2640238 - How to Securely Integrate BI 4.x with Windows Active Directory and SSO in Distributed Environments [VIDEO]

• A Video How to guide to configure BI 4x for integration with Microsoft Active Directory, to allow manual kerberos logon, and kerberos delegation (AKA SSO, spnego, or negotiate)
• This Video KBA is based on KBA 2629070 which contains the same information in detailed text and screenshot format
• This Video KBA is a prerequisite for setting up SSO to the DB via kerberos see KBA 1869952 or web services client tools SSO in KBA 1646920 and many other scenarios
• In most cases this Video KBA will replace KBA 1631734 for all BI systems on 4.1 and above, although 1631734 can still be used (but does not contain as much updated info) 
• This new Video KBA will allow for a more secure configuration between BI and AD by integrating constrained delegation, the ability to use only RC4, AES 126 or AES 256 encryption as well as SSL/TLS on the web/app and contains all of the latest BI features that were added as of 4.2 SP5
• SSO browser issues found in IE 11 (on Win 10) see KBA 2485300 and Google Chrome KB 1887193 should work out of the box without modifying credential guard or adding URL's to the registry

Please NOTE: All information and pictures were taking from sample test system and do not represent actual data (any resemblance as such is purely coincidental). As these steps involve changes in nonSAP products please ensure approval from your companies internal network/security team and proper software vendors.

• SAP BusinessObjects Business Intelligence 4.1 / 4.2
• Microsoft Active Directory 2008 and above
• Microsoft Windows Server

directions documentation documents steps to follow vintela ventila vintella ventela set up setup vintela config configuration configuring AD Active Directory single sign on sign-on slient automatic opendocument intermittent error fail trouble troubleshoot shoot test java tomcat websphere weblogic oracle application server netweaver JDK java SDK development kit XI4 XI 4.0  XI 4.1 XI41 XIR4 XI 4.x BI4.0 BI zie MNHWW mkba htkba biauth Common error messages and symoptoms that could occur if any of the above steps are not configured properly Account Information Not Recognized: Active Directory Authentication failed to log you on. Please contact your system administrator to make sure that you are a member of a valid mapped group and try again. If you are not a member of the default domain, enter your user name as UserName@DNS_DomainName, and then try again. (FWM 00006) HTTP 500 error or page cannot be displayed HTTP 404 error HTTP 400 bad request or bad tag (typical error of attempting SSO on the BI server) jcsi.kerberos: Could not decrypt service ticket with Key type ##, KVNO ##, Principal "HTTP/XXX.YYY.ZZZ" using key:Principal username@REALM.COM com.crystaldecisions.sdk.exception.SDKException$InvalidArg: The argument has an invalid value null (FWM 02024) - delegation error video videokba [video] [ video ] vkba , KBA , BI-BIP-AUT , Authentication, ActiveDirectory, LDAP, SSO, Vintela , How To