single signon from web application to cognos upfront

[mail4nrs]

I have web application using cognos Impromptu reports. When users are added to this system, I have a COM object written in VB6.0 to add the users information in cognos. It works fine but it always goes to cognos logon screen asking for login information. I want to avoid this login.

Is there a configuration which I need to change. please advise


Here is my code when they click the link for 'Reports':

URLstr ="[url="https://ngb-66c05-mtora.ngb.army.mil/cognos/cgi-bin/login.cgi?cad=EnterpriseCognosAdditionalReports&action=login&signon="+escape(uid)+"&password=ES3v2cuser!&return_url=%2Fcognos%2Fcgi-bin%2Fupfcgi.exe%3Fxmlcmd%3D%3CGetPage%3E%3CTemplate%3Emain.utml%3C%2FTemplate%3E%3C%2FGetPage%3E%26id%3d332b40c5b68711d9b319c1515caae3de"]https://ngb-66c05-mtora.ngb.army.mil/cognos/cgi-bin/login.cgi?cad=EnterpriseCognosAdditionalReports&action=login&signon="+escape(uid)+"&password=ES3v2cuser!&return_url=%2Fcognos%2Fcgi-bin%2Fupfcgi.exe%3Fxmlcmd%3D%3CGetPage%3E%3CTemplate%3Emain.utml%3C%2FTemplate%3E%3C%2FGetPage%3E%26id%3d332b40c5b68711d9b319c1515caae3de[/url]

The code for my COM pbject where user's are created:

Public Function UpdateES3CognosUser(Uid As String, Lname As String, Fname As String, uclass As String, actionType As String) As Integer

    Dim objAuthApp As Object
    Dim objAuthDoc As Object
    Dim objRegUser As Object
    Dim objRootClass As Object
    Dim objUserClass As Object
    Dim objRegDB As Object
    Dim objDBS As Object
    Dim sSignOnName As String
    Dim DOMDoc As New MSXML2.DOMDocument40
    Dim sNode As IXMLDOMNode
    Dim sNodeList As IXMLDOMNodeList
    Dim sUserName As String
    Dim sFName As String
    Dim sLName As String
    Dim sEmail As String
    Dim sPassword As String
    Dim i As Integer
    Dim j As Integer
    Dim sNodeName As String
    Dim classList As Variant
    Dim sOldpwd As String
   
    On Error GoTo errhandler:
   
    'Load the xml file into DoM Document
    'DOMDoc.async = False
    'DOMDoc.Load (oXml)
   
    'Instantiate cognos authentication objects
   
    Set objAuthApp = GetObjectContext.CreateInstance("Authenticator2.Application")
    Set objAuthDoc = objAuthApp.Documents.OpenWithBasicSignon("Default", "OpsAdmin", "OPS123!!", 0)
    Set objRootClass = objAuthDoc.RootUserClass
    Set objRegDB = objAuthDoc.DataSourceFolder.Databases("ES3")
   
    'Get the user attribtues from the DOM Document
    sUserName = Uid
    sFName = Fname
    sLName = Lname
    sSignOnName = Uid
    'sOldpwd = opwd
    sPassword = "ES3v2cuser!"
    classList = uclass
   
   
   
    If UCase(actionType) = "NEW" Then
   
     
       
        'Add user to the cognos users folder
        Set objRegUser = objAuthDoc.UserFolder.Users.Add(sUserName)
       
        'Set OSsignOn name
        'objRegUser.IdentificationInformation.OSSignons.Add (sSignOnName)
       
       
        'Set BasicSignOn name
        objRegUser.IdentificationInformation.BasicSignons.Add (sSignOnName)


        objRegUser.IdentificationInformation.BasicSignons.Item _
         (sSignOnName).Password("") = sPassword
       
        'Set Database signon
        'Set objDBS = objRegDB.DataBaseSignons.Add(sUserName)
       
