Disabling the transfer of IBM Cognos passport ID as a URL parameter

To ensure a higher degree of security, you can disable the mechanism that transfers the IBM® Cognos® passport ID as a URL parameter between users' browsers and the IBM Cognos gateway. You can do this only when single signon is implemented between the users' browsers and IBM Cognos Business Intelligence, and, if applicable, IBM Cognos Series 7, independently of Portal Services.

By default, Portal Services re-creates the active credential cookie in the user's browser by passing the passport ID as a URL parameter. If single signon is not implemented, then when portal users interact with Cognos portlets, they are authenticated both in the portal and in IBM Cognos BI. The portal, not the user's browser, maintains the active credential token generated by IBM Cognos BI. In some situations, for example when you want to see a report in a Cognos portlet, a direct connection between the user's browser and the IBM Cognos gateway must be established. This may become a security risk because a valid IBM Cognos passport ID appears in some log files. The same applies when IBM Cognos BI is integrated with IBM Cognos Series 7 and the active credential is passed as a URL parameter.

Procedure

  1. Follow the steps in the section Configuring advanced settings for specific services.
  2. For the PresentationService, in the Parameter column, type the following parameter names and values:
    CPSPropagatePassport
    Controls the transfer of the IBM Cognos Series 7 ticket ID as a URL parameter. When set to 0, it stops the transfer.
    CPSPropagateTicket
    Controls the transfer of the IBM Cognos Series 7 ticket ID as a URL parameter. When set to 0, it stops the transfer.
  3. In the Value column, type 0 for each parameter.
  4. Click OK.
Parent topic: Cognos portlet use with other portals