SAP Knowledge Base Article - Preview

1323391 - What are the Microsoft requirements to perform kerberos SSO in multiple AD forests environments with BI

Symptom

  • What are the current Best Practices for multiple forest active directory integration
  • I have 2 or more Active Directory Forests and need to configure them for kerberos single sign-on ( spnego )
  • I can't map groups from 1 or more active directory domains or forests
  • I map in groups but users do not appear
  • Users from 1 or more forests or cannot logon via SSO (vintela)
  • Important to note: many, are not aware their "other domain" is in another AD forest so the term users in a domain cannot logon, map in, etc
  • A good way to tell if another domain is in another forest (typical multiple domains = domain1.xyz.local & domain2.xyz.local) typical multiple forest (domain1.xyz.local domain2.abc.extranet) the root domain is usually different although in some rare circumstances the root domain is the same, and only a tool such a Microsoft Domains and Trusts will reveal the forest relationship


Read more...

Environment

  • SAP Business Objects Enterprise XI 3.1
  • SAP BusinessObjects Business Intelligence Platform 4.0 4.1 4.2 4.x all SP's all patches
  • Microsoft Windows 2008 and above

Product

SAP BusinessObjects Business Intelligence platform 4.0 ; SAP BusinessObjects Business Intelligence platform 4.1 ; SAP BusinessObjects Business Intelligence platform 4.2 ; SAP BusinessObjects Business Intelligence platform 4.3 ; SAP BusinessObjects Enterprise XI 3.1

Keywords

multiple forest issues multi domains zie biauth htkba mkba sign on silent tomcat java XIR4 XIR3 XI 3.x login log in , KBA , biauth , htkba , bpkba , BI-BIP-AUT , Authentication, ActiveDirectory, LDAP, SSO, Vintela , How To

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.