Active Directory, SSO, Integrated Windows Authentication

Hi,
I have to setup a NW BPM environment using Windows/Active Directory SSO.
In the desired scenario, I would use UME to create BPM specific roles and/or groups and then I would associate:
- specific AD users to UME groups or roles, and/or
- associate AD groups to UME groups or roles.
Is it possible? I would really appreciate any directions/hints on how to do that.
Thanks in advance,
Ricardo Giacomin

It is possible you have the xml configuration file in the administration of ume and  you need to edit that one in order to link it to your AD. if you're using LDAPs to connect you will also have to load the certificates in NWA before the first connection.

Similar Messages

  • Query on Integrated Windows Authentication....

    Hi All,
    I have a scenario to implement Integrated Windows Authentication using SPNego. But the initial page has to be loaded as anonymous portal onclick of the Logon button/Link, it has to validate the user against Integrated windows authentication and display the contents based on the user role.
    I have successfully implemented Integrated Windows Authentication, but if I type the anonymous URL, it is not loading the anonymous contents, it is directly displaying based on user role?
    Any suggestions on this??
    Thanks & Regards,
    Santhosh.C

    Hi Santhosh,
    We are planning to implement Windows integrated authentication using SPNego in EP7 with Microsoft Active Directory.
    Can you please share your experience and documents, in implementing the same. I have implemented Windows integrated authentication in EP6 with IIS proxy, but that is no longer supported.
    I appreciate your help in this regard.
    Regards
    Chandu

  • SAAJ (Web Service Client) and Integrated windows Authentication

    Hello
    I have build a web service client using SAAJ, the Web services is deployed on MS IIS. Every thing seems to work fine, The problem appears when I apply directory security on the Web Service Directory. When I apply Basic authentication SAAJ manages to send the user name and password and it goes fine, but when I apply Integrated Windows Authentication, I always get a response Access is Denied.
    I know we can authenticate the user credentials from NTLM from JAAS but here I am using a web services client.
    My Question is How can we pass the user credentials through a web service client to the IIS when the directory security is Windows Integrated Authentication?
    Any work around or the solution will be appreciated.
    Thanks :-)
    Syed Saulat

    Hi Gilles,
    Thank you very much for your answer. Actually, I think the problem is a little bit different. The kerberos server is not delivering a "grant" ticket to the client for the service provided by the VIP, because the CSS didn't register to the Active Directory, as a normal W2K web server would. The first thing the client does when he wants to access a web server behind the CSS is to ask the kerberos server for a "gtanting" ticket for that service. So the problem arise before the client sends any packet to the CSS (therefore I think it is more a Microsoft problem rather than a CSS problem).
    But for sure, other people have this environment I suppose...
    What is your opinion on this ?
    Yves

  • Bug after updating User Logon Account (using AD Integrated Windows Authentication)

    Hello,
    I am using Integrated Windows Authentication in Project Server. And I have changed one user Active Directory (AD) useraccount name…
    Then when I go to "Manage Users" page in Project Server, I see that the new data information wasn’t updated with "Active Directory Enterprise Resource Pool Synchronization" (I forced the Synchronization and still nothing aspens)…
    So I checked the "Prevent Active Directory synchronization" checkbox for this user (in Project Server), and I changed the "User logon account" field manually, then after I save, the logon account isn’t uploaded… It shows the previous useraccount
    name.
    The only change made in the AD account name was that we changed the "Ç" character to "C".
    In the AD this accountname no longer have the "Ç" character...
    So why does the accountname in Project Server shows the "Ç" character instead of "C"?

