Troubleshooting
Problem
When attempting to access Cognos Analytics via SSO, through a Webseal junction a 403 error message is returned.
Symptom
403 response is returned for a URL that passes through Webseal to Cognos Analytics.
An example from the Webseal pdweb debug (but Fiddler or the Browser's Developer Tools should show the same response):
Request:
GET /ibmcognos/bi/v1/configuration/keys/Glass/installMode HTTP/1.1
accept: */*
accept-language: en-US
connection: close
content-type: application/json; charset=utf-8
host: <cognos webserver>
iv-user: <some user>
referer: <external junction URL>/ibmcognos/bi/
user-agent: <user agent>
via: HTTP/1.1 <external URL>:443
iv_server_name: <server>
x-requested-with: XMLHttpRequest
Cookie: cookieEnabledPersist=true; cookieEnabledSession=true; <cookie_name>=<value>; <cookie_name>=<value>; IV_JCT=%2Fibmcognos; XSRF-TOKEN=<xsrf-token-value>
Response:
HTTP/1.1 403 Forbidden
connection: close
content-language: en-US
date: Tue, 31 Jul 2018 16:36:57 GMT
cache-control: must-revalidate
expires: Thu, 01 Jan 1970 00:00:00 GMT
x-powered-by: Servlet/3.1
x-bi-xsrf: Rejected
x-ca-affinity: <value>
Cause
Webseal is currently configured to append the junction name to the cookie names of the cookies that are set by Cognos.
Environment
Cognos Analytics
Webseal
IHS
Diagnosing The Problem
Reviewing the pdweb debug tracing, or fiddler should show you the change of the cookie names.
In this case, the XSRF-TOKEN cookie is being renamed.
Below is the cookie as set by Cognos Analytics:
Set-Cookie: XSRF-TOKEN=<Token Value>; Path=/ibmcognos/bi
Below is the XSRF-TOKEN cookie having been renamed by WebSeal:
Set-Cookie: <JUNCTION_IDENTIFIER>!%2Fibmcognos!XSRF-TOKEN=<Token value>; Path=/
Resolving The Problem
Preserve the cookies that are set by Cognos Analytics to ensure that the product functions appropriately by adding the cookie for preserve-cookie-names in the Webseal configuration file.
[preserve-cookie-names]
name = XSRF-TOKEN
For more information, please contact your Webseal Administrator.
Was this topic helpful?
Document Information
Modified date:
09 August 2018
UID
ibm10725451