Configuring Integrated Login for Cognos TM1 Web using Kerberos
You can set up IBM® Cognos® TM1® Web to use Integrated Login with the Kerberos security protocol. This is the type of authentication works with TM1 IntegratedSecurityMode=3.
About this task
In Cognos TM1 Web version 10.2, you must enter your Microsoft Windows authentication in the Cognos TM1 Web login dialog box. The login dialog box allows you to choose either native TM1 or Microsoft Windows login.
In order to run Cognos TM1 Web in a Kerberos environment, you must properly configure that environment for Kerberos to work with the Java™ Runtime that is running the Cognos TM1 Web service.
Cognos TM1 Web version 10.2 uses Java Generic Security Service (JGSS) to support Kerberos Windows Authentication. This is the type of authentication you get when you use the TM1 IntegratedSecurityMode=3. Additional information on how to set up a Kerberos Windows Authentication to work in a Java environment is available at the following link:
IBM Security information for Java V6 > Java Generic Security Service (JGSS) > Java Generic Security Service (JGSS) User's Guide Configuration and policy files (http://publib.boulder.ibm.com/infocenter/javasdk/v6r0/index.jsp?topic=%2Fcom.ibm.java.security.component.60.doc%2Fsecurity-component%2FjgssDocs%2Fconfig_files.html)
Documentation about setting up the LoginModule for acquiring Kerberos Credentials for the IBM Java runtime is described at this link:
com.ibm.security.auth.module Class Krb5LoginModule (http://pic.dhe.ibm.com/infocenter/java7sdk/v7r0/index.jsp?topic=%2Fcom.ibm.java.security.component.70.doc%2Fsecurity-component%2FjgssDocs%2Fconfig_files.html)