    Hi Mario,
    The change is actually not reflecting in SharePoint. If I am not wrong, you are actually talking about the display name on the top right side of the page which is actually pulled from SharePoint content database where PWA site collection is residing.
    If that is the case, then you will have to delete the user from SharePoint and add him back. Or, if you need more details on how to do this, you can open a case with MS.
    Vikram Daruru - MSFT

  • OIM Active Directory 2008 integration

    Hi All,
    Has anyone integrated (or being in the process of integrating just now) OIM 9.1 with Active Directory on a Windows 2008 Server using the AD 9.1 connector or a custom connector? Any problems or other experiences with such integration?
    The 9.1.1 connector will be cerfified for AD on Windows 2008 but the current connector 9.1 (or 9.1.0.1) is only cerfified for AD on Windows 2003 or 2000.
    Thanks,
    Albin

    I believe you question should be if the connector supports this architecture. Check out the versions supported for the connector you are using and you should be good.
    -Bikash

  • Class Not Found. "Integrated Windows Authentication"

    Hello out there!
    I have read several posts concerning almost the same problem I have, but couldn't find a solution:
    IIS + PlugIn 1.4.1 installed.
    If the IIS is configured not to provide Basic Authentcation, but only "Integrated Windows Authentication", following error occurs:
    java.lang.ClassNotFoundException: de.mypackage.myclass.class
    at sun.applet.AppletClassLoader.findClass(Unknown Source)
    at sun.plugin.security.PluginClassLoader.findClass(Unknown Source) at java.lang.ClassLoader.loadClass(Unknown Source)
    at sun.applet.AppletClassLoader.loadClass(Unknown Source)
    at java.lang.ClassLoader.loadClass(Unknown Source)
    at sun.applet.AppletClassLoader.loadCode(Unknown Source)
    at sun.applet.AppletPanel.createApplet(Unknown Source)
    at sun.plugin.AppletViewer.createApplet(Unknown Source)
    at sun.applet.AppletPanel.runLoader(Unknown Source)
    at sun.applet.AppletPanel.run(Unknown Source)
    at java.lang.Thread.run(Unknown Source)
    Caused by: java.io.IOException: open HTTP connection failed.
    at sun.applet.AppletClassLoader.getBytes(Unknown Source)
    at sun.applet.AppletClassLoader.access$100(Unknown Source)
    at sun.applet.AppletClassLoader$1.run(Unknown Source)
    at java.security.AccessController.doPrivileged(Native Method)
    "Integrated Windows Authentication" is a must, so I have to turn it on, but it is possible, that basic authentication is not allowed. Any suggestions or ideas?

    In IIS you can set the security mechanism down to the file level. Try turning off integrated Windows authentication for the jar files. This can be done in the IIS administrative tool by going to your virtual directory and right clicking the jar file and selecting 'Properties'.
    Gerald

  • Active Directory LDAP integration; can not see the XMLP_ groups/roles

    We have configured XMLP 10.1.3.3 to use "LDAP" as the Security model. The LDAP server is Active Directory running under Windows Server 2003.
    It is working to a certain extent:
    Users can log on to the XML Publisher using login/password as defined in AD.
    -When logged in as administrator, groups (roles) are visible in Admin/Roles and Permissions and can have assigned folders and data sources.
    Problems/questions:
    The required roles ("XMLP_ADMIN, etc) can not be seen in Admin/Roles and Permissions. Is this as expected or is it an error?
    -When logging in as a user who is member of the group/role XMLP_ADMIN, I do not get any administrator privileges (I have not tested the other XMLP_* roles defined in AD yet). So all administration has to be done as the local superuser.
    Is there any way to monitor the login process to try and see what goes wrong?
    -Roald
    -Roald

    The problem has been solved, it was self inflicted, typo in the config file:
    <property name="LDAP_PROVIDER_USER_DN" value="Cn=Users;dc=company,dc=com"/>
    (semicolon instead of comma after Users).
    It is a little surprising that this typo lead to problems with group matching, though. It took some time before this part of the config got enough attention.
    -Roald

  • How do you uncheck the "enable integrated windows authentication" in Mozilla Firefox?

    Every time i want to access a site mozilla uses the windowslogin to authenticate through proxy.

