connection server URI Active Credential Type LtpaToken Important The connection

Connection server uri active credential type

This preview shows page 12 - 15 out of 26 pages.

<connection server URI> Active Credential Type LtpaToken Important:The connection server is to contain the URI to access the WSDL location via a gateway. See Appendix D – The Connection Server URIto help determine the proper value based on your setup and the Portlet type. In this case, the Gateway has to be a Servlet Gateway running inside a WebSphere Application server. The Active Credential Typeis the key to enabling the sending of the LTPA token back to the Alternate Gateway. Make sure the spelling for LtpaTokenis exact. Step 4 – Configure the LDAP or Active Directory namespace in ReportNet
Background image
Enabling Single-Sign-On on WebSphere Portal in IBM Cognos ReportNet 13 Cognos Proprietary Information All request sent by the Cognos Portlets to the “CPS Endpoint” will carry the LTPA Token. When receiving those requests aimed at a resource protected by Application Server security, the Application Server first authenticates the user implicitly sending the requests through the Portal based on the identity contained in the LTPA token. Authentication is done against the User Registry configured for the Application Server, i.e. an LDAP. Once authentication is successful the Application Server will populate USER_PRINCIPAL and REMOTE_USER with the User ID of the authenticated user. Both of those variables can be consumed by an LDAP namespace via the $environment{} macro and are hence valid for SSO. IBM Cognos ReportNet will look up the users in the LDAP again and if found authenticate the user for IBM Cognos ReportNet. For the IBM Cognos ReportNet LDAP namespace to map user IDs correctly, external user mapping needs to be enabled. See Appendix B – Enable External Identity Mapping for LDAP Namespacefor more details. For AD namespaces, see Appendix C – Enabling Identity Mapping for AD Namespaces.
Background image
Enabling Single-Sign-On on WebSphere Portal in IBM Cognos ReportNet 14 Cognos Proprietary Information Appendix A – Installing a Dedicated GatewayThis section provides a high-level overview of installing a dedicated gateway. Please refer to the IBM Cognos Install & Configuration Guide for more details about dedicated and alternate Gateways. Installing a Gateway 1.Run the IBM Cognos ReportNet installation CD. 2.Select a server or folder for the new gateway. The gateway can be on the same machine as the main IBM Cognos installation, but it is mandatory that you install this dedicated gateway to a separate folder than the main IBM Cognos ReportNet installation. (i.e. a new folder like “cpsgateway” will suffice). Configuring a Gateway The first step is to determine the type of Gateway required. There are four types of gateways: CGI, ISAPI, MOD(2), and Servlet. The type of gateway to use depends on your environment and preference. When SSO is performed by an application server, such as in certain cases of SAP User Mapping and WebSphere LTPA token, a servlet gateway must be installed. For brevity, the rest of this section will describe how to setup a CGI gateway on IIS.
Background image
Image of page 15

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture