Real-World SAP BO Lesson: Fixing Trusted Authentication After a Patch Upgrade

Case Study: How We Restored Trusted Authentication After a SAP BO Patch

A major client reached out when their SAP BusinessObjects 4.3 system failed to start following a routine patch. End users were met with Trusted Authentication errors, and all access to BI reports was blocked.

The Client’s Pain Points

  • Tomcat refused to launch after the patch.
  • Custom TrustedPrincipalFilter entries had vanished from web.xml.
  • The trustedprincipal.conf file remained untouched, yet Tomcat ignored the authentication headers.

How We Diagnosed the Issue

By comparing pre- and post-patch configurations, we discovered:

  • The patch had overwritten web.xml, removing our filter definition.
  • JVM startup flags for trusted headers were still in place, but not being applied.
  • Temporary Tomcat directories contained stale artefacts that prevented a clean deployment.

The Fix We Applied

  1. Re-inserted the TrustedPrincipalFilter block into the restored web.xml.
  2. Confirmed the JVM option -Dtrusted.auth.header=YourHeaderName was still configured under Tomcat’s setenv.sh (or Windows equivalent).
  3. Emptied Tomcat’s temp and work folders to force fresh unpacking of web apps.
  4. Restarted services in order: first the Central Management Server (SIA), then Tomcat.
  5. Validated in the logs that the custom header was recognized and users could authenticate successfully.

Best Practices for Your Next Patch

  • Backup Configurations: Always snapshot web.xml, trustedprincipal.conf, and your Tomcat JVM settings before applying patches.
  • Pre-Upgrade Validation: Compare your custom filters and startup flags against a baseline to detect changes immediately.
  • Clean Deployment: As part of your patch playbook, include steps to clear Tomcat’s temporary and work directories.
  • Sequence Restarts: Define and document the correct service restart order (SIA → Tomcat) in your runbook.
  • Post-Patch Testing: Automate smoke tests to verify trusted headers are accepted and BI dashboards load without errors.

👉 Need help with your SAP BO upgrades? Get expert support now!

Back to blog