2788146 - How To: Configure Front-End SAML Authentication for BOE on Tomcat

•  Want to configure SAML authentication from 3rd Party source (IDP) to BOE on Tomcat (SP)
•  Need Step-by-Step guide on how to perform the configuration
•  Guide is written based on BI 4.2 SP06 as many SAML enhancements were added on this support package level
•  Later versions of BI 4.2 (SP07 and up) already have much of this configuration in place
•  This guide will not provide specific steps for IDPs as each IDP has different steps and requirements.
•  Any IDP that adheres to SAML 2.0 standards should be able to apply the configuration found here
•  There are known limitations to this configuration. Please see KBA 1795949 - Trusted Authentication with SAML single sign-on BI 4.x

Please NOTE: All information and pictures were taking from sample test system and do not represent actual data (any resemblance as such is purely coincidental). As these steps involve changes in nonSAP products please ensure approval from your companies internal network/security team and proper software vendors.

• SAP BusinessObjects Business Intelligence 4.2 Support Package 06 and above
• Identity Provider that supports SAML 2.0 standards (such as AD FS, Azure AD, OKTA, Ping Federator, and SAP Cloud Identity Provider)

bi4 biauth htkba ta trusted auth ta single sign on sign-on automatic logon silent boe bi bobj boxi tomcat SAML azure adfs spring security framework extension sap cloud identity provider idp samlsso trace troubleshoot trouble shoot saml.enabled Security Assertion Markup Language 42 4.2 , KBA , BI-BIP-AUT , Authentication, ActiveDirectory, LDAP, SSO, Vintela , How To