Lumira 2.1: X509 based Single Sign On support with BI Platform
This blog is intended to provide you an overview of the support for Multifactor authentication to perform Single-Sign-On to BI Platform (using X509) via Secure Login Client (SLC) in Lumira Discovery 2.1.
Starting from Version 4.2 SP05, BI platform offers support for X509 based multifactor authentication for various thin and thick clients. This means the clients like Lumira also supports x509 based Single-Sign-on to BI Platform
- You have set up SAP Secure Login Client (SLC) on your desktop machine for authentication. It has a valid X.509 certificate stored.
You have configured SAP BI Platform to accept trusted X.509-based logon requests via RESTful connection.
You are using SAP BI Platform 4.2 SP05 version and above.
Refer to the additional References for more information…
Single Sign On with X509 using Lumira:
Once the above Pre-requisites are met, you can chose to enable X509 based logon option in the Lumira preferences –>Network option.
Since X509 is supported via RESTful, the URL needs to be configured.
Also since HTTPS WACS is a pre-requisite, providing a HTTP URL would not work here.
you need to restart the Lumira after configuration.
Logon to BI Platform with Single Sign On:
In the Home page go to the BI Platform tab and select “SSO Authentication” option and click on connect button. This would read the x509 based certificate available with the SAP Secure Login Client (SLC) installed on your desktop and provide single sing on to the BI Platform.
Once connected to BI Platform, all further communication for other workflows happens via the established session.
BI Platform Rest SDK:
Trusted x509 authentication support for BI Platform for rest:
SAP Single Sign on and Secure Login Client:
Hi Srivathsa ,
We are configuring the Lumira Discovery SSO in our systems . We are currently configuring the secure login client in order to allow the SSO but we don´t have clear how to do it. Could you explain us how to do it?
Thanks a lot
If you need to achieve just the single sign on using windows AD Kerberos to BI Platform, you don’t need to follow this blog post. You can do it the same way as you did for Lumira 1.3x or for other clients. This is still supported.
If you need factored authentication using x509 certificate via SAP Secure Login Client, you could follow this blog.
Do you have any suggestions on how to add the x509 certificate to the Server and client keystore? I have followed the SAP Blogs you referenced, and successfully enabled x509 authentication on BI using Tomcat and WACS restful libraries, but only with the created certificates documented in those blogs.
I have not been able to find a way to add the client certificate from SAP Secure Login Client to those keystores.
Is it documented anywhere?