1. According to Note : 1243521 - Can I configure Single Sign-On (SSO ) for the Central Management Console (CMC)
CMC does not support SSO ? Users always need to login with their windows ad account manually?No way to configure CMC to behave like bilaunchpad.
Users don't need to enter their id&pwd to login?
2. Is there any way to configure the SSO for those users who are not in the default domain to login with just their user id not the ID with domain name?
For example: my default domain in the krb5.ini is A.COM.TW, userB is in B.A.COM.TW. When he login to CMC with id = userB , he will get a message
asking him to login with UserName@DNS_DomainName.
The system also generate a log:
username: userB@A.COM.TW
Acquire TGT using AS Exchange
[Krb5LoginModule] authentication failed
Client not found in Kerberos database (6)
But,userB can login with ID = userB@B.A.COM.TW successfully.
It seems that all the users not in the default domain have to enter their user name + domain name as their login ID.Is this correct?
The following is our KRB5.ini
====================================
[libdefaults]
default_realm = A.COM.TW
dns_lookup_kdc = true
dns_lookup_realm = true
default_tgs_enctypes = rc4-hmac
default_tkt_enctypes = rc4-hmac
udp_preference_limit = 1
[realms]
A.COM.TW = {
kdc = DC1.A.COM.TW
kdc = DC1.B.A.COM.TW
default_domain = A.COM.TW
}
B.A.COM.TW = {
kdc = DC1.B.A.COM.TW
default_domain = A.COM.TW
}
[capaths]
B.A.COM.TW = {
A.COM.TW = .
}
A.COM.TW = {
B.A.COM.TW = .
}
============================
Please advise.
Jeff