Skip to Content
Author's profile photo Bharath B N

SSO Configuration for BI REST APIs on Tomcat

This blog describes:-

  • BI Platform REST Webservices (biprws) in BOE 4.2 SP05
  • SSO Configuration in REST Service for AD users using kerberos
  • Configuration of on Web Server


From BOE 4.2 SP05 onwards, biprws supports deployment on:

  1. WACS (Web Application Container Server) and
  2. Apache Tomcat
BI Platfrom REST Services URL http://<host>:<port>/biprws/


<host> – the name of the web server for BI platform.

<port>  – the port number for the platform.

Version1 of biprws is introduced in 4.2SP03.

Supported Servers       : WACS, Tomcat (4.2 SP05+)

BIP RWS APIs URI v1 : http://<host>:<port>/biprws/v1/

Data Formats               : XML and JSON


Vintela SSO configuration for biprws on Tomcat:


Section 1 – Planning your Service Account Configuration

  • Roles of the Service Account
  • Role 1 – Query Active Directory
  • Role 2 – Run the SIA/CMS and allow manual AD logins.
  • Role 3 – Allows Single Sign On

Section 2 – Creating and preparing the service account

  • Creating the Service Account
  • Create Service Principal Names for the Service Account
    • Background Information
    • Setspn Commands
    • To View all created SPN’s
  • Delegation for the Service Account

Section 3 – Configure the AD Plugin Page in the CMC and map in AD groups

Section 4 — Steps to start the SIA/CMS under the service account

  • Verify that the service account and AD logins are working

Section 5 –Configuring Manual AD authentication to Java Application Servers

  • Create the bscLogin.conf file
  • Create the krb5.ini file
  • Verify java to successfully receive a kerberos ticket


biprws on Tomcat:

Section 1: Copy the file to custom config

  • Copy the file <INSTALLDIR>\tomcat\webapps\ to <INSTALLDIR>\tomcat\webapps \biprws\WEB-INF\config\custom\
  • Open file for editing.        

Section 2: Enable kerberos SSO auth in biprws

  • To enable Kerberos SSO for Windows Active Directory (secWinAD) authentication, set sso.enabled to true.
  • Specify the following mandatory options:
  • idm.allowUnsecured parameter must be set to true if SSL is not in use with the Java application server. For more information about Tomcat SSL, see the Knowledge Base Article ID:1484802



Section 3: Restart Tomcat.

Section 4: Test AD SSO REST API from client machine


Section 5: Set Auth Negotiate Delegated whitelist 

  •      SSO works in IE by default.  If SSO is not working in Chrome or Mozilla please add the URL to whitelist as below.




Learn More:

Assigned Tags

      You must be Logged on to comment or reply to a post.
      Author's profile photo Bharath B N
      Bharath B N
      Blog Post Author

      biprws deployment on Tomcat9:


      Fix will be available in 4.2 SP05 Patch4 +, SP06 + .

      Author's profile photo Bharath B N
      Bharath B N
      Blog Post Author

      Configuring AD SSO is not working on Tomcat server: