The term Single Sign-On is used to describe different scenarios.
In SBO BI4.0 we have following SSOs:
- Single Sign-On to SAP BusinessObjects Enterprise
It means that once users have logged on to the operating system, they can access SAP BusinessObjects Enterprise applications that support SSO without having to provide their credentials again.
- Single Sign-On to database
Once users are logged on to SAP BusinessObjects Enterprise, single sign-on to the database enables them to perform actions that require database access. Single sign-on to the database can be combined with single sign-on to SAP BusinessObjects Enterprise, to provide users with even easier access to the resources they need.
- End-to-end Single Sign-On
End-to-end single sign-on refers to a configuration where users have both single sign-on access to SAP BusinessObjects Enterprise at the front-end, and single sign-on access to the databases at the back-end. Users need to provide their logon credentials only once, when they log on to the operating system, to have access to SAP BusinessObjects Enterprise and to be able to perform actions that require database access, such as viewing reports.
This article explains the necessary steps to enable Single Sign-On to database ( SAP BW) for LDAP users (similar steps could be applied for Windows AD users as well) in SBO BI4.0.
The article main focuses are:
- Common Semantic Layer (UNX) that can be used for access to SAP BW by utilizing SAP Java Connector (JCO) - relational connection to SAP BW
- OLAP BICS connectivity for direct access (no universe involved - BEx query used)
- WebIntelligence documents/reports against SAP BW
- Ability of LDAP users to create WebIntelligence documents in BI LaunchPad with UNX universe or OLAP BICS connection
- Single Sign-On of LDAP users into SAP BW when running WebIntelligence documents/reports
- Utilization of SAP SSO Service (Security Token Service) as main vehicle for SSO of LDAP users into SAP BW
The assumption is that reader is already familiar with steps necessary to setup the LDAP authentication in SBO BI4.0 Central Mangement Console. The steps are the same like in SAP BOXI3.1, so the article will not focus on this topic.
- Setup of LDAP authentication in SBO BI4.0 CMC.
- Setup required for the Common Semantic Layer (UNX) or BICS
- Map SAP users and LDAP users in SBO BI4.0 CMC