Troubleshooting
Problem
You have enabled single signon to use Kerberos authentication with constrained delegation with IBM Cognos Analytics 11.1.x by following all the steps described in the documentation: https://www.ibm.com/docs/en/cognos-analytics/11.0.0?topic=essbadscc-enabling-single-signon-use-kerberos-authentication-constrained-delegation
Everything works fine when users use the Microsoft Internet Explorer browser, but not the Google Chrome and Microsoft Edge browsers.
Cause
Actually, users need to have the following registry setting for Google Chrome and Microsoft Edge: AuthNegotiateDelegateallowlist.
Resolving The Problem
AuthNegotiateDelegateallowlist is a registry key with type REG_SZ. The value must be the domain for which you configure SSO for. Example: *.ibm.com
If this registry key does not exist, it can be created.
For Google Chrome, its location is:
[HKEY_LOCAL_MACHINE\Software\Policies\Chrome]
[HKEY_LOCAL_MACHINE\Software\Policies\Chrome]
For Microsoft Edge, its location is:
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Edge]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Edge]
/!\ You must backup the registry before modifying it.
Related Information
Document Location
Worldwide
[{"Type":"MASTER","Line of Business":{"code":"LOB10","label":"Data and AI"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSTSF6","label":"IBM Cognos Analytics"},"ARM Category":[{"code":"a8m50000000Cl6OAAS","label":"Installation and Configuration->Authentication"}],"ARM Case Number":"TS006416918","Platform":[{"code":"PF033","label":"Windows"}],"Version":"11.1.7"}]
Was this topic helpful?
Document Information
Modified date:
18 August 2021
UID
ibm16481959