Bo Share Point Integration

  • Published on
    08-Apr-2015

  • View
    140

  • Download
    9

Embed Size (px)

Transcript

Single Sign-On and Active Directory-SSO with Integration Option for Microsoft SharePoint XI 3.1

Applies to:BusinessObjects Enterprise XI 3.1, Integration Option for Microsoft Office SharePoint Software XI3.1. For more information, visit the Business Objects homepage.

SummaryThis document helps users configure Integration Option for Microsoft SharePoint Software 1.0 for Windows Active Directory (AD) authentication and End-to-End Single Sign-On. Author: Amit Nagar Company: SAP Created on: 5 August 2010

Author BioAmit Nagar is a Program Manager for SAP BusinessObjects and Microsoft SharePoint Integration products. In previous roles, has managed testing projects in BusinessObjects, i2 technologies, and WebMD.

SAP COMMUNITY NETWORK 2010 SAP AG

SDN - sdn.sap.com | BPX - bpx.sap.com | BOC - boc.sap.com | UAC - uac.sap.com 1

Single Sign-On and Active Directory-SSO with Integration Option for Microsoft SharePoint XI 3.1

Table of ContentsIntroduction ................................................................................................................................................... 3 BOE with AD Configuration ........................................................................................................................... 3 Steps for Configuring Windows AD NTLM Authentication ............................................................................ 10 Configuring AD NTLM and single sign-on for Integration Option for Microsoft SharePoint Software 1.0........ 11 Modifying web.config for impersonation and Windows authentication .......................................................... 13 Steps for Configuring Windows AD Kerberos Authentication........................................................................ 15 Configuring AD Kerberos Authentication for SharePoint server .................................................................... 19 Configuring AD Kerberos and Single Sign-on for Integration Option for Microsoft SharePoint Software 1.0 .. 20 Modifying web.config for impersonation and Windows authentication .......................................................... 22 Troubleshooting Tips................................................................................................................................... 23 Finding More Information ............................................................................................................................ 23 Related Content .......................................................................................................................................... 24 Copyright .................................................................................................................................................... 25

SAP COMMUNITY NETWORK 2010 SAP AG

SDN - sdn.sap.com | BPX - bpx.sap.com | BOC - boc.sap.com | UAC - uac.sap.com 2

Single Sign-On and Active Directory-SSO with Integration Option for Microsoft SharePoint XI 3.1

IntroductionThis document helps users configure Integration Option for Microsoft SharePoint Software 1.0 for Windows AD authentication and End-to-End Single Sign-On. The Domain used in the article is DANIEL.COM. This article refers two machines: XI30RTM - This is a BusinessObjects server installed with Windows 2003 server. The version is XI 3.1 SP2 and Integration Option for Microsoft SharePoint Software 1.0 SP2. W2K3-EN-DANIEL - Active Directory server installed with Windows 2003 server. Its Domain Functional Level is 2003.

This article refers to the SPN account for BusinessObjects with AD. This article refers to the BusinessObjects group in AD. The users in this group will be mapped to BOE as BO users.

BOE with AD Configuration1. Install AD in AD server: W2K3-EN-DANIEL. Make sure the DEP (Date Execution Prevention) setting is as shown.

NOTE: If DEP is not turned off, the error The service did not start due to a logon failure appears when you enter CMC > Authentication > Windows AD after using the SPN to start CMS.

SAP COMMUNITY NETWORK 2010 SAP AG

SDN - sdn.sap.com | BPX - bpx.sap.com | BOC - boc.sap.com | UAC - uac.sap.com 3

Single Sign-On and Active Directory-SSO with Integration Option for Microsoft SharePoint XI 3.1

2. Run the dcpromo command.

SAP COMMUNITY NETWORK 2010 SAP AG

SDN - sdn.sap.com | BPX - bpx.sap.com | BOC - boc.sap.com | UAC - uac.sap.com 4

Single Sign-On and Active Directory-SSO with Integration Option for Microsoft SharePoint XI 3.1

3. Create a new DC (Domain Controller).

4. Create a new forest.

5. Enter the domain name as DANIEL.COM. 6. Choose the second radio button.

SAP COMMUNITY NETWORK 2010 SAP AG

SDN - sdn.sap.com | BPX - bpx.sap.com | BOC - boc.sap.com | UAC - uac.sap.com 5

Single Sign-On and Active Directory-SSO with Integration Option for Microsoft SharePoint XI 3.1

7. Configure a static IP address to AD server.

8. Restart the computer with AD server after finishing the AD installation. 9. Raise the Domain Functional Level to 2003.

