IBM Support

Single Signon (SSO) based on External Identity Mapping is not successful in Cognos Analytics 11.x

Troubleshooting


Problem

When attempting to use a Custom HTTP Header variable to authenticate against Cognos Analytics 11.x, Users are still prompted to log into Cognos with Basic Signon.

Symptom

Users are prompted to log into the Cognos login page.

Custom HTTP Header variable is not being used to Authenticate against the LDAP Server.

External Identity LDAP filter is not being generated.

Cause

The Custom HTTP Header variable is not being passed from Internet Information Services (IIS), through the proxy/url rewrite. Due to not being passed, Cognos Analytics cannot use it to be turned into the LDAP search filter identified by the External Identity Mapping

Environment

Windows

Application Request Routing (ARR)

URL Rewrite

Cognos Analytics 11.x

Internet Information Services (IIS)

Resolving The Problem

In IIS Manager, create the Custom HTTP Header variable beneath Server Variables and associate it to the Headers rule under the /ibmcognos/bi path.

To determine the best method of implementing this HTTP Header variable, you must consult with your IIS Web Administration team, or Microsoft.


For more information, please visit:

https://www.iis.net/learn/extensions/url-rewrite-module/url-rewrite-module-20-configuration-reference#Setting_Server_Variables



https://technet.microsoft.com/en-us/library/ee215192%28v=ws.10%29.aspx

https://www.iis.net/learn/extensions/planning-for-arr/using-the-application-request-routing-module

[{"Product":{"code":"SSTSF6","label":"IBM Cognos Analytics"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"Administration and Configuration v11x","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"11.0","Edition":"","Line of Business":{"code":"LOB10","label":"Data and AI"}}]

Document Information

Modified date:
15 June 2018

UID

swg21992853

Page Feedback