I’ve already written quite a few blog posts focused on configuring Active Directory authentication and Single Sign On from the server side, but there are also some considerations that need to be made on the client side. SAP BusinessObjects 4.1 officially supports Microsoft Internet Explorer, Google Chrome, and Mozilla Firefox. Single Sign On to the BI Launchpad and Explorer can happen with all of these, although there are some special details for each.
The changes below need to happen on each client machine that will access the BI Launchpad. Talk to your friendly Windows Active Directory administrators about pushing these changes out as part of a group policy to make everyone’s life a little easier.
For Chrome, unless your BI service account is configured for “constrained delegation”, SSO will not work out of the box. To make it happen, you need to whitelist each of your BI web servers. This is done by creating a registry key called AuthNegotiateDelegateWhitelist under HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome. In this key, add each of your BI web servers’ base URLs, for example:
See the note below for more information on configuring Chrome for SSO.
The fix for Firefox is similar to what we did for Chrome, however, we can do it without a registry edit. Instead, open Firefox and navigate to about:config. Now, search for network.negotiate-auth.delegation-uris and network.negotiate-auth.trusted-uris and enter the base URLs of the web servers like we did above.
For more, check out this note.
Finally, we come to Internet Explorer. SSO will work without changes for any site that IE considers to be in your Local Intranet zone. Basically, this means any URL without a period in it. If you are using a fully qualified domain name or a public URL, you will need to add the site to your Local Intranet Zone. You can do this by going to Options > Security > Local Intranet and clicking Add.
You can read more about this in the note below.
Finally, if you’re having problems with Single Sign On and you just want a workaround, you can bypass it completely by navigating to a special URL within the BI Launchpad application. Instead of going to http://mybiserver/BOE/BI/, instead go to http://mybiserver/BOE/BI/logonNoSso.jsp. This is case-sensitive so be careful when you’re typing it out!
Free Web Intelligence Best Practices Guide
We put together a Best Practices Guide for Web Intelligence Development that includes over 20 pages of tips and techniques for developing business-ready reports. Plus we'll show you the common functions that have a negative impact on performance, how to create interactive reports, the best ways to standardize look-and-feel, and much more!
GET YOUR FREE COPY OF THE GUIDE TODAY!