Configuring Security for Portal Services

When using Portal Services in another portal, you must enable single signon to provide seamless integration between the other portal and IBM® Cognos® components.

Portal Services uses single signon to authenticate users. This means that users do not have to log on to other applications separately through the portal.

You must configure a URI into IBM Cognos components for each portlet in Portal Services.

To enable security between IBM Cognos components and the other portal, do the following:

Disable anonymous access to IBM Cognos components.
If your security infrastructure requires you to use another method for single signon, use one of the following methods:
Enable single signon for the other portal using shared secret.
Configure IBM Cognos components for SSL access, if required.
For instructions, see the Installation and Configuration Guide.

Disable Anonymous Access to IBM Cognos Components
Portal Services uses single signon for authentication. If anonymous logon is enabled in IBM Cognos components, Portal Services logs all portal users as anonymous. You must ensure that anonymous access is disabled in IBM Cognos components for single signon in Portal Services to be successful. However, you can test the Portal Services connections using anonymous logon to ensure that the portlets are working in the other portal.
Enable Single Signon Using Shared Secret
You can use shared secret for single signon between IBM Cognos portlets and IBM Cognos components. The Cognos portlets send a message that contains an encrypted version of the portal user ID. The encryption key is determined by the value of a secret character string shared between the portlets and the custom Java security provider on the IBM Cognos server.
Enable single signon with Sharepoint using Kerberos authentication
To use the Kerberos protocol for your web applications, you must configure Internet Information Services (IIS), Sharepoint Portal, Microsoft SQL Server, your web browser, and IBM Cognos BI.
Enable Single Signon for SAP EP with the SAP Logon Ticket
If you enable single signon with the SAP Logon Ticket, you must configure IBM Cognos components with an SAP namespace that links to an SAP BW server.
Enable Single Signon for SAP EP with User Mapping
If you enable single signon with user mapping, you define an IBM Cognos data source in SAP EP. Individual users or an administrator can enter the user IDs and passwords for IBM Cognos components in the data source. You must map the users logon credentials in the data source to a namespace. Portal Services iViews transmit the logon credentials to IBM Cognos components using HTTP Basic Authentication.
Enable Secure Communication Between SAP EP and IBM Cognos Components
A secure connection, using SSL, is not required between SAP EP and IBM Cognos components. It is more important if you enabled single signon with user mapping.
Enable Single Signon for WebSphere Portal Using the Application Server
The Portal Services portlets can use the Active Credentials objects provided by WebSphere® Portal to connect to IBM Cognos components. Portal Services supports the following Active Credentials objects: LtpaToken, SiteMinderToken, and WebSealToken.
Enable Single Signon for Oracle WebCenter Interaction Portal Using Basic Authentication
You can configure a portlet in WebCenter Interaction Portal to send the username and password as an HTTP Basic authentication header. The header can be used with an authentication namespace to provide single signon.
Enable Single Signon for Oracle WebCenter Interaction Portal Using CA SiteMinder
If you use CA SiteMinder to provide single signon in your security infrastructure, you can also use it for single signon with WebCenter Interaction Portal.

Parent topic: Cognos portlet use with other portals