Skip to end of metadata
Go to start of metadata

Product versions: XI3.1

 

1. Introduction

SNC setup (server-side trust) is done with BOE XI3.1 WebIntelligence server by using SAP Crypto and user wants to run WebIntelligence report that is created with the universe that has SSO connection with SAP InfoProvider.
User gets "Incomplete Logon Data" error if configuration steps with SAP Crypto library are not done properly.

It is assumption that user is already familiar with steps how to setup server-side trust with SAP Crypto and how to use "sapgenpse" tool for PSE generation.

2. Issue specific to UNIX platform (below example is for Solaris platform)

Make sure that you are logged into your Unix box as user under which XI3.1 WebIntelligence server process is running
Run following sapgenpse command to access SSO-Credentials:

sapgenpse seclogin -p BOE31.pse -l
  **********************************************************************
  **   sapgenpse WARNING:  Environment variable "USER" not defined!   **
  ** ---------------------------------------------------------------- **
  **  Please define the USER environment variable *AND* insert        **
  **  the definition into the startup script of your Unix shell,      **
  **  or you may get problems accessing credentials created           **
  **  through 'seclogin'!                                             **
  **                                                                  **
  **  Examples additions for your shell startup scripts:              **
  **                                                                  **
  **  (sh):  if [ "$USER" = "" ];then USER="`whoami`";export USER;fi  **
  ** (csh):  if ( $?USER == 0 ) setenv USER "`whoami`"                **
  **                                                                  **
  **  You appear to have an sh-style login shell                      **
  **********************************************************************


running seclogin with USER="Unknown"

0: CN=phoenix, OU=PG, O=BOBJ, C=CA
/export/home/titan/crypto/sec/BOE31.pse
NOT readable for Unknown

NO readable (of 1 matching) SSO-Credentials available (total 1)
for PSE-file "/export/home/titan/crypto/sec/BOE31.pse"

As you can see from above message environment variable USER is not define, so seclogin running under user "Unknown" (it behaves like USER environment variable is set to "Unknown") which does not have readable SSO Credentials.

2.1 First solution

To resolve this issue do following:
1) Edit user profile in the user home directory and add
USER=<user name under which run webi processes>; export USER
2) Source user profile (like . .profile)
3) run env Unix command to check if USER will show-up in output of env
4) run again "sapgenpse seclogin -p BOE31.pse -l"
You should get following

-bash-3.00$ sapgenpse seclogin -p BOE31.pse -l
running seclogin with USER="titan"

0: CN=phoenix, OU=PG, O=BOBJ, C=CA
/export/home/titan/crypto/sec/BOE31.pse
Options: LIFETIME= Fri, 1 Jan 2038 00:00:01 (GMT)
DIRACCESS=FALSE
CRLCHECK=FALSE

1 readable SSO-Credentials available
for PSE-file "/export/home/titan/crypto/sec/BOE31.pse"

As you can see there is one readable SSO Credential for user "titan" in above example.
(WebIntelligence server process is running under user "titan")

In the case that you get 0 readable SSO-Credentials for user when you run command in step 4) you need to run following command to add SSO-Credentials for user that is running WebIntelligence processes (in this case user "titan")

sapgenpse seclogin -p BOE31.pse -O titan

5) Stop Tomcat ,Stop BOE server , start BOE server, start Tomcat

2.2 Second solution

If you cannot add (for whatever reason) USER environment variable to user profile, than run following command

sapgenpse seclogin -p BOE31.pse -O Unknown

This command will add readable SSO Credential to PSE file for "Unknown" user.
This is just workaround and first solution is preferred.

(Important to notice!!! Above command has to be executed and readable SSO Credential has to be added to PSE for that user which is listed in the output of "sapgenpse seclogin -p BOE31.pse -l" command. As you can see above output of this command contains USER="Unknown" user but in some cases it can be "User" or to actual user if environment variable USER is set properly. When you run "sapgenpse seclogin -p BOE31.pse -l" again, you will see that there is entry in the output which is readable for "Unknown" user)

3. Issue specific to Windows platform.

The similar solution can be applied on Windows platform.
Run following command

sapgenpse seclogin -p BOE31.pse -l
running seclogin with USER="xi31"
seclogin: No SSO credentials available

In above example, user xi31 under which are running WebIntelligence server processes does not have SSO-Credentials.
Run following command to add readable SSO Credentials for user xi31.

sapgenpse seclogin -p BOE31.pse -O xi31

Now, the output of "sapgenpse seclogin -p BOE31.pse -l" will tell you that there is one readable SSO Credential for user xi31. The similar solution can be applied if you run WebIntellignece server processes under SYSTEM account. Just run "sapgenpse seclogin -p BOE31.pse -O SYSTEM" to add readable SSO Credentials for SYSTEM.

  • No labels