        Set objDBS = objRegDB.DatabaseSignons("cognosuser")

        objRegUser.AutoAccessInformation.DatabaseSignons.Add objDBS
       
        'Set Database password
        'objDBS.Password("") = sPassword
       
        'Set auto access information property and users attributes
        'objRegUser.AutoAccessInformation.DataBaseSignons.Add objDBS
        objRegUser.AllowPersonalNewsBox = True
        objRegUser.FirstName = sFName
        objRegUser.LastName = sLName
        'objRegUser.EmailAddress = sEmail
       
        ''Loop through roles and to cognos user classes
         'classList = Split(uclass, ",")
        ''Set sNodeList = DOMDoc.selectNodes("//ROLE[@cg_class = 1]")
       
        'For i = 0 To UBound(classList)
            'Set objUserClass = objRootClass.UserClasses.Item(CStr(classList(i)))
            'objUserClass.Users.Add objRegUser
        'Next
         
         Set objUserClass = objRootClass.UserClasses.Item(classList)
         objUserClass.Users.Add objRegUser
   
        'Prevent user from changing their password in Cognos
        objRegUser.UserCanNotChangePassword = True

        'set function return value
        UpdateES3CognosUser = 0
       
    ElseIf UCase(actionType) = "UPDATE" Then
         
        'Set objRegUser = objAuthDoc.UserFolder.Users(sUserName)
        'Set objRootClass = objAuthDoc.RootUserClass
        ''int1 = objRootClass.UserClasses.Count
         
        'For j = 1 To objRootClass.UserClasses.Count
        '    Set objUserClass = objRootClass.UserClasses.Item(j)
        '    objUserClass.Users.Remove objRegUser
        'Next
         
         
        ''Loop through roles and to cognos user classes
        ' classList = Split(uclass, ",")
       
        'For i = 0 To UBound(classList)
           ' Set objUserClass = objRootClass.UserClasses.Item(CStr(classList(i)))
           'objUserClass.Users.Add objRegUser
        'Next
       
       
        'Set objUserClass = objRootClass.UserClasses.Item(classList)
        'objUserClass.Users.Add objRegUser
   
        'objRegUser.FirstName = sFName
        'objRegUser.LastName = sLName
         
        'objRegUser.IdentificationInformation.BasicSignons.Item _
         (sSignOnName).Password(sOldpwd) = sPassword
         
         
   
       
        'Loop through roles and to cognos user classes
        'Set sNodeList = DOMDoc.selectNodes("//ROLE[@cg_class = 1]")
        'For i = 0 To (sNodeList.length - 1)
        '    sNodeName = sNodeList.Item(i).Text
        '    Set objUserClass = objRootClass.UserClasses.Item(sNodeName)
        '    objUserClass.Users.Add objRegUser
        'Next
       
        'set function return value
        UpdateES3CognosUser = 0
    Else
        UpdateES3CognosUser = -1
    End If
   
    'no errors then set complete...
    If Not objContext Is Nothing Then
         objContext.SetComplete
    End If
   
    Exit Function
   
errhandler:
   
   ' Problem with the transaction...
    If Not objContext Is Nothing Then
       objContext.SetAbort
    End If
   
    UpdateES3CognosUser = -1

    Err.Raise Err.Number, "c_Cognos.UpdateES3CognosUser", Err.Description
   

End Function

[Darek]

It's scary and highly insecure to use this method of login, as uid and password can be sniffed from the URL. And from the looks of it this is a military server ...

Anyhow, if I'm not mistaken, the parameters for login.cgi are action, uid, pwd and ru (or back).

You should opt for NTCR or SiteMinder driven authentication. You could also leverage TrustedSDK to authenticate using an ARMY passport cookie if you have one available. Ask anyone at MTMC in Washington how it was done. I've wrote the code for them a long time ago.

The COM is probably working properly assuming you get your new users created and they can login using the Upfront FORM authentication.