COGNOiSe.com - The IBM Cognos Community

IBM Cognos Analytics Platform => Cognos Analytics => Administration and Security => Topic started by: Wolverine on 15 Mar 2019 04:06:31 PM

Title: Custom Authentication Namespace
Post by: Wolverine on 15 Mar 2019 04:06:31 PM
Hello.  We are using V 11.0.12 on MS Server 2016, MS  SQL DB 2017, IIS 10.  The way our environment is setup we have to use a CJAP.  I dropped the .jar file in the location it is supposed to be in. When I go to the Cognos frontend I can see it in Cognos Administration/Security Tab, but it is greyed out (see attachment).  Any ideas on why it is greyed out or how to get it to be active?  Please help!!
Title: Re: Custom Authentication Namespace
Post by: bus_pass_man on 15 Mar 2019 04:16:08 PM
Click on log on, which at the right near the top, and log in.

Title: Re: Custom Authentication Namespace
Post by: Wolverine on 18 Mar 2019 10:00:41 AM
You make it sound too easy.... BUT....

This is a brand new install and there are no users except "Anonymous". We are trying to connect to the "Third Party Authentication" via Custom Java to add users to Cognos Namespace Groups. However, the third part does not allow "Anonymous" connections.

So the real question is; How do you get the external namespace active in the Administration Tab to allow Cognos to see the users?

This is the proverbial case of the "Chicken and the Egg"!
Title: Re: Custom Authentication Namespace
Post by: Kiran P on 20 Mar 2019 05:24:08 AM
I am not sure how your custom Java authentication is built but in our case the java module generates a cache containing information about users and their roles as defined in our web application. Then the CAP jar files load these users into cognos thus making them available to content store. So, when we go to custom namespace we already see users and there is no way to add users there.

In our case, we have AD and CAP authentication, so we login with CAP credentials first and then with AD again to impersonate sysadmin access and assign these custom namespace users to content - reports , dashboards, folders etc.

Thanks,
Kiran
Title: Re: Custom Authentication Namespace
Post by: Wolverine on 22 Mar 2019 01:28:22 PM
Thanks, this gives us some new ideas.

However, we do not have admin rights to the Authentication provider. It works like a 'black box' to us. We submit the Java request to the web service and Cognos gets a response.
Title: Re: Custom Authentication Namespace
Post by: gohabsgo on 14 May 2019 01:17:56 PM
Wolverine, bus_pass_man is correct you can't find users (to add them to roles/groups) without being logged into the namespace they are a part of.

You need to be logged into the namespace (DAWS) in order to get access to the users to drop them into the Cognos groups/roles.  In the screenshot you are not logged on (so anonymous access must be on).

Remember (duh) Cognos isn't a user repository, so the authentication source you have must have the users in it.  Back in Cognos configuration right click on the DAWS namespace and click test.  Then put credentials of one of your users and make sure it connects.

Ask your authentication provider administrator for a valid account that you can use as an admin, then log in with that, add to system admin role, remove everyone etc... etc... as per normal.