    Hope it helps:
    http://markmonica.com/2007/11/20/firefox-and-integrated-windows-authentication/

  • Integrated Windows Authentication with a WebSphere Cliente

    Hi all,
    I need to write a web service client that connects to a .NET Web Service that is configured to use Integrated Windows Authentication (NTLM).
    I'm using the IBM WebSphere Runtime environment for the client and using the web service client wizard in the RSD 6.0.1.
    When I try to call a method in the .NET web service, I get the error shown below. If I configure the .NET web service to permit Anonymous Access, my client works fine.
    Does anybody know if the WebSphere web services engine supports Integrated Windows Authentication? If so, how can I configure my cliente to pass my credentials? Do people use this type of authentication if the web service will be called by non Windows clientes or is it better to use Basic Authentication with HTTPS or digital certificates?
    I've read that Apache Axis can be configured to use integrated windows authentication (http://people.etango.com/~markm/archives/2005/11/21/using_apache_axis_with_integrated_windows_security.html) by using a different HTTP transport class (CommonsHTTPSender).
    Thanks in advance!
    Craig
    [14/06/06 10:06:56:805 GMT-03:00] 00000031 enterprise I WSWS3243I: Info: Mapping Exception to WebServicesFault.
    [14/06/06 10:06:56:821 GMT-03:00] 00000031 enterprise I TRAS0014I: The following exception was logged WebServicesFault
    faultCode: {http://schemas.xmlsoap.org/soap/envelope/}Server.generalException
    faultString: java.lang.StringIndexOutOfBoundsException
    faultActor: null
    faultDetail:
    java.lang.StringIndexOutOfBoundsException
         at com.ibm.ws.webservices.engine.WebServicesFault.makeFault(WebServicesFault.java:179)
         at com.ibm.ws.webservices.engine.transport.http.HTTPSender.invoke(HTTPSender.java:490)
         at com.ibm.ws.webservices.engine.PivotHandlerWrapper.invoke(PivotHandlerWrapper.java:218)
         at com.ibm.ws.webservices.engine.PivotHandlerWrapper.invoke(PivotHandlerWrapper.java:218)
         at com.ibm.ws.webservices.engine.WebServicesEngine.invoke(WebServicesEngine.java:274)
         at com.ibm.ws.webservices.engine.client.Connection.invokeEngine

    Here's a project ( [http://spnego.sourceforge.net/protected_soap_service.html|http://spnego.sourceforge.net/protected_soap_service.html] ) that shows how to write a soap client that can connect to a soap web service with integrated windows authentication turned on.

  • The kerberos PAC verification failure when all users of only one RODC Site, trying to get access iis webpage of different site using Integrated Windows Authentication

    The kerberos PAC verification failure when all users of only one Site which having only one RODC server(A), trying to get access iis webpage of different site which having WDC server(B) using Integrated Windows Authentication. But when they accessing the
    website using IP address, it is not asking for credentials as I think it is using NTLM Authentication at that time which is less secure than Kerberos.
    Note that:- All user accounts and Computers of the RODC has been allowed cache password on the RODC. Nearest WDC for the RODC (A) is the WDC (B).
    The website is hosted on a windows server 2003 R2 and generating below system event log for those users of the RODC site :-
    Event Type: Error
    Event Source: Kerberos
    Event Category: None
    Event ID: 7
    Date:
    <var style="color:#333333;font-family:'Segoe UI', Arial, Verdana, Tahoma, sans-serif;font-size:13px;line-height:normal;">date</var>
    Time:
    <var style="color:#333333;font-family:'Segoe UI', Arial, Verdana, Tahoma, sans-serif;font-size:13px;line-height:normal;">time</var>
    User: N/A
    Computer:
    <var style="color:#333333;font-family:'Segoe UI', Arial, Verdana, Tahoma, sans-serif;font-size:13px;line-height:normal;">computer_name (the 2003 server)</var>
    Description: The kerberos subsystem encountered a PAC verification failure. This indicates that the PAC from the client<var style="color:#333333;font-family:'Segoe
    UI', Arial, Verdana, Tahoma, sans-serif;font-size:13px;line-height:normal;">computer_name</var> in realm <var
    style="color:#333333;font-family:'Segoe UI', Arial, Verdana, Tahoma, sans-serif;font-size:13px;line-height:normal;">realm_name</var> had
    a PAC which failed to verify or was modified. Contact your system administrator.
    This issue has been raised for last one week. Before that everything was fine. No Group Policy changed, Time also same.
    In this situation do I need to do Demotion of the RODC and re-promote it as RODC again  or is there any other troubleshooting to resolve it.
    Thanks in Advanced
    Souvik

