RE: Integrate BI Enterprise authentication with SAP BW with SSO
We have an existing BW 7.31 on HANA and planning a BI 4.1 deployment on top of that using BICS interface, since we have made a lot of investment in BEX queries already (currently running on Enterprise Portal)
I have a done some reading on SCN/Notes/KB etc. and have a few questions.
Our BOE environment is a shared platform, with various backends. We one trying to get onto it with our BW backend. BI platform is using Enterprise Authentication. So the users login with corporate email address/password on BI
Our SAP BW environment runs with employee ID access
- If I enable SAP authentication between BI and BW, I will get prompted twice to login. Am I right? once for email to login to BI and once for employee ID access into BW
- From what I had read, this can be avoided by establishing a certificate trust using STS and performing an ‘SAML’ mapping between the BI employee IDs and BW employee IDs. And this needs to be done for each individual user.
- But we have more than to 7500 users; we need to map existing users
- Map new users as they get created
How do we accomplish this? Are there recommended ways to automate these processes?
Please let me know if you need additional detail.
We had this resolved now and wanted to post we had to do to get this working for the benefit of some of you…
1/ Make sure that, STS exists on all the Adaptive Processing Servers on the BOE platform
2/ While setting up STS, on the BW side, we had to give client as 000, the system client
3/ The BW system needs to be included in the /etc/hosts file on the BO server side as follows
sapms<BW SYSTEM ID> <port#>3600/tcp (port# in our case was 3600 or 3601)
Not sure, how mandatory are the following; but we did it anyway as per SAP’s recommendations
1/ The communication user for BO-BW link should have a password with no special characters. It can only be alphanumeric
2/ While creating the certificate on BO side, the BO server should be in uppercase
3/ The alias used in creating the certificate should be uppercase
A restart of the BOE instance was recommended to clear out any caching of the passwords or user lockouts.