SSO Issue

Similar Messages

• SSO issue when Webi Iview is viewed from consumer portal

  Hi,
  We have our BI Portal federated to another Portal. I have a Web Intelligence report iview created in our producer Portal using Open Doc link in an URL iview. It opens perfectly fine when viewed in the producer portal. But when the same Iview is viewed from the consumer portal, SSO doesn't seem to work. I get the following error when the Iview is opened,
  Account information not recognized: Logon ticket could not be validated by system BM7CLNT100. Message: TICKET_ENCODING_ERROR. Ticket/logon string: AjExMDAgAA9wb3J0YWw6UEFSQVgwMjWIABNiYXNpY2F1dGhlbnRpY2F0aW9uAQAIUEFSQVgwMjUCAAMwMDADAANF
  RDcEAAwyMDEwMDkyOTE1NDIFAAQAAAAICgAIUEFSQVgwMjX/AQUwggEBBgkqhkiG9w0BBwKggfMwgfACAQExCzAJBg
  UrDgMCGgUAMAsGCSqGSIb3DQEHATGB0DCBzQIBATAiMB0
  xDDAKBgNVBAMTA0VENzENMAsGA1UECxMESjJFRQIBADAJBgUrDgMCGgUAoF0wGAYJKoZIhvcNAQkDMQsGCSqGSIb3D
  QEHATAcBgkqhkiG9w0BCQUxDxcNMTAwOTI5MTU0MjM1WjAjBgkqhkiG9w0BCQQxFgQUcqdcKGLWYPOuXMqwm!cXEQxMX
  t8wCQYHKoZIzjgEAwQvMC0CFD7tYQD9VjOPYK/!7UwY28KoWoGEAhUA5n4BVetumsFn3i!KpivWTDqlRYM=
  This message appears above the BO Infoview login screen. The userid part is pre-populated with my user id.
  BM7CLNT100 is our producer portal. BEx Iviews are working fine from consumer portal. Am I supposed to pass any extra application parameter? Could you please help me out with this issue?
  Thanks,
  Ashwin

  Hi Keshari,
              Thanks for the reply. Both the links you have mentioned are problems that I am not facing. I have no SSO issue in the producer portal. It logs me in and takes me directly to the Webi report. I have the error occuring only when I try to access this report from the consumer portal exposed as remote role.
              This is the path it is taking.
  consumer portal to producer portal (SSO) - working
  producer portal to BO (SSO) - working
  but consumer portal to BO through producer portal - not working
  Thanks,
  Ashwin

• SSO issue in the production server,com.sap.mw.jco.JCO$Exception: (103)

  com.sap.mw.jco.JCO$Exception: (103) RFC_ERROR_LOGON_FAILURE: This system rejects all logons using SSO tickets
  in the production server.....
  while testing the jco maintained for Ess applications.
  if i go for uidpw method for modeldata destination i am getting the error. in the Ess pages that administrtor not in this peroid(administrator with which id i maintained jco destination)
  if i assign one employee to the admin in pa30......for every employee getting the same details of admin)
  I guess this problem with modeldata ......i should maintain the usermanagement method for modeldata jco destination is logon ticket.
  while maintainig that ping is successfull but getting the above error.
  it is the problem with production server.......of E.P
  in dev and quality everything is working fine.
  plz help me out.
  thankyou
  swapna

  Hi Swapna,
  Please check the logon group properties for SAP system in t-code SMLG. If there is any issue with logon group then it might cause for this issue.
  Refer to [Click here|https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/com.sap.km.cm.docs/library/user-interface-technology/wd%20java/7.0/portal%20integration/how%20to%20configure%20the%20jco%20destination%20settings.pdf] and [System Landscape Directory Process and JCo Configuration|http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/c0c1d495-048e-2b10-babd-924a136f56b5?QuickLink=index&overridelayout=true]
  Hope it will helps
  Regards, Arun Jaiswal

• SSO issue with BI 4.0 BW and ECC

  We currently have SAP BW 7.3 BOBJ 4.0 ECC and SAP portals.
  We have configured SAP BW, BOBJ and SAP Portal with SSO and that works perfectly fine.
  The issue is that i have Crystal Reports running on ECC that have also to be published to the Portal.
  All BW crystal reports run fine and ECC fails because of SSO -
  What am i missing here -
  Do i need to do something different for ECC
  In CMC  Authentication i have added SAP ECC and imported a role - So now i have 2 ids - one from BW and the other from ECC.
  I know this is not the way to do it but it still does not work.
  What do i need to do to have ECC and BW reports to work with SSO from SAP portal.
  Thanks

