This WIKI will address how-to ensure you are using secondary credentials to access BW data while logged into the BI 4.0 launch pad.
When logging in as an SAP user with XI 3.1 you were ensured to be utilizing secondary credentials if SSO to the BW data source was configured. With BI 4.0 this is not always the case as new technologies have been introduced which can complicate the process of determining if secondary credentials are being used.
Determining if the Security Token Service (STS) has been attempted to be configured.
In XI 3.1 you would only need to check if SNC was affecting your secondary credentials by disabling SNC to see if the credentials would then be passed. In 4.0 you will need to also check if the SAP SSO service is also present.
To do this you will first need to login to the Central Management Console (CMC) and an administrative user and access the Authentication section. From here select the SAP plug-in and select the options tab.
Under the options tab you can see the configuration for SAP SSO Service, if the bold text states "A key store file has been uploaded" as in the screenshot STS will be attempted.
With SNC you have the ability to disable the use of SNC simply by unchecking the checkbox on the SNC tab (shown below).
With STS there is no such option and instead we need to completely remove the Security Token Service from the APS if you wish to use the secondary credentials instead of correctly configuring STS.
To do this navigate from the CMC home screen to the 'Servers' section. Once in the servers section click 'Servers List' and you will see a list of your servers running. You can now right-click on your APS and choose edit common services.
You will not be able to modify the services from here and will need to stop the server and then choose 'Select Services' at this point you will see the servers added on the right-hand side and can select the Security Token Service and move it to the left to ensure STS will not interfere with your secondary credentials.