If you are unable to create a new account, please email support@bspsoftware.com

 

News:

MetaManager - Administrative Tools for IBM Cognos
Pricing starting at $2,100
Download Now    Learn More

Main Menu

Dual Login (Active Directory and local users)

Started by markryan, 10 Oct 2008 11:41:57 AM

Previous topic - Next topic

markryan

Hi all,

I'm new to Cognos administration, so sorry if this is a real simple solution.

What we would like is to setup our development environment to have dual login.
1. domain users with single signon - this would be the default.
2. local server account - so we can login to an account with different access.

We had the local accounts working through NTLM before the server was on the domain.  And we have single signon for domain users now that we're on the domain.

I would like to have the ability to run my browser as a non-domain user so single signon fails.  And then have the ability to type in the user/pwd for that non-domain user.

One thing I should mention is that we don't have the ability to create new domain users for this.

Is there a proven approach documented anywhere?

Thanks in advance...

ducthcogtechie

In Cognos configuration you should create 2 authentication connectors.
1 for AD, and 1 for NTLM.
The AD can be configured for SSO as you want, and the NTLM does not have SSO, so you will get an authentication screen.

harish.malik

dutchcogtechie is correct.

You need to define two (2) authentication connectors under the Cognos Configuration. Once defined, you will be asked to choose one of the security authentication at the logon screen, and the users can choose the appropriate logon security as per their profile.

Regards,
~Harish

markryan

Thanks.  That works great actually.  I was hoping to have a completely seamless login if using a valid domain account (not be prompted at all for login type when already logged into the domain), but I think this is simpler for our Dev and QA environments.

Out of curiosity, is that possible?  Could I have it setup for a production environment where valid domain users get sent directly to the site's content, but if your current user isn't authenticated, you then get prompted to supply a valid AD or NTLM account?  I'm asking because we all know that this is going to come up as soon as I tell a client I have a great authentication setup available.

Thanks again.  This forum has been really great for a newbie to Cognos like myself.

ducthcogtechie

My experience is that if the SSO handshake fails, cognos 8 will not revert to an authentication page.

What you can do is set SSO on the cognosisapi.dll and leave the cognos.cgi set to anonymous.
That way users going to http://servername/cognos8 will get SSO and users going to http://servername/cognos8/cgi-bin/cognos.cgi will get an authentication page.

Not so fancy but it works.

(you can create your own aliases in IIS to redirect to this cognos.cgi, so you could get http://servername/cognos8/logon for example)


harish.malik

Nice Suggetions!!

I might disturb you, when I would implment the same kind of the behaviour in our enviornment.

Till Then..keep posting/sharing

Regards,
~Harish