If you are unable to create a new account, please email support@bspsoftware.com

 

News:

MetaManager - Administrative Tools for IBM Cognos
Pricing starting at $2,100
Download Now    Learn More

Main Menu

Passing Credentials through URL not working after SSO enabled

Started by Tsunami, 26 Sep 2011 02:03:59 PM

Previous topic - Next topic

Tsunami

I have been appending the namespace, userid and password to the end of a url and it has been working flawlessly.  However, I just turned on single signon and it doesn't like it.  The user is prompted with a basic window login box if logging in from outside the network.  ???

What can cause this?  Thanks.

smiley

Should single signon not replace the need to entering the userid and password in the url?
The remote_user mechanism now blocks, and an authentication popup box is showing, which could be expected.
I would suggest with startting to only put the namespace in the url.
(you could also predefine the namespace in a second gateway install, making it not require to put anything in the url at all)


Tsunami

Quote from: smiley on 26 Sep 2011 02:53:13 PM
Should single signon not replace the need to entering the userid and password in the url?
The remote_user mechanism now blocks, and an authentication popup box is showing, which could be expected.
I would suggest with startting to only put the namespace in the url.
(you could also predefine the namespace in a second gateway install, making it not require to put anything in the url at all)



Yes, but this for an external customer.  They are outside our network.  We created a user in AD for this customer and granted him permission to the report he needs to see.  To make things less confusing, we added his credentials to the end of the url so he just has to click on a link to get to the report he needs.

Maybe I should be authenticating a different way???

smiley

I think you will be stuck with setting up a second gateway, with SSO disabled, and just using the url trick.

bdbits

There are other ways. I would be concerned about a username/password coming across the wire. Hopefully you are at least using https.

We have some public web sites that surface Cognos content (i.e. not through Cognos Connection). Our particular solution was built using SharePoint and the IBM-provided portlets. We modified the SharePoint logon code (in a supported way) to automatically log the user in using server-side code. Then using some IBM/Cognos whitepapers, support calls, and a lot of trial and mostly errors, we figured out how to get that "web user" to authenticate to a special namespace we set up in Cognos. In hindsight I probably would have tried do do it differently, maybe with custom code, but various constraints drove us down this path and it works now. If we get the opportunity to justify it, we may still explore custom code at some point, but we needed some functionality that may be non-trivial - in-line prompts, drill-downs, etc. I do not know how well-supported that is via SDK APIs.

Probably overkill for what you want to do, but the user gets the secured content they want without entering credentials and without knowing it is secured.