in System Administration

BI Launchpad SSO with Chrome and Firefox

I’ve already written quite a few blog posts focused on configuring Active Directory authentication and Single Sign On from the server side, but there are also some considerations that need to be made on the client side. SAP BusinessObjects 4.1 officially supports Microsoft Internet Explorer, Google Chrome, and Mozilla Firefox. Single Sign On to the BI Launchpad and Explorer can happen with all of these, although there are some special details for each.

The changes below need to happen on each client machine that will access the BI Launchpad. Talk to your friendly Windows Active Directory administrators about pushing these changes out as part of a group policy to make everyone’s life a little easier.

Chrome

For Chrome, unless your BI service account is configured for “constrained delegation”, SSO will not work out of the box. To make it happen, you need to whitelist each of your BI web servers. This is done by creating a registry key called AuthNegotiateDelegateWhitelist under HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome. In this key, add each of your BI web servers’ base URLs, for example:

http://*domain1.com; http://*domain2.com

See the note below for more information on configuring Chrome for SSO.

1887193 – I’m unable to perform SSO with BI using my Google Chrome browser

Firefox

The fix for Firefox is similar to what we did for Chrome, however, we can do it without a registry edit. Instead, open Firefox and navigate to about:config. Now, search for network.negotiate-auth.delegation-uris and network.negotiate-auth.trusted-uris and enter the base URLs of the web servers like we did above.

For more, check out this note.

1767654 – How to configure Mozilla Firefox to support Kerberos single sign-on in BusinessObjects Enterprise XI 3.1 and 4.0.

Internet Explorer

Finally, we come to Internet Explorer. SSO will work without changes for any site that IE considers to be in your Local Intranet zone. Basically, this means any URL without a period in it. If you are using a fully qualified domain name or a public URL, you will need to add the site to your Local Intranet Zone. You can do this by going to Options > Security > Local Intranet and clicking Add.

You can read more about this in the note below.

1379894 – SSO fails for some or all users with various errors such as 401 or looping logon in Internet Explorer

Bypass SSO

Finally, if you’re having problems with Single Sign On and you just want a workaround, you can bypass it completely by navigating to a special URL within the BI Launchpad application. Instead of going to http://mybiserver/BOE/BI/, instead go to http://mybiserver/BOE/BI/logonNoSso.jsp. This is case-sensitive so be careful when you’re typing it out!

Free Web Intelligence Best Practices Guide

We put together a Best Practices Guide for Web Intelligence Development that includes over 20 pages of tips and techniques for developing business-ready reports. Plus we'll show you the common functions that have a negative impact on performance, how to create interactive reports, the best ways to standardize look-and-feel, and much more!

GET YOUR FREE COPY OF THE GUIDE TODAY!

Powered by ConvertKit

Write a Comment

Comment

  1. Hi,

    I have configured AD SSO for SAP BI 4.1 SP1 . The SSo is working fine in IE but not working in chrome . I have created the regidter key AuthNegotiateDelegateWhitelist under HKEY_LOCAL_MACHINESOFTWAREPoliciesGoogleChrome and add my web server url like http://mywebsever:8080/BOE/BI

    Please let me know wat I am doing wrong

    Regards,
    Pavithra P

Webmentions

  • BI Launchpad SSO with Chrome, Firefox and Internet Explorer (IE) – Veri Bilimleri November 18, 2014

    […] Ref: alteksolutions.com […]