If you are unable to create a new account, please email support@bspsoftware.com

 

Arbitrary headers in Custom Java Authentication provider

Started by bsdocke1, 11 Feb 2018 02:10:39 PM

Previous topic - Next topic

bsdocke1

We have an instance of Cognos Analytics 11.0.8 running on a Windows Server 2012 64-bit VM. We built and installed a Custom Java Authentication Provider so that we could use an internal auth system for logging in. Everything was working smoothly until a requirement was dropped on us to take in the username via an HTTP header that is injected by a proxy into all traffic (we'll call the header CUSTOM_USERNAME).

Previously we were implementing the AuthProvider interface and accepting all credentials as Form fields which we extracted from ibusRequestHeader2 object that comes in. From the research I've done I've seen support for certain standard headers like REMOTE_USER, METHOD, etc... but my attempt to get arbitrary headers using getEnvVars hasn't yielded any results.

Has anyone had any experience with this, or know if this is even supported? Unfortunately we don't have the option of changing the headername or sending the values in a cookie instead, otherwise we would just go with that.