Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Read only

New Trusted Authentication for Single Server installation and Entra Id

daniele_tiles2
Active Participant

on ‎2025 Mar 28 1:12 PM

0 Likes
783

Hi to all,

we've got a SAP BI 4.3 installation. We're trying to patch to SP4 Patch 11 from SP3. We're on a single server installation (Windows and bundled Tomcat as Application Server) with Entra ID as SAML/SSO login and an LBL in front of our Tomcat.

We're following these SAP Notes for security reasons https://me.sap.com/notes/3525794 and 3559381 - Configuring Trusted Authentication in 4.3 SP04 Patch 1000+ & BI 2025 - SAP for Me

We've tried to set the new Trusted Authentication method, but to no avail. We get always the "Unexpected password format" error, but we've checked many times, and in the cacerts.pem there is also the certificate of the Tomcat. We had it with *.<domain name>, we've changed it to the specific name. We've tried to disable also the client authentication between LBL and Tomcat (we believed might be that). Nothing.

We've got a case opened with SAP by quite some days, we've tried almost everything.

As anyone had any experiencing setting the new Trusted Authentication on a similar architecture (single server installation, Entra Id as IDP)...?

Regards

 

Daniele Tiles

Know the answer?

Help others by sharing your knowledge.

Answer

Need more details?

Request clarification before answering.

Show replies
Show replies
JohnClark
Contributor
‎2025 Mar 30 1:29 PM
0 Likes
After looking through the documents you provided links for, it sounds to me like this is something to be avoided right now until SAP gets some bugs worked out. I would suggest upgrading to a lower patch level that doesn't include this new trusted authentication if you can.
daniele_tiles2
Active Participant
‎2025 Mar 31 8:03 AM
0 Likes
Hi John,
daniele_tiles2
Active Participant
‎2025 Mar 31 8:05 AM
0 Likes
Hi John, thank you very much for your message. What I find a bit frustrating that SAP has provided a SAP Security Patch Day in February, stating that is important to update BO... https://support.sap.com/en/my-support/knowledge-base/security-notes-news/february-2025.html
JohnClark
Contributor
‎2025 Mar 31 3:00 PM
0 Likes
I saw that announcement as well. These always have to be evaluated against how Business Objects is used in your installation. Your installation may not have as much vulnerability as what SAP assigns to it. In my opinion, if you don't expose your Business Objects environment outside of your company, you don't have as much vulnerability as you would if you provided outside access.

Accepted Solutions (0)

Answers (0)

Ask a Question