  Thank you for your reply Ingo
  I assume that your BusinessObjects Server has the SAP Authentication for BW and ECC configured ?
  *Yes *
  Are the reports for BW and ECC been called from the portal ?
  Yes
  if so then you have one BOE Server, 2 SAP environments and 2 SAP authentications configured and to achieve SSO for all systems you will have to combine the 2 SAP Systems via SNC (for XI 3.1) or via the SSO Token Service in BI4
  We are on BI4 and we have set up SSO Token for BW -
  Are you saying that we have to set up SSO token for BW as well as ECC -
  In CMC - Authentication - SAP  - Options -SAP  SSO Service - it does not give me an option to have 2 systems
  How do i add ECC system there too.
  Regards
  Ryan

• Single Sign On (SSO) Issue

  We are running Business Objects Enterprise XI 3.1, SP2 (BOBJ) in a Windows environment and have implemented single sign on for Windows AD.  Randomly single sign on does not work for some of our users when either accessing InfoView or when executing a WebI report via an OpenDocument call.  These users can log into InfoView using the Windows ID and Password manually.  The users also have the u201CEnable Integrated Windows Authenticationu201D option checked in IE.
  We have checked the InfoViewApp web.xml and OpenDocument web.xml settings and everything appears to be setup correctly for using sso and vintela (per SAP Note 1251945).  Required SPN entries appear to have been made.  The maxHttpHeaderSize setting in the Tomcat server.xml is set to 16384.  We do tend to make substantial use of Windows AD Groups within our security model.
  When the users are unable to login via sso, here is the error stack that appears in the Tomcat stdout.log:
  SEVERE: Servlet.service() for servlet action threw exception
  java.lang.IllegalStateException
       at org.apache.catalina.connector.ResponseFacade.sendError(ResponseFacade.java:418)
       at javax.servlet.http.HttpServletResponseWrapper.sendError(HttpServletResponseWrapper.java:117)
       at com.businessobjects.sdk.credential.WrappedServletResponse.sendError(WrappedServletResponse.java:30)
       at com.wedgetail.idm.sso.AbstractAuthenticator.setUnauthorizedResponse(AbstractAuthenticator.java:1328)
       at com.wedgetail.idm.sso.MechChecker.authenticate(MechChecker.java:144)
       at com.wedgetail.idm.sso.AbstractAuthenticator.authenticate(AbstractAuthenticator.java:1060)
       at com.wedgetail.idm.sso.AbstractAuthenticator.authenticateServiceTicket(AbstractAuthenticator.java:998)
       at com.wedgetail.idm.sso.AbstractAuthenticator.checkAuthentication(AbstractAuthenticator.java:953)
       at com.wedgetail.idm.sso.AuthFilter.doFilter(AuthFilter.java:122)
       at com.businessobjects.sdk.credential.WrappedResponseAuthFilter.doFilter(WrappedResponseAuthFilter.java:66)
       at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202)
       at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
       at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
       at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:178)
       at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126)
       at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
       at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107)
       at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)
       at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:869)
       at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:664)
       at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527)
       at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:80)
       at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:684)
       at java.lang.Thread.run(Thread.java:595)
  Before we go about installing SP3 in an effort to resolve the problem, can anyone look at the above error stack and tell us what might be going on here?  Would the above error stack be consistent with an Httpheader getting truncated?
  Thanks in advance for your help.
  Wendell Giedeman

  That error is part of a logging bug and not related to your issue. If SSO is working consistently from infoview then it probably is not a web.xml setting either. The most common problems with opendoc have been related to sessions. Are the users using a new IE window or possibly one that had previous documents open? If it is the session issue then SP3 may help as some work has been done in that area. If you are sure the users are using new IE windows for the opendoc calls then more troubleshooting may be required to identify the problem.
  Regards,
  Tim

