Skip to Content

SSO Configuration for BI REST APIs on Tomcat

This blog describes:-

  • BI Platform REST Webservices (biprws) in BOE 4.2 SP05
  • SSO Configuration in REST Service for AD users using kerberos
  • Configuration of biprws.properties on Web Server

 

From BOE 4.2 SP05 onwards, biprws supports deployment on:

  1. WACS (Web Application Container Server) and
  2. Apache Tomcat
BI Platfrom REST Services URL http://<host>:<port>/biprws/

where

<host> – the name of the web server for BI platform.

<port>  – the port number for the platform.

Version1 of biprws is introduced in 4.2SP03.

Supported Servers       : WACS, Tomcat (4.2 SP05+)

BIP RWS APIs URI v1 : http://<host>:<port>/biprws/v1/

Data Formats               : XML and JSON

 

Vintela SSO configuration for biprws on Tomcat:

Prerequisites:

Section 1 – Planning your Service Account Configuration

  • Roles of the Service Account
  • Role 1 – Query Active Directory
  • Role 2 – Run the SIA/CMS and allow manual AD logins.
  • Role 3 – Allows Single Sign On

Section 2 – Creating and preparing the service account

  • Creating the Service Account
  • Create Service Principal Names for the Service Account
    • Background Information
    • Setspn Commands
    • To View all created SPN’s
  • Delegation for the Service Account

Section 3 – Configure the AD Plugin Page in the CMC and map in AD groups

Section 4 — Steps to start the SIA/CMS under the service account

  • Verify that the service account and AD logins are working

Section 5 –Configuring Manual AD authentication to Java Application Servers

  • Create the bscLogin.conf file
  • Create the krb5.ini file
  • Verify java to successfully receive a kerberos ticket

SAP KBAhttps://launchpad.support.sap.com/#/notes/1631734

biprws on Tomcat:

Section 1: Copy the biprws.properties file to custom config

  • Copy the file <INSTALLDIR>\tomcat\webapps\biprws.properties to <INSTALLDIR>\tomcat\webapps \biprws\WEB-INF\config\custom\biprws.properties
  • Open biprws.properties file for editing.        

Section 2: Enable kerberos SSO auth in biprws

  • To enable Kerberos SSO for Windows Active Directory (secWinAD) authentication, set sso.enabled to true.
  • Specify the following mandatory options:
  • idm.allowUnsecured parameter must be set to true if SSL is not in use with the Java application server. For more information about Tomcat SSL, see the Knowledge Base Article ID:1484802

 

 

Section 3: Restart Tomcat.

Section 4: Test AD SSO REST API from client machine

 

Section 5: Set Auth Negotiate Delegated whitelist 

  •      SSO works in IE by default.  If SSO is not working in Chrome or Mozilla please add the URL to whitelist as below.

 

SAP KBA:

https://launchpad.support.sap.com/#/notes/1646920

https://launchpad.support.sap.com/#/notes/2613391

 

Learn More:

https://blogs.sap.com/2017/12/15/bi-platform-rest-sdk-rws-in-boe-4.2/

https://blogs.sap.com/2017/05/10/query-the-businessobjects-repository-using-bi-platform-rest-sdk-rws/

https://blogs.sap.com/2017/04/16/bi-platform-rest-sdk-version1/

https://blogs.sap.com/2017/04/21/session-management-in-bi-platform-rest-sdk-rws/

https://help.sap.com/viewer/product/SAP_BUSINESSOBJECTS_BUSINESS_INTELLIGENCE_PLATFORM/

2 Comments
You must be Logged on to comment or reply to a post.