Symptom
- Full error "HTTP Status 500 - com.wedgetail.idm.sso.ProtocolException: com.wedgetail.idm.spnego.server.SpnegoException: com.dstc.security.util.asn1.Asn1Exception: Bad tag encountered: 78" after enablign SSO on BI 4.x
- BI launchpad worked fine before enabling SSO
- SSO works from client machine.
Environment
SAP BusinessObjects Business Intelligence Platform 4.x 4.0 4.1 all SP's
Reproducing the Issue
follow KBA 1631734 and enable SSO in BI
Cause
- kerberos SSO cannot be performed with the vintela libraries on the BI server, sometimes a work around of using the IP address will get past this, but it should be assumed SSO must be bypassed on the BI server with web/app installed
- Microsoft by default will not allow kerberos SSO when there are no network hops (basically if SSO is not attempted from client to server it reverts to NTLM which faile on BI)
Resolution
use the logonnosso option http://biserver:port/BOE/BI/logonNoSso.jsp on the server and login manually
Keywords
zie single sign on sign-on automatic logon , KBA , BI-BIP-AUT , Authentication, ActiveDirectory, LDAP, SSO, Vintela , Problem
Product
SAP Crystal Server 2013