If you are unable to create a new account, please email support@bspsoftware.com

 

WAS passing wrong login info through LTPA token to Cognos BI 10.2.1?

Started by gabbagabba, 15 Apr 2015 12:19:42 PM

Previous topic - Next topic

gabbagabba

I am running Cognos BI 10.2.1 on WebSphere Application Server 7, both softwares on an AIX server. I am trying to configure LTPA SSO through basic HTTP authentication from WebSphere to Cognos. For authentication, I am using my company's LDAP server on both Cognos and WebSphere.

After doing the changes to .../war/gateway/web.xml and .../war/gateway/application.xml.template, building new application EARs and deploying them with the option of defining my login , login works otherwise just fine... except that when I enter my username and password, it seems like the wrong information is passed on to Cognos because I get the plain ordinary login dialog with my employee name on the username field (we use our intranet mail addresses as usernames).

I have tried reading IBM's documentation on that matter. What I sort of got was that the LTPA token passed on to Cognos contains the user credentials, but I couldn't find anything conclusive on how to define the user credentials passed from WAS to Cognos or how to configure Cognos to read the appropriate credentials from the LTPA token.

My web.xml and application.xml.template modifications are as follows.

web.xml


    <!-- WAS SSO configuration begin -->
    <security-constraint>
             <web-resource-collection>
                     <web-resource-name>10.2.1FP3_Gateway_WASlogin</web-resource-name>
                     <url-pattern>/servlet/Gateway/*</url-pattern>
                     <http-method>GET</http-method>
                     <http-method>POST</http-method>
             </web-resource-collection>
             <auth-constraint>
                     <role-name>was_sso</role-name>
             </auth-constraint>
    </security-constraint>
    <login-config>
             <auth-method>BASIC</auth-method>
             <realm-name>10.2.1FP3_Gateway_WASlogin</realm-name>
    </login-config>
    <security-role>
             <role-name>was_sso</role-name>
    </security-role>
    <!-- WAS SSO configuration end -->


application.xml.template


     <security-role id="SecurityRole_Cognos_BI_User">
             <description/>
             <role-name>was_sso</role-name>
     </security-role>