[Solved] C8 Signle Signon With Active Directory

[davidsoc]

Hello,

I am attempting to setup C8 MR1 to use Active Directory as an authentication provider. I have set up the AD namespace within cognos configuration which seems to work OK. When a user browses onto the C8 server then their account is automatically detetected by the system but they are asked to input their network password. (once the password is entered Connection picks up the users details correctly)

I was under the impression that if i turned off the anonymous access in Cognos Configuration and on my IIS settings then a single signon should function?

I would like to hear from any of you that have successfully got single signon with AD working.

Also I'd be very interested in your best practices / advice in reagrd to using AD instead of S7 as the security provider in day to day admin of the system.

Thanks in advance

Chris

[rmark17]

It sounds as if you are being challenged by IIS.

This can happen if you have a URL with dots such as reporting.mycompany.com (the dots in this case cause the request to be treated as external and will be challenged by IIS.) Ensure that your browser has the domain listed in its "trusted sites" or that you use a proxy server that trusts the domain. If you are on an intranet you can test on IE 6 by opening  IE then Tools/Internet Options/Security then select Local Intranet/Sites/Advanced and add your site to the list or the domain as *.mycompany.com. If you set up an alias without the dots this will not be necessary

[davidsoc]

It sounds as if you are being challenged by IIS.

This can happen if you have a URL with dots such as reporting.mycompany.com (the dots in this case cause the request to be treated as external and will be challenged by IIS.) Ensure that your browser has the domain listed in its "trusted sites" or that you use a proxy server that trusts the domain. If you are on an intranet you can test on IE 6 by opening IE then Tools/Internet Options/Security then select Local Intranet/Sites/Advanced and add your site to the list or the domain as *.mycompany.com. If you set up an alias without the dots this will not be necessary

Thanks for your suggestion but it doesn't seem to have changed the behaviour. I've got the C8 address in my list of trusted sites.

[davidsoc]

 ::) Always read the documentation when you have a problem!

From C8 Install + Configuration Guide (Page 152):

Steps for Single Signon Using REMOTE_USER
1. On every computer where you installed Content Manager, open Cognos Configuration.
2. In the Explorer window, under Security, Authentication, click the Active Directory
namespace.
3. Click in the Value column for Advanced properties and then click the edit button.
4. In the Value - Advanced properties window, click Add.
5. In the Name column, type singleSignonOption
6. In the Value column, type IdentityMapping.
7. Click OK.
The Active Directory provider now uses REMOTE_USER for single signon.

Now single signon works like a dream!