on 07-03-2019 6:00 AM
Hello all,
We have an existing SAP BI 4.2 SP05 patch 2 system with WinAD SSO configuration, and have a new requirement for provide (external) access using Azure App Proxy - https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/application-proxy-configure-sing...
When accessing the BI server from the app proxy URL, WinAD SSO fails and the logon prompt is displayed, we can then only log-on manually.
We have added the external URL as an SPN for the service account that BI runs under and the BI service user trusts kerberos delegation for all services.
The Azure app proxy is configured on the root (https://<external-FQDN>/ translates to https:<hostname>:8443/) and we are sending on-premises SAM account name as the delegated logon identity. According the Azure App Proxy link above, the kerberos token from the on-premise AD is sent to the application for authentication.
Please advise,
Thank you!
Regards, Walter
Hi @delliott11,
Unfortunately we were not able to get this working, as per the comments from tim.ziemba this may need trusted authentication. The customer I was working with removed this from the PoC scope.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi David,
External load-balancers / reverse proxy need to allow /BOE* for the application to call all accessible URI’s.
The start page can be https://<bihost>/BOE/BI. With these settings we got the BI launchpad logon page displayed.
Hope this helps,
Cheers, Walter
User | Count |
---|---|
76 | |
9 | |
8 | |
7 | |
6 | |
5 | |
5 | |
5 | |
5 | |
5 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.