Text only | Text with Images

COGNOiSe.com - The IBM Cognos Community

IBM Cognos 8 Platform => COGNOS 8 => COGNOS Connection => Topic started by: Cinu8 on 15 May 2008 10:06:18 AM

Title: cognos 8.3 connection
Post by: Cinu8 on 15 May 2008 10:06:18 AM
hi every one
i have a problem with our staging cognos connection
we have single sing on enabled
the problem we are getting is when we are on the portal suddenly it time outs and
asks for user name and passowrd not the congos user name and password its Internet Explorer user name and password

i have no idea what causing the problem

please let me know if any body else facing the same issue

cinu


Title: Re: cognos 8.3 connection
Post by: CogDT on 15 May 2008 11:57:49 AM
What are you using as a web server?  Has single signon always worked previously?  There's both an IE and IIS setting for integrated windows authentication...
Title: Re: cognos 8.3 connection
Post by: ducthcogtechie on 15 May 2008 04:42:07 PM
Do you have the advanced property "SingleSignonMapping" with the value "IdentityMapping" set in Cognos Configuration, or are you doing a full kerberos to achieve Single Signon?
Title: Re: cognos 8.3 connection
Post by: Cinu8 on 19 May 2008 04:19:14 PM
sorry for the dealy
we are using kerberos..  single signon
and one importent thing is we have multiy domain set up  in one name space AD_Internal
and we are using IIS as web Server

and also we tried setting up in IE like adding url to the Trusted sites and also Local Intranet
Title: Re: cognos 8.3 connection
Post by: ducthcogtechie on 19 May 2008 04:26:47 PM
If you have a multi-domain in a single forest AD setup, it means you have a few entries in the advanced properties in your AD_Internal namespace connector. What are they?
Title: Re: cognos 8.3 connection
Post by: Cinu8 on 20 May 2008 09:20:33 AM
the advance properties we have is

chaseReferrals       True
multiDomainTrees    True
singleSignonOption  KerberosAuthentication
Title: Re: cognos 8.3 connection
Post by: ducthcogtechie on 20 May 2008 02:46:41 PM
Like CogDT asked; has it worked in the past?
Title: Re: cognos 8.3 connection
Post by: Cinu8 on 22 May 2008 04:08:48 PM
single sing on is working fin in our current production that is 8.2
but this does not have the multipul domain in one name space
and also the properties set as "SinglesingonMapping" and  value as " IdentifyMapping"


Title: Re: cognos 8.3 connection
Post by: ducthcogtechie on 22 May 2008 04:19:34 PM
using "IdentifyMapping" means it's not a full kerberos authentication, but using the kerberos mechanism to some extend and using the readout of the remote_user variable to achive single sign-on. That mechanism is less vunorable then a full kerberos.
Do you want to continue to focus on the full kerberos, or add the "IdentifyMapping" to the staging also, which will probably fix your issue?
Title: Re: cognos 8.3 connection
Post by: SomeClown on 23 May 2008 07:06:56 AM
KerberosAuthentication is an either/or -- the need for the value IdentityMapping is based on how IIS is expecting the credentials.

Go to Microsoft's website and find the Win2K3 utility   WFetch   (should be version 1.4).  Install this to a client machine (not the IIS server).  Open a GET request to your web server,  subdirectory /cognos8  - make the request Anonymous

Read the items returned from the call -- in there you should find the credential type expected (you'll probably see NTLM).  If that is the case (NTLM), then you need to use IdentityMapping for the SingleSignonOption
Text only | Text with Images