SAP BI through Microsoft App Proxy

WalterK · ‎07-03-2019

Hello all,

We have an existing SAP BI 4.2 SP05 patch 2 system with WinAD SSO configuration, and have a new requirement for provide (external) access using Azure App Proxy - https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/application-proxy-configure-sing...

When accessing the BI server from the app proxy URL, WinAD SSO fails and the logon prompt is displayed, we can then only log-on manually.

We have added the external URL as an SPN for the service account that BI runs under and the BI service user trusts kerberos delegation for all services.

The Azure app proxy is configured on the root (https://<external-FQDN>/ translates to https:<hostname>:8443/) and we are sending on-premises SAM account name as the delegated logon identity. According the Azure App Proxy link above, the kerberos token from the on-premise AD is sent to the application for authentication.

Please advise,

Thank you!

Regards, Walter

WalterK · ‎09-24-2019

Hi @delliott11,

Unfortunately we were not able to get this working, as per the comments from tim.ziemba this may need trusted authentication. The customer I was working with removed this from the PoC scope.

SAP BI through Microsoft App Proxy

Re: SAP BO 4.3 Cloud: Error - The document has bee...

Re: How to get the FIRST Date in a date column

Re: SAP Cloud ALM - Granular Authorization to Scop...

Delete Class assignment Button Not Visible

Re: SAP Analytics Cloud for planning - Inverse For...