Configuring IBM Cognos BI to use an Active Directory namespace for Kerberos authentication

You can use the Active Directory server as your authentication source and for single signon by using Kerberos delegation. Use IBM® Cognos® Configuration to configure the namespace for Kerberos authentication.

About this task

By default, the Active Directory provider uses Kerberos delegation and integrates with the Microsoft IIS web server for single signon if integrated authentication (formerly named NT Challenge Response) on a Microsoft Windows operating system is enabled on the IIS web server.

Set up the computers, or the user account under which SharePoint runs, to be trusted for delegation. When you are setting up the computers by using the Active Directory user tool, do not select the Account attribute, which is sensitive and cannot be delegated.

Procedure

  1. In every location where SharePoint is installed, open IBM Cognos Configuration.
  2. In the Explorer window, under Security, right-click Authentication, and click New resource, Namespace.
  3. In the Name box, type a name for your authentication namespace.
  4. In the Type list, click Active Directory and then click OK.

    The new authentication provider resource is displayed in the Explorer window, under the Authentication component.

  5. In the Properties window, for the NamespaceID property, specify a unique identifier for the namespace.
    Restriction: Do not use colons (:) in the Namespace ID property.
  6. Specify the values for all other required properties to ensure that IBM Cognos can locate and use your existing authentication provider.
  7. Click File > Save.
  8. Test the connection to a new namespace. In the Explorer window, under Authentication, right-click the new authentication resource and click Test.
  9. To disable Anonymous authentication, complete the following steps:
    1. In the Explorer window, under Security, Authentication, click the authentication namespace that you created.
    2. In the Properties window, ensure that Allow anonymous access is set to False.
    3. Click File > Save.
    4. Repeat steps a to c on all web application servers that use Kerberos authentication.
Parent topic: Enable single signon with Sharepoint using Kerberos authentication