cancel
Showing results for 
Search instead for 
Did you mean: 

SAP 4.0 Windows AD (SSO) not working - FWM 00006

Former Member
0 Kudos

Hi,

There are lot of posts already on this topic. I completed windows AD setup with http://scn.sap.com/docs/DOC-26314

I completed all steps. it is BI 4.0 with tomcat.

I can login to launchpad Or client tools using AD authentication. But not SSO.

As per Step 9 .(Per document)

-----------------------------

Start Tomcat, go to E:\Program Files (x86)\SAP BusinessObjects\Tomcat6\logs\, check stdout.log has ‘credentials obtained’ shown.

------------------

But I am not getting 'credentials obtained' as part of log.

Any clue?

Error I am getting is

Account Information Not Recognized: Active Directory Authentication failed to log you on. Please contact your system administrator to make sure you are a member of a valid mapped group and try again. If you are not a member of the default domain, enter your user name as UserName@DNS_DomainName, and then try again. (FWM 00006)

Please don't give references of notes because I already gone through those. none helped.

Appreciate your responses.

Regards,

Mandar

Accepted Solutions (0)

Answers (3)

Answers (3)

Former Member
0 Kudos

Hi,

Issue is resolved. It was typo in global.properties file.

former_member205064
Active Contributor
0 Kudos

Try to make it run with force password option first do not use Keytab initially.

check the case of your service Account on AD side.

provide the exact case of service Account in global.properties file

idm.princ=serviceAccountname

restart Tomcat and test the issue.

if this does not work check for duplicate SPN as Josh mentioned.

Has this ever worked in the past?

-Raunak

former_member189884
Contributor
0 Kudos

if you are not getting the 'credentials obtained' message it is because there is something wrong with the configuration of the service account or settings in the global.properties file.

this message comes from the fact that the service account running the SIA is unable to delegate credentials based on the idm.princ entry found in the configuration file, none of which is needed for manual logins to work.

please check for duplicate spns by running setspn -x, and double check the settings for sso:
1) global.properties settings

2) tomcat option for idm.wedgetail password

3) kerberos delegation set on the service account

If you include a bit of your setup you may get more of a response in diagnosing the error.