Dear SAP Community Member,
In order to fully benefit from what the SAP Community has to offer, please register at:
Thank you,
The SAP Community team.
Skip to end of metadata
Go to start of metadata


This WIKI will address how-to ensure you are using secondary credentials to access BW data while logged into the BI 4.0 launch pad.


When logging in as an SAP user with XI 3.1 you were ensured to be utilizing secondary credentials if SSO to the BW data source was configured. With BI 4.0 this is not always the case as new technologies have been introduced which can complicate the process of determining if secondary credentials are being used.

Determining if the Security Token Service (STS) has been attempted to be configured.

In XI 3.1 you would only need to check if SNC was affecting your secondary credentials by disabling SNC to see if the credentials would then be passed. In 4.0 you will need to also check if the SAP SSO service is also present.

To do this you will first need to login to the Central Management Console (CMC) and an administrative user and access the Authentication section. From here select the SAP plug-in and select the options tab.

Under the options tab you can see the configuration for SAP SSO Service, if the bold text states "A key store file has been uploaded" as in the screenshot STS will be attempted.

Disabling STS.

With SNC you have the ability to disable the use of SNC simply by unchecking the checkbox on the SNC tab (shown below).

With STS there is no such option and instead we need to completely remove the Security Token Service from the APS if you wish to use the secondary credentials instead of correctly configuring STS.

To do this navigate from the CMC home screen to the 'Servers' section. Once in the servers section click 'Servers List' and you will see a list of your servers running. You can now right-click on your APS and choose edit common services.

You will not be able to modify the services from here and will need to stop the server and then choose 'Select Services' at this point you will see the servers added on the right-hand side and can select the Security Token Service and move it to the left to ensure STS will not interfere with your secondary credentials.

Related Content

Related Documents

 How to setup XI3.1 WebIntelligence SSO with SAP BW

Setup of SAP SSO Service in SAP BO BI4.0 CMC

Related Notes

1 Comment

  1. Hi Josh,

    2 questions:

    1. if I want to upload another key store file, is it going to overwrite the previous one?
    2. To which location is it going to be uploaded? CMS database?