SSO trusted authentification with HTTP_HEADER not working in SAP BO 4.1 SP06

Dear experts,

We have the problem with SSO to http://<boserver>/BOE/BI via third party Apache URL https://dev.bi.home.com/BOE/BIin newly installed server of SAP BO 4.1 SP06.  We are able to see BI login screen but SSO is not working. This functionality working as expected with existing server 3.1.

Our environment:

SAP BO 4.1 SP06 in one server and integrated Tomcat7 with different server, one server (no cluster).

Implemented steps:

Below is the trusted authentication config maintained in the tomcat server.

Created new config files under path D:\Program Files (x86)\SAP BusinessObjects\SAP BusinessObjects Enterprise XI 4.0\warfiles\webapps\BOE\WEB-INF\config\custom

BILaunchpad.properties

authentication.visible=true

authentication.default=secLDAP

global.properties

sso.enabled=true

trusted.auth.user.retrieval=HTTP_HEADER

trusted.auth.user.param=UserID

• Re-deployed the BOE with Wdeploy.exe
• Stopped tomcat server and deleted Work directory under D:\Program Files (x86)\SAP BusinessObjects\tomcat\work and started tomcat server.

Here is the Apache rule to redirect the http://<boserver>/BOE/BI URL when accessign thirdparty URL like https://dev.bi.home.com/BOE/BI

The only thing we pass/configure for SSO is the UserID and HTTP header. Based on the detail below that the redirects were changing.  Just an FYI, here’s our Apache mod_rewrite rule:

    RewriteRule ^/BOE/(.*)$    http://<boserver>:8080/BOE/$1 [P]

https://dev.bi.home.com/BOE/portal/1509091147/InfoView/logon.faces

<!DOCTYPE html><html><head><meta http-equiv="X-UA-Compatible" content="IE=edge,requiresActiveX=true"/><script type="text/javascript"></script>

</head><body style='overflow: hidden;' marginwidth="0" marginheight="0" topmargin="0" leftmargin="0" rightmargin="0" bottommargin="0"><form action="portal/1509091147/InfoView/logon.faces" method="post" target="servletBridgeIframe" style='display:none;'>

</form>

<iframe name="servletBridgeIframe" style="position: absolute; min-width: 100%; min-height: 100%; overflow-y: hidden; border:0;" frameborder='0'></iframe><script type="text/javascript">document.forms[0].submit();</script>

</body></html>

Questions:

• What else I have missed in this configuration?
• The Apache side form action we are passing /portal/1509091147/InfoView/logon.faces is this correct?
• Do I need to generate shared services in enterprise settings and copy TrustedPrincipal.conf  in to W64x64 folder? and then pass shared services in global.properties file?
• Do I need to implement his Application server as well? I mean the server which has running only SIA. I tried still did not work.

Appreciate if some one can help me on this ASAP.

Thanks
Venky