     Hi Amy,
    Thanks for your response
    I noticed that Logon server could become incorrect again after user re-login or restart of a workstation.
    It seems root cause is different.  Need a permanent solution.
    The Workstations of the RODC site are getting IP from a DHCP server by automatic distribution of IP from a specific subnet for the site only.  The RODC is
    the Primary DNS server for the site.
    I have checked the subnet and it is properly bound with only with that AD site. The group of users and workstations are in the same site AD organisational Unit.
    Sometime I restarted the NET LOGON service and DNS server service on ther RODC server and sometime rebooted the server. But the Logon server issue has not fixed permanently.
    The internal network bandwidth of the site is better than the bandwidth to communicate with other site.  
    The server is Windows server 2008 R2 standard and hosting the below roles
    RODC
    DNS
    File server
    The server performance is Healthy in core times when maximum users usually logins. 
    Any further support would be much appreciated Amy
    Thanks
    Souvik

  • Integrated Windows Authentication

    Hi All
    I need to implement Integrated Window Authentication in  EP7.0( SP16 ).
    Please help me to proceed further.
    Thanks & Regards
    Karthi

    Hi ,
    Check SPNego installation guide at help.sap.com for more information.
    check below blogs
    Configuring and troubleshooting SPNego -- Part 1
    Configuring and troubleshooting SPNego -- Part 2
    Configuring and troubleshooting SPNego -- Part 3
    kerberos implementation with ADS made easy
    Koti Reddy

  • How to configure Axis stubs for Integrated Windows Authentication ?

    Hi All,
    I am trying to consume a web service on https and it uses .NET with Integrated Windows Authentication Security Mechanism. When I type the web service endpoint address in browser I am prompted for a login dialog and I login using username (in the format <domain name>\\<username>) and password given by the web service provider.
    Now I have generated stubs using AXIS 1.2 Final but I dont know how to pass or set the credentials (domain, username, password) in my client program. I tried <stub object>.setUsername and <stub object>.setPassword methods but I am not able to connect to the service and I always get HTTP Error Code 401.2 from the service. I am not sure this is right way to set credentials in my code. I tried searching this mailing list but no avail. Can anyone please help me.
    Thanks & Regards,
    Kr.

