We currently have 2 authentication sources. The first authentication source is Active Directory. We have it configured to use SSO and everything appears to be working correctly. The user is not prompted for user name and password and Cognos shows the correct user name.
Since we had AD working, we want to use our 2nd authentication source and have it available for all Active Directory domains. In doing this we are using a tool called VIS (Virtual Identity Service). This service will search multiple domains and authenticate the users. The authentication works but the users are prompted to enter their user name and password.
We have added the following advanced settings:
MultiDomainTrees = True
chaseReferrals = False
singleSignOnOption = IdentityMapping
IIS is configured for Integrated Windows Authentication and Anonymous access.
We do not want to prompt the user for their name. Any ideas?
Is VIS LDAP Compliant? You could try configuring it as an LDAP provider and using Remote_user.
Resources
http://publib.boulder.ibm.com/infocenter/c8bi/v8r4m0/index.jsp?topic=/com.ibm.swg.im.cognos.crn_arch.8.4.0.doc/crn_arch_id4601Securing_Access_to_Cognos_Connection.html
http://www-01.ibm.com/support/docview.wss?uid=swg21350127