Configure the Required Namespaces

IBM® Cognos® components must have access to a directory server that contains user IDs for all your portal users. Using IBM Cognos Configuration, you must configure an authentication namespace so that the portal and IBM Cognos components share the same authentication source.

Procedure

  1. In IBM Cognos Configuration, configure a namespace to authenticate portal users.

    For instructions, see the topic about configuring authentication providers in the Installation and Configuration Guide.

  2. For an LDAP namespace, configure the following properties:
    • For the Use external identity property, change the setting to True.
    • For the External identity mapping property, set it to

      (uid=${environment("REMOTE_USER")})

      For SharePoint Portal, if SharePoint is on a different machine from the LDAP server, set External identity mapping to

      (uid=${replace(${environment("REMOTE_USER")},"SharePoint_Server\\","")})

    Other properties may be required. For more information, see the topic about configuring IBM Cognos components to use LDAP in the Installation and Configuration Guide.

  3. For an IBM Cognos Series 7 namespace, map the portal user IDs to IBM Cognos Series 7 user IDs using OS signons.

    For more information, see the IBM Cognos Series 7 documentation.

  4. In IBM Cognos Configuration, create and configure a Custom Java™ Provider namespace.

    For instructions, see the topic about configuring a custom authentication namespace in the Installation and Configuration Guide.

    • For the Namespace ID property, specify any new ID.

      For example, cpstrusted

      This new ID must be used in the portlet configuration settings.

    • For the Java class name property, type

      com.cognos.cps.auth.CPSTrustedSignon

      Java class names are case-sensitive.

  5. In IBM Cognos Configuration, under Environment > Portal Services, configure the following properties:
    • For Trusted Signon Namespace ID, type the ID of the namespace that you configured in step 1.
      Tip: The trusted signon namespace acts as an intermediary and must be attached to a real directory-based namespace.
    • For Shared Secret, type the key to be used for single signon.

      This parameter represents the authorization secret that must be shared between the Cognos portlets and the IBM Cognos server. Consider this as a secret password. You must use the same character string when you configure the portlet application. You must use a single word as the key.

      For security reasons, specify a non-null value.

  6. Under Environment, for Gateway Settings, set the Allow Namespace Override property to true.
  7. From the File menu, click Save.
  8. Restart the IBM Cognos service.
Parent topic: Enable Single Signon Using Shared Secret