cancel
Showing results for 
Search instead for 
Did you mean: 

SSM and BOE Active Directory User

Former Member
0 Kudos

Hi All,

I'm hoping someone can help me with an issue at a customer site. The environment is SSM 7.5 SP8 and BOE 3.1 SP3 FP1.

The SSM Server and NEtweaver CE 7.2 is installed on SERVERA and BOE is installed on SERVERB.

BOE is configured to use Active Directory and utilises TOmcat as its web application server. I am able to log in manually through infoview utilising the AD accounts fine so we know that BOE side is configured approapriately. Users are able to log in as well.

We are trying to get SSM to allow users to log in using their AD Accounts. We initially set the system up for just BOE authentication and that is working fine.

When we try to log into SSM with the AD accounts using Windows AD as the authentication type we get a Login error, try again. We have synched the users "Set system defaults" area and the AD users are appearing in the "Manage Applications Group".

Checking of the Netweaver log files shows the following error:

Error occurred while attempting to login through POAFHelper: com.crystaldecisions.sdk.except.SDKException$SecurityError: Active Directory Authentication failed to log you on. Please contact your system administrator to make sure you are a member of a valid mapped group and try again. If you are not a member of the default domain, enter your name as UserName@DNS_DomainName, and then try again.

cause: javax.security.auth.login.LoginException: No LoginModules configured for com.businessobjects.security.jgss.initiate

The manuals unfortunately are of little help and I cannot find any details with all my searching.

I'm now not even certain if the scenario of SSM on one server and BOE on another is supported. Is there more configuration that needs to be added on the NEtweaver side to support this setup?

Note: just to re-iterate all components are working ok on their own. BOE AD is working and SSM interface to BOE is working for Enterprise Users.

Any help appreciated, cheers

Glenn

Accepted Solutions (0)

Answers (1)

Answers (1)

Former Member
0 Kudos

Hi Glenn ,

Just a couple of clarifications . What is the authentication used by BOE ?

If my understanding is correct , SSM is working well when the authentication is BOE. However , the users are facing a challenge when the authentication is AD.

Ideally , when SSM connects to the BO User store , the authentication takes place on the BO side. If the authentication is successful , the user can log in into SSM .

Could you please check if all the settings on the Netweaver side are done correctly and whether you are connecting to the correct server or not. ?

Regards

Vijay

Former Member
0 Kudos

Hi VJ,

BOE has been setup to handle Active Directory authentication and this is working correctly as users can log into Infoview portal using their AD accounts. BOE also has Enterprise authentication by default.

So in my scenario when a user is prompted to login they enter their domain credentials and select Windows AD as the authentication type. My expectation is at this point in time that the credentials would pass to BOE for validation.

However having a deeper think about it Infoview is a JSP application and requires the Tomcat to be configured for Active Directory integration allowing users to log onto it.

I would of thought that SSM would require similar configuration (as its not passing it to TOmcat it is communicating directly with BOE) and hence why it is reporting no LoginModules for com.businessobjects.security.jgss.initiate. The kerberos configuration should be required to be setup on netweaver I would have thought to support the AD integration (if it is at all possible).

Sorry if that doesnt make sense. I've been working with BOE and its predecessors for 12 years and deal alot with security issues on BOE side. I cant see how the SSM application can pass over the details without the Kerberos configuration on NEtweaver side.

Cheers

Glenn