0

I'm attempting to create a logon token using the BOE BI Platform RESTful SDK v4.1 (using RESTClient).

A GET request to http://server:6405/biprws/logon/long/ returns:

<attrs xmlns="http://www.sap.com/rws/bip">
  <attr name="userName" type="string" /> 
  <attr name="password" type="string" /> 
  <attr name="auth" type="string" possibilities="secEnterprise,secLDAP,secWinAD,secSAPR3">secEnterprise</attr> 
</attrs>

A POST to http://server:6405/biprws/logon/long/ with a single header of Content-Type: application/xml and a payload of

<attrs xmlns="http://www.sap.com/rws/bip">
  <attr name="userName" type="string">myAccount</attr>
  <attr name="password" type="string">myPassword</attr>
  <attr name="auth" type="string" possibilities="secEnterprise,secLDAP,secWinAD,secSAPR3">secWinAD</attr>
</attrs>

returns:

<error>
    <error_code>FWM 00006</error_code>
    <message>Active Directory Authentication failed to log you on. Please contact your system administrator to make sure you are a member of a valid mapped group and try again. If you are not a member of the default domain, enter your user name as UserName@DNS_DomainName, and then try again. (FWM 00006)</message>
</error>

I've also tried attr name="userName" type="string">myAccount@mycompany.org</attr>, but with the same results.

A POST to http://server:6405/biprws/logon/adsso returns:

<error>
  <error_code>RWS 00057</error_code>
  <message>Method not allowed (RWS 00057)</message>
</error>

The credentials work with BI Launchpad and the CMC.

What am I missing?

craig
  • 25,664
  • 27
  • 119
  • 205
  • Relevant: [Business Intelligence Platform RESTful Web Service Developer Guide](https://techwriter79.wikispaces.com/file/view/sbo41sp5_bip_rest_ws_en.pdf) – craig Jan 12 '16 at 22:15
  • Do you have WinAD SSO working in BI launch pad? – Joe Jan 13 '16 at 01:10
  • You can use Windows AD authentication, but SSO doesn't work. – craig Jan 13 '16 at 01:51

1 Answers1

3

First, a disclaimer -- I've only done REST WinAD with SSO, not manual logon. So I can't be absolutely sure that my suggestions below will fix your problem.

The call to /biprws/logon/adsso requires a GET not a POST, but that will likely not work until you have SSO working.

There are a few settings that are required for WACS to use WinAD, with or without SSO. The file is here: SAP BusinessObjects\SAP BusinessObjects Enterprise XI 4.0\java\pjs\services\RestWebService\biprws\WEB-INF\web.xml

You will see a section commented out, starting with:

<!--  Kerberos filter section starts

Uncomment this section. Then set the following parameters:

  • idm.realm
  • idm.princ
  • idm.keytab
  • idm.kdc
  • idm.allowUnsecured

The values for these parameters should equal what was set in your system for BI launch pad. This is in:

SAP BusinessObjects\tomcat\webapps\BOE\WEB-INF\config\custom\global.properties

The format of the file is different (global.properties is a simple properties file, but web.xml is xml). So you can't just copy/paste the section, but you can copy the individual values. For example, in global.properties, you might see:

idm.keytab=C:/WINDOWS/bosso.keytab

This would be done in web.xml as:

<init-param>
  <param-name>idm.keytab</param-name>
  <param-value>C:/WINDOWS/bosso.keytab</param-value>
  <description>
      The file containing the keytab that Kerberos will use for 
      user-to-service authentication. If unspecified, SSO will default 
      to using an in-memory keytab with a password specified in the 
      com.wedgetail.idm.sso.password environment variable.
  </description>
</init-param>

Couple of references: http://myinsightbi.blogspot.com/ https://techwriter79.wikispaces.com/file/view/sbo41sp5_bip_rest_ws_en.pdf

Joe
  • 6,767
  • 1
  • 16
  • 29