Hi All,
My knowledge of BO is very limited and apologies for potentially using the wrong terminology in places (or even the wrong SCN space?) but I'd like to help an Administrator with setting up Active Directory SSO with Live Office connected to a BI Dual Stack that has an ABAP User Management Engine (I'm across the SAML, Kerberos and Logon Tickets in the NetWeaver world including ABAP and JAVA stacks, but not up on BO related authentication and SSO).
Background:
There are guides for Tomcat that say they should apply to NetWeaver based installations also, but the web.xml file is missing the mentioned lines so that is no help.
But my question is more around how the UME works within the CMC application deployed.
Looking at guides like this:
http://wiki.scn.sap.com/wiki/display/BOBJ/Setting+up+the+Windows+AD+plug-in
It looks like you are setting up users based on AD which would mean replicating all users (or at least setting up a group on the users you want to synchronise).
My Question (high level architectural response only requested):
If you want to use the BW UME for authorisation/access and for the account import into CMC(?); can you use AD for Authentication only without requiring any synchronisation of users; or is the idea you need to import BW users and map AD users to these BW users through AD imports?
Alternatively, I'd like to understand how most places leverage their BI/BW users with Live Office and SSO through Active Directory...
Thanks,
Matt