• TMG SSO issue with Windows 7 clients

  I have very strange problem with Forefront TMG 2010 Single Sign On feature.
  SSO settings:
  I'm publishing two websites (https://site1.domain.com and https://site2.domain.com) by using the same web listener with SSO enabled for *.domain.com
  SSO is working as charm for Windows 8.1 clients
  The issue when accessing sites from Windows 7 clients:
  On the first access to any of the sites (i.e. site1), I'm getting TMG forms login form - as expected.
  I login, then visit few pages of the same site (i.e. site1), and everything works as expected. I'm logged in, and I can surf.
  The problem arises when I try to open the other site (i.e. site2). I'm getting TMG forms login form again! And even worse - as soon as new TMG login form opens -
  I'm logged off from the first site also. So not just I must login separately for both sites - I can't be logged to both sites in the same time because as soon as I login to one site, the session with other site is terminated!
  Interesting thing is that behavior is the same in any browser. I've tried with IE, Chrome and Mozilla - the problem is the same.
  When external client tries to open the second site, TMG logs one interesting message:
  Req ID: 0ae9f57b; Compression: client=Yes, server=No, compress rate=0% decompress rate=0% ;
  FBA cookie: exists=yes, valid=no, updated=no, logged off=no, client type=private, user activity=yes
  It looks that TMG finds that cookie is not valid and deletes it, terminating this way existing session with all sites.
  My setup:
  Array of two TMG's 2010 SP2 RU4, on Windows Server 2008 R2, all updates installed.
  Published websites (site1.domain.com and site2.domain.com) are residing on two different servers (srv1 and srv2)
  Websites are published over https by using SSL certificate gotten from local PKI. All clients and servers do have PKI CA in their "Trusted Root Certificates" storage. No client or server reports any certificate issue. Websites are "green"
  in address bar.
  I'm really confused with this behavior. Especially due to the fact that the same third-party browser (Chrome), can be used with SSO without any problem when installed on Windows 8.1, but not when installed on Windows 7!?!?
  Any help would be appreciated...
  Thanks!
  Fat Dragon

  Hahah! Shame on me! The problem is not related to Windows 8.1 / Windows 7. Client OS coincides with DNS server settings... To explain:
  My two-server TMG array has two public IPs (each server having one) - 1.1.1.1 and 1.1.1.2.
  In order to avoid setting the same IPs for all my websites, I've decided to create one common A record, and to define all websites as CNAME records pointing to this common A record. (This way I have just one place where I should change IP if it changes.)
  My common A record is defined as follows:
  a.domain.com -> 1.1.1.1, 1.1.1.2
  And websites as follows:
  site1.domain.com -> a.domain.com
  site2.domain.com -> a.domain.com
  When multiple IPs are bound to the same host some DNS servers will round robin them, and some will not. For example, when I do nslookup on the PC with google's public DNS server (8.8.8.8) I'm getting the following result:
  C:\Windows\System32>nslookup site1.domain.com
  Server: google-public-dns-a.google.com
  Address: 8.8.8.8
  Non-authoritative answer:
  Name: a.domain.com
  Addresses: 1.1.1.1
  1.1.1.2
  Aliases: site1.domain.com
  No matter how many times I execute nslookup, I'm getting the same answer, with IP addresses in the same sequence. But when I do nslookup on the PC that uses local DNS service on the router, sequence of IP addresses changes with each subsequent call:
  C:\Windows\System32>nslookup site1.domain.com
  Server: UnKnown
  Address: 192.168.1.1
  Non-authoritative answer:
  Name: a.domain.com
  Addresses: 1.1.1.1
  1.1.1.2
  Aliases: site1.domain.com
  C:\Windows\System32>nslookup site1.domain.com
  Server: UnKnown
  Address: 192.168.1.1
  Non-authoritative answer:
  Name: a.domain.com
  Addresses: 1.1.1.2
  1.1.1.1
  Aliases: site1.domain.com
  In my case Windows 8.1 machines were using Google's public DNS server, so all of them were resolving both websites in the same way, always using the first IP gotten - 1.1.1.1. In the other words, both websites were pointing to the same TMG array member 1.1.1.1.
  And SSO was working as expected.
  On the other side, my Windows 7 machines were setup to dynamically get network settings from the DHCP service (the router), and they were using its DNS service (second example). So when the browser opens site1.domain.com it queries DNS for site1.domain.com,
  gets two IPs, as always selects the first one (1.1.1.1), makes request to the first member of my TMG array and successfully creates session. Browser caches site1.domain.com -> 1.1.1.1, so each subsequent call goes to the same address without querying DNS
  server. But when the browser opens site2.domain.com it queries DNS server again, this time getting the same IP addresses, but reordered. As always it selects the first one (1.1.1.2), and sends the request (with authentication cookie) to
  the second TMG array member. The second TMG validates the cookie and doesn't recognize it, so
  rejects it and deletes it, and redirects the browser to login form. Since the cookie is deleted, browser cannot access site1.domain.com (through 1.1.1.1) anymore.
  Huuuhhh.
  The new question: can SSO be setup with TMG arrays and DNS round robin? Is there any way to "force" array members to accept cookies distributed by other members?
  I guess that I must open new question...
  Sorry for my stupidity!
  Fat Dragon

