0

I am running IBM Cognos Business Intelligence Server 10.2.1 (no other extra software products) on WebSphere Application Server 7, both softwares on an AIX server. I am trying to configure LTPA SSO through basic HTTP authentication from WebSphere to Cognos. For authentication, I am using my company's LDAP server on both Cognos and WebSphere.

After doing the changes to .../war/gateway/web.xml and .../war/gateway/application.xml.template, building new application EARs and deploying them with the option of defining my login , login works otherwise just fine... except that when I enter my username and password, it seems like the wrong information is passed on to Cognos because I get the plain ordinary login dialog with my employee name on the username field (we use our intranet mail addresses as usernames).

I have tried reading IBM's documentation on that matter. What I sort of got was that the LTPA token passed on to Cognos contains the user credentials, but I couldn't find anything conclusive on how to define the user credentials passed from WAS to Cognos or how to configure Cognos to read the appropriate credentials from the LTPA token.

Update: After doing a lot of reading on the topic and scouring like one third of the internet, I finally managed to narrow down the issue to the REMOTE_USER environment variable set on Cognos by WebSphere, which is somehow getting filled in with my employee name instead of my actual username. Next step on the list is therefore to figure out where or how can I tell WebSphere to fill in the right info on REMOTE_USER.

My web.xml and application.xml.template modifications are as follows.

web.xml

    <!-- WAS SSO configuration begin -->
    <security-constraint>
             <web-resource-collection>
                     <web-resource-name>10.2.1FP3_Gateway_WASlogin</web-resource-name>
                     <url-pattern>/servlet/Gateway/*</url-pattern>
                     <http-method>GET</http-method>
                     <http-method>POST</http-method>
             </web-resource-collection>
             <auth-constraint>
                     <role-name>was_sso</role-name>
             </auth-constraint>
    </security-constraint>
    <login-config>
             <auth-method>BASIC</auth-method>
             <realm-name>10.2.1FP3_Gateway_WASlogin</realm-name>
    </login-config>
    <security-role>
             <role-name>was_sso</role-name>
    </security-role>
    <!-- WAS SSO configuration end -->

application.xml.template

     <security-role id="SecurityRole_Cognos_BI_User">
             <description/>
             <role-name>was_sso</role-name>
     </security-role>
RAKK
  • 151
  • 1
  • 8
  • Would you be willing to collaborate on this issue? I just enrolled to this site after seeing your post. I was hoping to add a comment but lack the points needed for that option. We are facing almost the exact same issue. In our case REMOTE_USER is null and that condition appears to be the result of the portal not accepting the Cognos websphere profile's certificate. – WR Aldrich Apr 22 '15 at 14:15
  • Right now we are still working out the solution. I'll update this post as soon as we figure it out. Looks like we're pioneering something here because I swear nobody on the entire Internet seems to know the solution. – RAKK Apr 22 '15 at 15:40

0 Answers0