    Hello all - I ran into this and spent way too much time looking for the answer, however this is how I got it to work. My code was specific to getting SSRS authenication working so it should work with any NTLM authenciation via HTTP. setAuthenticateProperty() actually does the enabling of NTLM.
    * Sets up the needed information to enable NTLM authentication for SOAP/HTTP calls..
    * @author Brian Hayes
    public class NTLMAuthenticator {
        private Authenticator authenticator;
        private String username;
        private String password;
        private String domain;
        private String host;
        private URL wsdlurl;
         * Uses the endpoint.getHost() as the host name to use for authentication.
         * <li> Generally the endpoint host is the target for actual authenciation.
         * <br>
         * @param endpoint -
         *            The URL location of SSRS ReportExecution2005 wsdl.
         * @param username -
         *            User name needed for NTLM authentication.
         * @param password -
         *            Password needed for NTLM authentication.
         * @param domain -
         *            Domain for the user needed for NTLM authentication.
        public NTLMAuthenticator( URL wsdlurl, String username, String password, String domain ) {
            this.wsdlurl = wsdlurl;
            this.host = wsdlurl.getHost();
            this.username = username;
            this.password = password;
            this.domain = domain;
            this.authenticator = null;     
         * Instruct our NTLM authenticator to use setPreemptiveAuthentication or not. Default is true;
         * @return - true or false
        protected boolean usePreemptiveAuthentication(){
            return true;
         * The {@link Authenticator} is used to setup NTLM authentication to a webservice stub/client. <br>
         * Example:<br>
         * If you extended a Stub object, you would call getClient() or your Stub object.<br>
         * Then super._getServiceClient().getOptions().setProperty(HTTPConstants.AUTHENTICATE, getAuthenticator());<br>
         * <li>This should work with any URL/Soap call but it has only been tested with axis2 stubs.
         * <li> This also used PreemptiveAuthentication.
         * @return - {@link Authenticator} object populated.
        public Authenticator getAuthenticator() {
            if (this.authenticator == null) {
                this.authenticator = new Authenticator();
            List<String> auth = new ArrayList<String>();
            auth.add(Authenticator.NTLM);
            authenticator.setAuthSchemes(auth);
            authenticator.setUsername(this.getUsername());
            authenticator.setPassword(this.getPassword());
            authenticator.setDomain(this.getDomain());
            authenticator.setHost(this.getHost());
            authenticator.setPreemptiveAuthentication(this.usePreemptiveAuthentication());
            return authenticator;
        public void setAuthenticator( Authenticator authenticator ) {
            this.authenticator = authenticator;
        public String getUsername() {
            return username;
        public void setUsername( String username ) {
            this.username = username;
        public String getPassword() {
            return password;
        public void setPassword( String password ) {
            this.password = password;
        public String getDomain() {
            return domain;
        public void setDomain( String domain ) {
            this.domain = domain;
        public String getHost() {
            return host;
        public void setHost( String host ) {
            this.host = host;
        public URL getWsdlurl() {
            return wsdlurl;
        public void setWsdlurl( URL wsdlurl ) {
            this.wsdlurl = wsdlurl;
    * NTML Support for webservices where our webservice is protected via NTLM.
    * @author Brian Hayes
    public class NTLMReportExecutionServiceStub extends ReportExecutionServiceStub {
        private NTLMAuthenticator endpointAuthenticator;
         * Enables NTML authentication to our SSRS reports by setting the property via setAuthenticeProperty();
         * @param authenticator
         * @throws AxisFault
        public NTLMReportExecutionServiceStub( NTLMAuthenticator endpointauthenticator ) throws AxisFault {
            this(endpointauthenticator.getWsdlurl().toString());
            this.endpointAuthenticator = endpointauthenticator;
            this.setAuthenticeProperty();
        private void setAuthenticeProperty(){
            super._getServiceClient().getOptions().setProperty(HTTPConstants.AUTHENTICATE, this.getEndpointAuthenticator().getAuthenticator());
        public NTLMAuthenticator getEndpointAuthenticator() {
            return endpointAuthenticator;
        public void setEndpointAuthenticator( NTLMAuthenticator endpointAuthenticator ) {
            this.endpointAuthenticator = endpointAuthenticator;
         * Overrides the default URL location.
         * @param wsdlurl
         * @throws AxisFault
        private NTLMReportExecutionServiceStub( String wsdlurl ) throws AxisFault {
            super(wsdlurl);
    }

  • Microsoft JDBC 2.0 driver for SQL:  Integrated Windows Authentication?

    Has anyone had success with the MS JDBC 2.0 driver for SQL and Integrated Windows Authentication in distributed mode (Multiserver)?  At best, we can get server-to-server authentication.

