Community
IBM Community Home
AIOps & Management
Business Analytics
Business Automation
Cloud Pak for Data
Data Science
DataOps
Hybrid Data Management
IBM Japan
IBM Z & LinuxONE
Integration
Internet of Things
Power Systems
Public Cloud
Network Automation
Security
Storage
Supply Chain
Watson Apps
WebSphere & DevOps
Log in
Announcements
Blogs
Groups
Discussions
Events
Glossary
Site Content
Libraries
on this day
between these dates
Posted by
Announcements
Blogs
Groups
Discussions
Events
Glossary
Site Content
Libraries
on this day
between these dates
Posted by
Skip to main content (Press Enter).
Sign in
Skip auxiliary navigation (Press Enter).
Business Analytics
Topic groups
Cognos Analytics
Cognos Controller
IBM Spectrum Computing
Planning Analytics with Watson
My Groups
User groups
All User Groups
Events
Upcoming Business Analytics Events
On Demand Webinars
IBM Expert TV
Virtual Community Events
All IBM Community Events
Participate
Post to Forum
Share a Resource
Blogging on the Community
Connect with Business Analytics Users
All IBM Community Users
Resources
IBM Support
IBM Cloud Support
IBM Champions
Demos
Marketplace
Marketplace
Skip main navigation (Press Enter).
Toggle navigation
Content types
Announcements
Blogs
Groups
Discussions
Events
Glossary
Site Content
Libraries
Date range
on this day
between these dates
Posted by
Cognos Analytics
View Only
Group Home
Discussion
8.1K
Library
500
Blogs
517
Events
5
Members
3.9K
Back to Blog List
Administration - How to setup Azure OIDC with Cognos Analytics Release R8+
By
ANTONIO MARZIANO
posted
Wed September 05, 2018 01:25 PM
Options Dropdown
Mark as Inappropriate
0
Recommend
Introduction
Here is another extended approach to providing easy step-by-step guide to setting up an OpenID Connect Namespace with AzureAD. The details below are more simplistic and cover the actual steps to provisioning an application and its registration followed by what details would be required to configure Cognos Analytics Authentication Provider Settings to successfully log in.
Environment
Azure Domain: AZURECOGNOSLAB.onmicrosoft.com
Display Name: COGNOSLAB
On-Premise: Cognos Analytics 11.0.9
Steps
Log in to https://portal.azure.com
Click
More services
Scroll down and click
App registrations
Click
New application registration
Type in a
Name
.
Application type
must be
Web app/API.
Sign-on URL is the entry point to CA11
https://IACSSUK16SRV2.CASUPPORT.SUPPORT2016.AD.HURSLEY.IBM.COM:9309/bi/v1/disp
Click
Create
Edit the Application by selecting
Settings
Click
Reply URLs
to add the Redirect URL
Add the Return URL
Click
Save
Then generate the Client Secret by clicking
Keys
Type in a description
Click
Save
and store the value somewhere as it’s a
once only
opportunity to capture it.
Next find the Tenant ID that will be required to update the Discovery Endpoint
Open the downloaded PortalDiagnostics.json file and locate the “tenants” element"tenants": [
{
"id": "
6b3ec521-c99e-4cc2-bd63-e79e654151da
",
"domainName": "AZURECOGNOSLAB.onmicrosoft.com",
"displayName": "COGNOSLAB",
"isSignedInTenant": true
}
Summary of all the required information to configure the OpenID Connect Namespace for Azure are:Tenant ID - 6b3ec521-c99e-4cc2-bd63-e79e654151da
Client ID - acd096fc-e0f8-4740-8267-18a947aa809e
Client Secret - WgYNsqAZfBa1DGtdEJRgAw9ap79WGKgs1BG9lnTaEH8=
Return URL https://IACSSUK16SRV2.CASUPPORT.SUPPORT2016.AD.HURSLEY.IBM.COM:9309/bi/completeAuth.jspNext, transfer the above configuration information into a new Azure OIDC Namespace
Create a new Namespace
Transfer the details as outlined in point 15 above
Discovery Endpoint is:
https://login.microsoftonline.com:443/
{tenantid}
/.well-known/openid-configurationReplace the ‘{tenanted}’ with the alpha-numeric captured from Step 14https://login.microsoftonline.com:443/
6b3ec521-c99e-4cc2-bd63-e79e654151da
/.well-known/openid-configurationPopulate the Client ID, OpenID Connect client secret value and Return URLSo, now the configuration looks like this:
NB: Make sure all URIs are switched from HTTP to HTTPS
Save the configuration and exit
but do not start
.
Download the certificate (issuer)
With your web browser access the discovery endpoint and download the issuer certificate:
https://login.microsoftonline.com:443/
6b3ec521-c99e-4cc2-bd63-e79e654151da
/.well-known/openid-configuration
Save the certificate (*.crt) in the CA installation
/bin64
directory
Open a command window and navigate to the
/bin
directory and execute the following command:
ThirdPartyCertificateTool.bat -i -T -r stamp2loginmicrosoftonlinecom.crt -p NoPassWordSet
Open Cognos Configuration and start the service.
Open CA11 URL and select the AzureAD namespace
Log in using the AzureAD user login.
Troubleshooting
Log in fails with the following error - CA Initialization Information Cannot login
Resolve by regenerating a new Client Secret Value (See step 11 above) and replace the existing entry in the Cognos Configuration Namespace:
Save and restart
Error during startup shows the following exception
Audit.RTUsage.cms.CAM.AAA.SRVC StartService NameSpace CAMID("AzureAD") Warning <exception><![CDATA[com.ibm.cognos.camaaa.internal.auth.exception.UnrecoverableException at com.ibm.cognos.camaaa.internal.customLegacy.exception.UnrecoverableExceptionConverter.convertException(UnrecoverableExceptionConverter.java:63) at com.ibm.cognos.camaaa.internal.OIDC.handler.OIDCHandler.init(OIDCHandler.java:57) at com.ibm.cognos.camaaa.internal.common.handler.HandlerFactoryImpl.initializeHandler(HandlerFactoryImpl.java:577) at com.ibm.cognos.camaaa.internal.common.handler.HandlerFactoryImpl.createHandler(HandlerFactoryImpl.java:324) at com.ibm.cognos.camaaa.internal.auth.handler.AuthHandler.populateHandler(AuthHandler.java:195) at
Resolved by ensuring the correct certificate chain is imported into the keystore (see step 19-21)
#Support
#Resources
#azure
#Tutorials
#LearnCognosAnalytics
#home
#administration
0 comments
185 views
×
Reason for Moderation
Describe the reason this content should be moderated (required)
Permalink
Business Analytics
Topic groups
Cognos Analytics
Cognos Controller
IBM Spectrum Computing
Planning Analytics with Watson
My Groups
User groups
All User Groups
Events
Upcoming Business Analytics Events
On Demand Webinars
IBM Expert TV
Virtual Community Events
All IBM Community Events
Participate
Post to Forum
Share a Resource
Blogging on the Community
Connect with Business Analytics Users
All IBM Community Users
Resources
IBM Support
IBM Cloud Support
IBM Champions
Demos
Marketplace
Marketplace
Copyright © 2019 IBM Business Analytics Community. All rights reserved.
Powered by Higher Logic