Skip to Content
Author's profile photo Former Member

Configuring IDT for Windows AD Authentication

Hi All,

The Information Design Tool or IDT is the new universe authoring tool for SAP BusinessObjects BI 4.X This tool allows you to create the new UNX format universes that are required by some of the new BusinessObjects tools.

Configuring Information Design Tool For Windows AD Authentication is not a very tough work. Sometimes in our daily life we all are accustomed to open & login to  IDT with Enterprise/SAP Authentication but sometimes you need to do it by Windows Active Directory.

However, if you want to do this using your Windows Active Directory login, there’s an extra step involved before you can start with this tool.

If you try to log in with your Windows AD account right after installing IDT, you’re going to most likely get an error like

Unable to locate a login configuration” or “Could not load configuration file C:\Windows\krb5.ini (The system cannot find the file specified)“.

Users of past versions of the Business Objects(XI/6.5) client tools might be thrown by this — Windows AD login always worked out of the box before for Universe Design Tool Or Universe Designer for BO XI.

The problem lies in the fact that IDT, as well as a few of the other “new” tools from BusinessObjects, is written in Java.  Because of this, IDT uses something called Kerberos Authentication to communicate with your Windows Active Directory domain controller.  Kerberos needs to know some information about your domain in order to talk to it — that’s where the mysterious “krb5.ini” file comes in.

Without setting up krb5.ini file you cant use IDT for Windows AD Authentication. 

krb5.ini is used to configure the KDC‘s (Kerberos Key Distribution Center, its domain controllers) that will be used for the java login requests

Please follow the below mentioned steps:-

1.Do a search for the file on the server/try to login to BI launchpad and if you find that  you can already log into BI Launchpad with your Windows account, these files will already exist on your BI server.

Following the steps in SAP Note 1621106, copy the krb5.ini and bscLogin.conf files from your BI server to your local machine where the client tools are installed. The default path is C:\Windows, but the note explains how you can configure a different location.

2.If you are unable to find the file then create the file C:\WINDOWS\krb5.ini & C:\WINDOWS\bscLogin.conf manually and see if that helps.

But while creating it you may find error stating

Failed to add XXXX to keytab.

You will need to add the contents into the file after creating it.

If the file is not available create the krb5.ini file with necessary information,

default_realm =
dns_lookup_kdc = true
dns_lookup_realm = true
default_tgs_enctypes = rc4-hmac
default_tkt_enctypes = rc4-hmac
udp_preference_limit = 1

[realms]  = {
kdc =                                                                                           default_domain =

Same for the bscLogin.conf ,create the file.

Before creating the file you need to check this wiki for the default entries for setting up Manual Java Authentication.All the steps are there with proper screenshots

Setting up Manual Java Authentication – Business Intelligence (BusinessObjects) – SCN Wiki


Thus, the problem will be solved by replicating the above steps and SSO connection to AD works.

So to summarize the above all points search for krb5.ini,if not found create a krb5.ini file add that in C:\WINDOWS , create a keytab and made connection with SPNEGO.


Apart from the above stated error Some people can still face one issue regarding Information Design Tool only(not found in any other Business Objects client tools)

Active Directory Authentication failed to log you on. Please contact your system administrator to make sure you are a member of a valid mapped group and try again(FMW 00006)

Please find below the steps to overcome this issue:-

1.Open the InformationDesignTool.ini file which can be found in the Business Objects installation path (\SAP BusinessObjects\SAP BusinessObjects Enterprise XI 4.0\win32_x86)

2.Add the following lines of information about the bscLogin.conf & krb5.ini files after the existing contents of the file:\bscLogin.conf (Eg:- C:\Windows\bscLogin.conf)\krb5.ini (Eg:- C:\Windows\krb5.ini)


3.Please make sure the two files bscLogin.conf and krb5.ini are configured for Active Directory

authentication with Kerberos as mentioned in the 1st problem stated above.

So,hopefully from now on you can use Information Design Tool with Windows AD authentication too without any problems.



1.  Configure a different install location for krb5.ini and bscLogin.conf ( SAP Note 1621106 )

2. Setting up Manual Java Authentication – Business Intelligence (BusinessObjects) – SCN Wiki

Assigned Tags

      1 Comment
      You must be Logged on to comment or reply to a post.
      Author's profile photo Kris Cutaia
      Kris Cutaia

      This article is excellent!  Thanks for the clear explanation and resolution.  I just implemented the changes and can now log into IDT using Windows AD authentication with no trouble.