    Hello Thomas,
    You may want to download the driver again and install it again.
    heres a sample xml tag in the config.xml:
    <JDBCConnectionPool
    DriverName="com.microsoft.jdbc.sqlserver.SQLServerDriver"
    InitialCapacity="3" MaxCapacity="12" Name="MSpool"
    Password="{3DES}fUz1bxR0zDg=" Properties="user=uid"
    Targets="myserver"
    URL="jdbc:microsoft:sqlserver://mydbserver:1433"/>
    ensure that you follow the instructions from Microsoft. For using 2000
    driver you will need to have
    Install_dir/lib/msbase.jar and Install_dir/lib/msutil.jar in addition to
    Install_dir/lib/mssqlserver.jar in the CLASSPATH.
    hth
    sree
    "Thomas" <[email protected]> wrote in message
    news:3c91ec0e$[email protected]..
    Hi,
    Has anybody used the JDBC 2.0 driver for sql server 2000 downloadable from
    the
    microsoft website?When I try using it with WL 6.1 sp1 it says it can't load
    the
    driver.I try viewing the class file from the jar file using the jar utility
    it
    gives an unknown Zip format error.Anybody has any solution for this ?If
    anybody
    has managed to work with this microsoft driver i will be grateful if they
    provide
    me with a solution.
    Thanks
    Thomas

  • SBS 2008 - Microsoft Azure Active Directory Module for Windows PowerShell - is not supported by your version

    Hi,
    I was following the artigle (http://www.messageops.com/resources/office-365-documentation/ad-fs-with-office-365-step-by-step-guide/) but
    when try to install the 'Office 365 PowerShell Module' shows a msg saying that 'windows azure active directory module for windows powershell is not supported by your version'.
    And according to the blog (http://blogs.office.com/2014/04/15/synchronizing-your-directory-with-office-365-is-easy/) "DirSync can be
    installed on an existing domain controller"
    >>>> Any help is appreciated.
    * Similar issue: http://www.adaxes.com/forum/post7398.html

    Ok Vasil tks for reply, but this server is 64x. I dont get the point.
    Microsoft Windows [Version 6.0.6002]
    C:\Users\Administrator>set
    ALLUSERSPROFILE=C:\ProgramData
    APPDATA=C:\Users\Administrator\AppData\Roaming
    CLIENTNAME=ANJOTEC_NOTE01
    CommonProgramFiles=C:\Program Files\Common Files
    CommonProgramFiles(x86)=C:\Program Files (x86)\Common Files
    COMPUTERNAME=COMPANYBR-SERVER
    ComSpec=C:\Windows\system32\cmd.exe
    FP_NO_HOST_CHECK=NO
    HOMEDRIVE=C:
    HOMEPATH=\Users\Administrator
    lib=C:\Program Files\SQLXML 4.0\bin\
    LOCALAPPDATA=C:\Users\Administrator\AppData\Local
    LOGONSERVER=\\COMPANYBR-SERVER
    NUMBER_OF_PROCESSORS=4
    OS=Windows_NT
    Path=C:\ProgramData\Oracle\Java\javapath;C:\Program Files\HP\NCU;C:\Windows\sys
    em32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\
    1.0\;C:\Program Files (x86)\Microsoft SQL Server\90\Tools\binn\;C:\Program File
    (x86)\Microsoft SQL Server\80\Tools\Binn\;C:\Program Files\Microsoft SQL Serve
    \90\DTS\Binn\;C:\Program Files\Microsoft SQL Server\90\Tools\binn\;C:\Program F
    les (x86)\Microsoft SQL Server\90\DTS\Binn\;C:\Program Files (x86)\Microsoft SQ
    Server\90\Tools\Binn\VSShell\Common7\IDE\;C:\Program Files (x86)\Microsoft Vis
    al Studio 8\Common7\IDE\PrivateAssemblies\;C:\Program Files (x86)\ExchangeMapi\
    C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\;C:\Program Files (x
    6)\Common Files\Roxio Shared\DLLShared\;C:\Program Files (x86)\Common Files\Rox
    o Shared\9.0\DLLShared\;C:\Program Files\Microsoft\Exchange Server\bin;C:\Progr
    m Files\Microsoft\Exchange Server\Scripts
    PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
    PROCESSOR_ARCHITECTURE=AMD64
    PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 30 Stepping 5, GenuineIntel
    PROCESSOR_LEVEL=6
    PROCESSOR_REVISION=1e05
    ProgramData=C:\ProgramData
    ProgramFiles=C:\Program Files
    ProgramFiles(x86)=C:\Program Files (x86)
    PROMPT=$P$G
    PSModulePath=C:\Windows\system32\WindowsPowerShell\v1.0\Modules\
    PUBLIC=C:\Users\Public
    RoxioCentral=C:\Program Files (x86)\Common Files\Roxio Shared\9.0\Roxio Central
    3\
    SESSIONNAME=RDP-Tcp#0
    SystemDrive=C:
    SystemRoot=C:\Windows
    TEMP=C:\Users\Administrator\AppData\Local\Temp\2
    TMP=C:\Users\Administrator\AppData\Local\Temp\2
    USERDNSDOMAIN=COMPANYBR.LOCAL
    USERDOMAIN=COMPANYBR
    USERNAME=administrator
    USERPROFILE=C:\Users\Administrator
    windir=C:\Windows
    C:\Users\Administrator>