• Crystal Reports - ECC - SSO Issue

  Team,
  System Details.
  1. BOE XI 3.1 SP3
  2. Crystal Reports 2008
  3. SAP ECC 6.0
  4. SAP NW 7.x
  Scenario: Crystal reports running against ECC system. SSO configured on Crystal Report database configuration option, report is accessed through SAP NW portal (which in turn is configured to BO Info View using KM IVIEW option). Report fails with "The database login information is either incomplete or incorrect" error message.
                                                              BUT the same user id (as the user id ) when hard coded ("Use same database logon as when report is run") in Crystal Reports database configuration static option ("Use original database logon information from the report") works fine.
  Please let me know your thoughts regarding how to debug this issue?

  Hi,
  if you want to have SSO for the report you need to :
  - have the SAP Authentication configured and the SAP Roles imported
  - the SAP Roles need to have the necessary rights on the BOE Server
  and in your case because of the portal part :
  - all machines need to be in the same domain
  - all URLS need to be fully qualified
  - trust between ECC and Portal needs to be configured
  - your ECC system needs to accept portal token
  ingo

• SSO issue in Upgraded Netweaver 7.4

  Hi experts,
  We have completed the SAP Portal Upgrade from Netweaver 7.0 to 7.4 .
  In Netweaver 7.0 , we have configured SSO between windows active directory  to Portal with help of SAP note 1457499 & attached configuration guide. it worked fine before the upgrade process.
  but now in the Netweaver 7.4 which is not worked so  again we configured the SSO as per the below SCN Link step 4 for Configuring the SSO between Java & Windows active directory.After completing that configuration also  still  SSO is not working.
  please provide us your valuable suggestion to fix the SSO in Netweaver 7.4.
  SSO configuration in SCN : Single Sign-On with Kerberos  (Enable Single Sign-On on SAP AS JAVA)
  Regards
  Sebastian A

  Hi Sebastian,
  There is not a massive difference in the spnego from 7.0 to 7.4, the main difference that the 7.4 system can generate a keytab file itself as it comes with a 1.6 jdk. if you imported an old keytab file I suggest you run the wizard again and use the one it generates.
  Have you collected any traces, if not try the reproduce the issue (on a fresh browser session) while the troublshooting wizard is running, (example 1 from note 1332726). You should see the initial part of spnego (it will be a failed login with the error "Trigger spnego athentication" then if all seems ok on the AD/browser side and there are no decryption issues a kerberos token should be recieved then we should see another login were the spnegomodule deals with the token, you can upload the output of this trace for assistance.
  Best regards,
  Cathal

• SSO Issues while opening a ppt file document only from Solution Manager

  Hi Experts,
  Version - Solman 3.1
  Issue
  =====
  While trying to open a Powerpoint(ppt) file document, from the service provided by Solution Manager thru a weblink:
  1.A SSO authentication request of the server pops up requesting to authenticate Windows userid/password
  2.After entering the windows password the first time..authentication is requested again..At times on the second chance of authentication, the request is successfull and the powerpoint document opens.. But we have faced issues wherein the issues had persisted for 5-6 chances and only then the ppt document opens.
  3.Point to be noted is that even if the SSO authentication of the windows password is cancelled even the first chance the document opens..
  4.Issue is only with powerpoint document and not with word document..
  Going by point 3.. there is no relevance of the windows authentication to popup since authenticating or not authenticating doesn't matter.
  Issue unknown is why is that whenever only a ppt document from Solman is being opened does the SSO Windows authentication window of Solman server opens.. Is there any settings to be considered..
  Regards,
  Nagendran

  Since I am new to the field requesting the kind quick help by java experts here to help me change the code so that I would be able to search a web apge saved on disk and search and highlight a word in that page ....
  Thanks in advance........
  Looking forward for your kind suggestions......1) Did you write that code? If yes, proceed to 2). If no, I charge 150 euros/hr. Let me know when you want me to start.
  2) Post the code for a program that opens a text file with the following in it:
  hello world
  and prints the contents out using System.out.println().
  3) Modify the program in 2) to determine if the file contains the word "yes". Post the code.
  4) An html file is no different than the text file in 2).

