BI Authentication Deep Dive Troubleshooting KBA’s are HERE!
I’m Tim Ziemba Senior Engineer with BI Authentication.
Over the years One of the issues the often occurs with authentication issues is mixing up like solutions because the errors, or symptoms, are very similar. SSO for instance can mean a hundred things in BI alone, never mind what it means to all the other applications there are. Our typical KBA’s are created to address an issue, such as how to, or error message. The problem occurs if the KBA doesn’t resolve the problem, then what?
This has prompted the creation of a new type of KBA article called titled.
BI Auth Troubleshooting Series.
In this series of KBA’s, the focus will be on understanding the processes involved with communication to external directories to help identify problems and points of failure. We do this by setting up and logging a working process. This gives us a baseline reference of information that should be present. When a configuration fails, or an error occurs we can compare the failed logs to the baseline references to better identify the point of failure
All the KBA’s will be kept together via a master list KBA 2556648.
Currently contained are deep dive tracing analysis of three primary authentication plugins…
- The Windows Active Directory Plugin KBA 2543957 detailing the process of mapping a group containing users and showing what to verify that will confirm the process completed successfully
- The LDAP plugin KBA 2553440 also detailing the process of mapping a group containing users and showing the key attributes to look for to verify all the processes complete successfully
- The SAP plugin KBA 2562962 details the process of role mapping from an SAP entitlement system. the users are added to the BI server and all the processes are identified
- When setting up SSO for BICS (BW) we can now follow the process though KBA’s 2578098 & 2585816.
In addition to the KBA’s above (which focus on BI products and tracing) KBA’s are available to assist in using 3rd party troubleshooting tools
- A tutorial of using wireshark packet scanner for issues such as kerberos and LDAP tracing in KBA 1969914
- Articles on using Fiddler HTTP debugger KBA 1965317 to assist in troubleshooting trusted authentication as well as the general guide in KBA 1945794
- Troubleshooting kerberos encryption issues can be tough so KBA 2555841 can help
- SAP SSO whether by using SNC KBA 1500150 or STS KBA 1976414 will assist in resolving the issues as well as KBA 1767629 in determining what the issues are
Some other recently added troubleshooting guides are related to SAML. We have two completely different processes SAML SSO to HANA in KBA 2593463 and setting up SAML for trusted authentication (recently added in BI 4.2 SP5) which can be troubleshot via KBA 2604208. Expect this list to continue to evolve. The KBA’s themselves will be updated when possible to add new information (such as the recent addition of the 4.2 SP5 feature to allow BW users to change their passwords from BI launchpad being added to KBA 2562962).
Please provide feedback so we can continue to improve and add to our documentation. All links are provided to google preview pointers of the KBA #’s and require access to the SAP support portal to view the entire document.