SAP COMMUNITY NETWORK 2010 SAP AG

SDN - sdn.sap.com | BPX - bpx.sap.com | BOC - boc.sap.com | UAC - uac.sap.com 6

Single Sign-On and Active Directory-SSO with Integration Option for Microsoft SharePoint XI 3.1

SAP COMMUNITY NETWORK 2010 SAP AG

SDN - sdn.sap.com | BPX - bpx.sap.com | BOC - boc.sap.com | UAC - uac.sap.com 7

Single Sign-On and Active Directory-SSO with Integration Option for Microsoft SharePoint XI 3.1

10. Change the IP address and DNS server address as shown below.

NOTE: The Preferred DNS server is the IP address of the AD server. The following action is completed: BO server.

11. Let BO server XI30RTM join the DANIEL.COM domain.

SAP COMMUNITY NETWORK 2010 SAP AG

SDN - sdn.sap.com | BPX - bpx.sap.com | BOC - boc.sap.com | UAC - uac.sap.com 8

Single Sign-On and Active Directory-SSO with Integration Option for Microsoft SharePoint XI 3.1

12. Restart the computer with the BO server.

SAP COMMUNITY NETWORK 2010 SAP AG

SDN - sdn.sap.com | BPX - bpx.sap.com | BOC - boc.sap.com | UAC - uac.sap.com 9

Single Sign-On and Active Directory-SSO with Integration Option for Microsoft SharePoint XI 3.1

Steps for Configuring Windows AD NTLM Authentication1. Log on to the CMC. Configure Active Directory authentication using NTLM from CMC Authentication Tab.

SAP COMMUNITY NETWORK 2010 SAP AG

SDN - sdn.sap.com | BPX - bpx.sap.com | BOC - boc.sap.com | UAC - uac.sap.com 10

Single Sign-On and Active Directory-SSO with Integration Option for Microsoft SharePoint XI 3.1

NOTE:

By default, the CMC Administrator account is: Administrator/(no password). The Default Microsoft Active Directory domain must be the Fully Qualified Domain Name of the domain. Besides this, the AD user names and ID are Case-Sensitive. Regarding New User Options, depending on the license, you should select named users.

Configuring AD NTLM and single sign-on for Integration Option for Microsoft SharePoint Software 1.0The following assumes a user is created on the SharePoint site and is able to log on to the Integration Option for Microsoft SharePoint Software 1.0 with enterprise user. 1. Ensure Windows AD authentication is visible on the Integration Option for Microsoft SharePoint Software 1.0 login page. From the inetmgr browse to site where Integration Option for Microsoft SharePoint Software 1.0 is installed.

2. Open the web.config for InfoViewApp and set authentication.visible to true value.

The user is able to see the Windows AD authentication in Integration Option for Microsoft SharePoint Software 1.0 login page and able to log in with Windows AD user.

SAP COMMUNITY NETWORK 2010 SAP AG

SDN - sdn.sap.com | BPX - bpx.sap.com | BOC - boc.sap.com | UAC - uac.sap.com 11

Single Sign-On and Active Directory-SSO with Integration Option for Microsoft SharePoint XI 3.1

3. Add the AD user to the SharePoint 2007 users list. Perform this activity with the SharePoint admin user.

4. Add aduser. Make sure that user is identified.

SAP COMMUNITY NETWORK 2010 SAP AG

SDN - sdn.sap.com | BPX - bpx.sap.com | BOC - boc.sap.com | UAC - uac.sap.com 12

Single Sign-On and Active Directory-SSO with Integration Option for Microsoft SharePoint XI 3.1

5. Log on to SharePoint with AD user.

6. Log on to Integration Option for Microsoft SharePoint Software 1.0 with AD user. This is to make sure that with AD user we are able to log on to SharePoint as well to Integration Option for Microsoft SharePoint Software 1.0. 7. Enabling SSO for Integration Option for Microsoft SharePoint Software 1.0.

Modifying web.config for impersonation and Windows authenticationTo enable impersonal and Windows authentication, modify the w eb.config files for the two applications listed below. Use the following steps to edit the web.config using the text in red for impersonation and Windows authentication. 1. Open the web.config file for Integration Option for Microsoft SharePoint Software 1.0. 2. Locate the following line under :

3. Modify the line as shown below: (modify it as shown)

4. Locate the following line under : (modify it as shown)

5. Edit the strings as indicated in red:

6. Save and close the web.config file. 7. Open the web.config file for PlatformServices. 8. Edit the lines under as indicated:

9. Save and close the web.config file. Restart IIS.

SAP COMMUNITY NETWORK 2010 SAP AG

SDN - sdn.sap.com | BPX - bpx.sap.com | BOC - boc.sap.com | UAC - uac.sap.com 22

Single Sign-On and Active Directory-SSO with Integration Option for Microsoft SharePoint XI 3.1

10. Access the Integration Option for Microsoft SharePoint Software 1.0 login page. Click the Log On button from content explorer.