• Forum SSO issue?

  This is just a minor inconvenience, not really a problem.  And certainly not an "injustice"
  Using Firefox, I have bookmarked the "Content" page of 11 different "spaces", all collected in a single bookmark folder.  When I open FF, I select to "open all tabs" in that folder, thus opening a FF tab for each forum space.
  Next I go to the first tab (which is the "Database, General Questions" space)and logon.
  when the screen refreshes after the logon, the tab is now at the same space as the last tab that FF opened when opening the folder.
  In addition to that, I'm finding that as I work my way down the list, when I get to the third tab (SQL, PL/SQL) I get a pop-up telling me I've been logged off.  Then, when I log back on at that tab, I've been take to the same space as the previous tab in the list.
  Again, not a big issue, but I'm curious if anyone has an explanation for this behavior.

  Dude wrote:
  The new forum software allows you to follow forum spaces. Instead of bookmarking and opening each forum space to check for updates, you could follow each forum by pressing the follow button. You can then see all new or updated discussions for all the forums you are following in the Dashboard under Followed Activity.
  I'll give that approach another try and see how it works for me.
  But as I said originally, the 'issue' I described is nothing more than a minor inconvenience.  I was more curious about the 'why it does that'  than 'how to fix it' ... curiosity about how the sso works in the first place, as that is still pretty much a black box to me.

• 10gAS Portal and SSO issue, HTTP 400 Bad Request

  New installation
  10gAS Portal (9041)
  Sun Solaris 9
  Internet Explorer 6.0.28
  After installation, I changed the mid-tier web cache listening port to 80 by following the instruction in Oracle® Application Server 10g Administrator's Guide:
  http://download-east.oracle.com/docs/cd/B10464_05/core.904/b10376/ports.htm#sthref362
  Now I am able to go to portal homepage with port 80:
  http://<host-name>/pls/portal/
  And when I click on the Login link, it correctly directs me to the SSO login page.
  However, when I type in username and password, it returns HTTP 400 Bad Request error.
  The weird thing is, if I enter the portal homepage URL again in the same browser, and click the login link again, I am logged in.
  Any idea what might cause this issue?
  Would re-register portal help?
  Thanks,
  Carol

  The IIS settings probaly also need to get increased as well to accommodate the large number of groups. 
  I'll see if I can find a better link, but this should get it working.http://support.microsoft.com/kb/970875
  Bump up the values, restart the box and see if this continues.
  Cheers,
  Rhoderick
  Microsoft Senior Exchange PFE
  Blog:
  http://blogs.technet.com/rmilne 
  Twitter:   LinkedIn:
    Facebook:
    XING:
  Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

• OBIEE 10G SSO Issue

  HI
  We have configured OBIEE 10g on IIS (ver-6) server. We have a business requirement where we need to integrate OBIEE with another ASP.NET application. So, user should log in once and to view OBIEE reports he should not log in again.
  Now we have checked GO URL option given in Chapter 11 of Oracle® Business Intelligence Presentation Services Administration Guide. But problem is our company policy does not allow us to pass Password in HTTP URL. So we cannot use that solution.
  We are trying to use SSO and referred to Chapter 8 of Deployment Guide. We followed all the steps give in that chapter
  Also, we modified isapiconfig.xml and entered &lt;CredentialStore&gt; paramaters in it.
  But when we Go to Analytics URL (for remote machine) Login screen show "Not Logged In" message.
  currently we are using REMOTE_USER method as it is given in documention.
  So we did everything by the book. Now my question is:
  1) We do not have any SSO server/Product, is there is any way we can integrate OBIEE application to other ASP.Net application on another IIS SERVER? There was a suggestion that if we pass remoter_user parameter in HTTP header, is it possible to work this way.
  2) Is it possible that if we host both the ASP.NET and OBIEE 10g on SAME IIS server there is way to integrate them using SSO without any SSO server again by passing remote_user HTTP header
  3) What options do we have to integrate ASP.NET application and OBIEE without using SSO server itself and without using GO url method as we cannot pass password in header. Will Cookie Enabling Method can work in this scenerio.
  4) Is there is way that OBIEE directly take windows ID without SSO server, I know question might sound stupid as in prerequisite i read that we need “SSO system of Choice” but we need to be absolutely sure about our option and possibilities.
  we also reffered to following thread:
  10g - how to configure sso with iis-
  But, this one seems to be unresolved So kindly help
  Regards
  Saurabh