  • BOBJ SAP Integration with Active Directory SSO via Portal

    Hi all,
    We are only interating BOBJ with BW/BI and the user experience is as follows:
    Users login to the SAP Portal using their Windows Active Directory user id and password to gain access to the portal.
    From my understanding at the moment, the way the interation kit works is that the BOBJ system is configured as per the manual importing the SAP roles and SAP users who will access the Crystal reports via either GUI or Portal.
    My question is: When creating a Crystal report is created, the connection details use SAP login credentials and in the CMC the SSO option can be set so that the SAP user who has logged onto GUI or Portal can launch the report... this is fine and works as intended taken that the user logged on with his/her SAP login. As per the user experience above, users log in using their AD Login into Portal, and never use GUI, where this in theory is SSO into Portal. So how does one get past the login screens (BOBJ and database) while preserving AD SSO to SAP and BOBJ?
    Any guidance, documents or comments will be much appreciated.
    Thanks
    Jacques

    HI,
    yes it is possible:
    take a look at the blogs I did on the install and configuration (specially the SAP Authentication):
    BusinessObjects and SAP - Installation and Configuration Part 1 of 4
    Install Part #1
    BusinessObjects and SAP - Installation and Configuration Part 2 of 4
    Install Part #2
    BusinessObjects and SAP - Installation and Configuration Part 3 of 4
    Install Part #3
    BusinessObjects and SAP - Installation and Configuration Part 4 of 4
    Install Part #4
    BusinessObjects and SAP - Configure SAP Authentication
    SAP Authentication
    Important here is that:
    - the BI System is configured to accept tickets
    - the portal and BI system are configured as trusted system
    - the SAP authentication is configured
    Ingo

Maybe you are looking for

  • How do I retrieve lost Notes?

    All my notes have disappeared from my Iphone (4S), iPad 2 and Macbook Pro. How do I get them back? I've tried going into Time Machine but no luck so far.

  • Switching displays with broken iMac display

    I have no display on the iMac. I want to back up the hard drive before it is sent for repair. So I need to use external display to do so. Using mini DVI to VGA adapter to connect iMac to Sony Bravia 40", but the TV will not pick up the signal (Probab

  • Transferring photos...preferences error message

    I am using a Macbook and am not able to transfer photos...I have my folder set up on iphoto and I choose that folder in the itunes preferences....I click "OK" and it says its upating ipod (on itunes) but then comes up with error message "Preferences

  • How to get the Organizational Unit One level up

    Hi Does any one know any function module to get the org unit one level up by giving the current Organizational unit as input. Please reply very urgent.

  • Content Server 5 error

    Hi, can someone help me with this error message below. It is appearing in our pcserr.log. We are using CS 5.02 Thanks very much. Lars java.lang.StringIndexOutOfBoundsException: String index out of range: -37776 at java.lang.String.substring(String.ja