LDAP and CA Authenticaiton at the same time

[eballinger75]

Hi Guys,
New to this website, hoping someone can help me out.

We are running Cognos 10.1.1 and have multiple LDAP authentication providers. There is a group that would like to access their reports using SSO from an Entrust CA. I assumed that the External Identity mapping would do it, since the usernames in both areas are the same,  but so far I can't get it to work.

To test this SSO out I was having my gateway (IIS) pass a HTTP header with the REMOTE_USER set to the LDAP userid , to the login page but its still giving me the login prompt.

External Identity Mapping: uid=${environment("REMOTE_USER")}

Does anyone know if the LDAP external identity mapping will look at the HTTP header or how to get what I have described to work?
Thanks,
Eddie


UPDATE Sept 9, 2016

Hi Guys,

Just wanted to update this posting that maybe will help the next guy solve this or a similar problem. After some more reading I realized that in order to read certificates in IIS, you must have SSL (HTTPS service) installed. Google setup SSL in IIS. You will also need to install the Entrust GetAccess software on the same server. This of course assumes you are using IIS as your web server.

Also I was able to test the SSO authentication with Windows authentication. This could be useful if you just use Cognos on your Intranet only. TO get this working, again you need to enable the service in IIS. Google setup Windows authentication in IIS. You will most likely need to modify the COgnos external identity mapping to remove the domain name from windows, done as follows:

uid=${replace(${environment("REMOTE_USER")}, "DOMAINNAME\\","")}, ...

Here is a website to list the authentication methods available in IIS.
https://msdn.microsoft.com/en-us/library/ee825205(v=cs.10).aspx

Hope this helps someone.

Eddie