  Hi Praveen,
  Thanks for your response. I was doing a bit of R&D on SOAP API, tell me if i am wrong.
  In case we use SOAP API to Authenticate then we will get Response in terms of XML and we have to write our own code to render it in tables or charts.
  We dont want that we just want to automate the Authentication part and want to use OBIEE use Interactive Dashboards. Kindly suggest if I am wrong and if we just write a piece of Code to get the Authentication done and it will not affect the further use of OBIEE.
  Regards
  Saurabh

• Jabber IM iPhone SSO issue

  I'm trying to use the Jabber IM for iPhone client (1.0.3) with SSO enabled Webex Connect.
  However it is verifying the email-address until a timeout occurs without re-routing to our authentification web page (ADFS).
  It works with the Webex meeting center client on the same iPhone.
  Any suggestions?
  Thanks Roman

  We have the same setup and it is working for us.
  Is it possible to get a connection to the adfs server via the iphone? In my setup I had to imclude https to this system in my vpn profile...
  Regards
  Florian
  Sent from Cisco Technical Support iPhone App

• SSO ISSUE in production server

  hi all
  i have configured sso in dev quality those are working fine. now i have done it in Production .
  while maintaing the jco destinations created the model data jco using logon ticket  and meta data jco using uidpw.
  for some time model data jco is working fine but some other time i am getting the error
  com.sap.mw.jco.JCO$Exception: (103) RFC_ERROR_LOGON_FAILURE: This system rejects all logons using SSO tickets .
  we maintained technical systems in Central SLD(solution Manager).
  No problem with Meta Data jco.
  Why happenin like this......i have maintained Login accepet and create values properly in RZ10 in R3.
  plz let me know why its happening like?
  thankyou
  swapma

  hi dao
  i have checked with by giving assertion ticket in place of logon ticket in jco destination connection still got the same error.
  if i  go for ping..... i am getting the ping successful.....while testing getting the same Error.
  i have been to sso2 in r3........checked sso with logon ticket thats fine......where i am failing exactly not getting.
  in visual admin tool i have changed the logon expiretime to 24 hours .....that is also not worked in my case......
  we are maintaing the sld with solution manager........
  i think that note not suit for us.
  plz let me know something related to this....
  Thankyou
  swapna

• SSO issue in portal and BW report resources

  Hi
  I have a BW reports displayed in portal. user mapping is configured in such a way thta multiple users in portal are mapped with single user of BW system.
  When BW report is displayed on portal, some of resources ( like images and js files as i see in http watch) are not fetched with reports and for those we need to login again as BW user.
  i checked SSO configuration between portal and BW, it seems to be correct as data is displayed in BW report.
  could you please suggest the solution of getting it fixed?
  Thanks in advance
  Pranav

  Hi,
  The problem is in the BEx Web configuration.
  Check whether the the Mime repository has the images or not in BI 7 server.
  If Mime has the images then the BI and portal configuration is not done properly using the BI template installer.
  You need to set the set the BWMANDT in table RSADMINA to current used default client.
  Also try to set the BEx web,
  The problem might get resolved after setting BEx Web.
  Required Steps
  You can perform an initial check of the automatic configuration with the
  following steps:
  Note 917950 - SAP NetWeaver 2004s: Setting Up BEx Web
  1. Execute the report RSPOR_SETUP with transaction SE38 (or SA38; or you
  can execute the report from the SAP Reference IMG, see Documentation
  below)
  2. Use value help of entry field Program ID (or RFC Destination) to
  choose <BI_SID>_<J2EE_HOSTNAME>_<J2EE_SID> as RFC Destination (this
  destination is created by the Template Installer)
  3. Enter Portal SID (required to check step 10)
  4. Press button Execute
  Placeholder <BI_SID> correspond to the field BACKEND_SID of the Template
  Installer's Data Entry. <J2EE_HOSTNAME> correspond to the field J2EE HOST
  and <J2EE_SID> to J2EE SID.