User logs on to Integration Option for Microsoft SharePoint Software 1.0 automatically. If the user wants perform End to End SSO from client system, use the following configuration: Machine A -- BOE + Integration Option for Microsoft SharePoint Software 1.0 is installed, added to windows AD domain and AD user are mapped. Machine B (Client System) 1. Add user to Windows AD domain to log on to the system with AD user. 2. From the browser settings set Automatic logon with current user name and password. 3. Access the Integration Option for Microsoft SharePoint Software 1.0 URL from the new browser session. 4. Click Integration Option for Microsoft SharePoint Software 1.0 Log On button.

Troubleshooting Tips Clear browser cookies if you face issues with Single Sign On for IOMS. If user gets account information not recognized internal error while login to IOMS using SSO apply the following workaround: 1. 2. 3. 4. 5. 6. 7. 8. 9. Open IIS admin service using inetmgr from the command prompt. Browse to the web site where IOMS is deployed. Select InfoViewApp folder under _layouts. Right-click and select Properties. Select Directory & Security tab. Click Edit under Authentication & Access control tab. Uncheck Anonymous access. Repeat the above steps for the PlatformServices and IOMS websites. Ensure only integrated windows authentication is checked for PlatformServices, InfoViewApp and SharePoint site virtual directories. 10. Restart IIS.

Finding More InformationFor more information and resources, refer to the product documentation and visit the support area of the web site at: http://help.sap.com.

SAP COMMUNITY NETWORK 2010 SAP AG

SDN - sdn.sap.com | BPX - bpx.sap.com | BOC - boc.sap.com | UAC - uac.sap.com 23

Single Sign-On and Active Directory-SSO with Integration Option for Microsoft SharePoint XI 3.1

Related ContentIntroduction to Integration Option for Microsoft SharePoint software Product Screen Shots: Integration Option for Microsoft SharePoint software 1.0 For more information, visit the Business Objects homepage.

SAP COMMUNITY NETWORK 2010 SAP AG

SDN - sdn.sap.com | BPX - bpx.sap.com | BOC - boc.sap.com | UAC - uac.sap.com 24

Single Sign-On and Active Directory-SSO with Integration Option for Microsoft SharePoint XI 3.1

Copyright Copyright 2010 SAP AG. All rights reserved. No part of this publication may be reproduced or transmitted in any form or for any purpose without the express permission of SAP AG. The information contained herein may be changed without prior notice. Some software products marketed by SAP AG and its distributors contain proprietary software components of other software vendors. Microsoft, Windows, Excel, Outlook, and PowerPoint are registered trademarks of Microsoft Corporatio n. IBM, DB2, DB2 Universal Database, System i, System i5, System p, System p5, System x, System z, System z10, System z9, z10, z9, iSeries, pSeries, xSeries, zSeries, eServer, z/VM, z/OS, i5/OS, S/390, OS/390, OS/400, AS/400, S/390 Parallel Enterprise Serv er, PowerVM, Power Architecture, POWER6+, POWER6, POWER5+, POWER5, POWER, OpenPower, PowerPC, BatchPipes, BladeCenter, System Storage, GPFS, HACMP, RETAIN, DB2 Connect, RACF, Redbooks, OS/2, Parallel Sysplex, MVS/ESA, AIX, Intelligent Miner, WebSphere, Netfinity, Tivoli and Informix are trademarks or registered trademarks of IBM Corporation. Linux is the registered trademark of Linus Torvalds in the U.S. and other countries. Adobe, the Adobe logo, Acrobat, PostScript, and Reader are either trademarks or registered trademarks of Adobe Systems Incorporated in the United States and/or other countries. Oracle is a registered trademark of Oracle Corporation. UNIX, X/Open, OSF/1, and Motif are registered trademarks of the Open Group. Citrix, ICA, Program Neighborhood, MetaFrame, WinFrame, VideoFrame, and MultiWin are trademarks or registered trademarks of Citrix Systems, Inc. HTML, XML, XHTML and W3C are trademarks or registered trademarks of W3C, World Wide Web Consortium, Massachusetts Institute of Technology. Java is a registered trademark of Sun Microsystems, Inc. JavaScript is a registered trademark of Sun Microsystems, Inc., used under license for technology invented and implemented by Netscape. SAP, R/3, SAP NetWeaver, Duet, PartnerEdge, ByDesign, SAP Business ByDesign, and other SAP products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of SAP AG in Germany and other countries. Business Objects and the Business Objects logo, BusinessObjects, Crystal Reports, Crystal Decisions, Web Intelligence, Xcelsius, and other Business Objects products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of Business Objects S.A. in the United States and in other countries. Business Objects is an SAP company. All other product and service names mentioned are the trademarks of their respective companies. Data contained in this docume nt serves informational purposes only. National product specifications may vary. These materials are subject to change without notice. These materials are provided by SAP AG and its affiliated companies...