Business Analytics

Introduction

This blog provides a comprehensive, step-by-step guide for configuring an Auth0 OpenID Connect integration with IBM Cognos Analytics. The implementation is broken down into two distinct sections for clarity and ease of understanding.

In the first section, we will cover the detailed steps required for configuring Auth0 as the identity provider for Cognos Analytics. The second section will focus on the integration process within Cognos Analytics, ensuring that both platforms are properly connected for seamless authentication.

While this tutorial outlines a specific method for integrating Auth0 with Cognos Analytics, it's important to remember that other configurations and providers may offer similar results depending on your organization's requirements. This blog aims to clarify the process for configuring an Auth0 OIDC connection but is not the only approach available for such integrations.

Overview

Technology/Applications Covered:

• IBM Cognos Analytics 12.0.4 and 11.2.4 Fixpack 4
• Auth0 as an Identity Provider

Prerequisites

• An Auth0 account
• A Cognos Analytics server running versions 12.0.4 or 11.2.4 Fixpack 4

Content Overview

This guide is structured into two main sections:

A) Configuring the Auth0 Identity Provider

• Step 1: Create an Application in Auth0
• Step 2: Configure Allowed Callback URLs
• Step 3: Define Grant Types

B) Setting up the OpenID Connect Connection in Cognos Analytics

• Configuring Cognos Analytics to authenticate via Auth0's OpenID Connect.

Detailed Configuration Steps

A)Configuring Auth0 Identity Provider

Step 1: Creating an Application in Auth0

The following section will walk you through configuring the Auth0 Identity Provider for seamless authentication with Cognos Analytics. It includes details on required grants, configuration steps, and the necessary parameters to ensure a successful integration between the two platforms.

To get started, log in to your Auth0 Identity Provider dashboard. Once logged in:

1. Navigate to the Applications section.
2. Click on Create Application and select Regular Web Application as the application type. This type is ideal for server-side web apps like Cognos Analytics.
3. Provide a name for the application (e.g., “IBMCognos”), and click Create.
4. Take note of the Client ID and Client Secret—these will be required for the Cognos Analytics setup later.

Step 2: Configuring Allowed Callback URLs

For successful authentication between Cognos Analytics and Auth0, it’s essential to configure the Allowed Callback URL in Auth0. This URL defines where the user will be redirected after a successful login.

To configure this:

1. Log in to your Auth0 dashboard and navigate to the application you created for Cognos Analytics.
2. Under the Application URIs section, locate Allowed Callback URLs.
3. In this section, enter the URL where Auth0 will send the authentication response after successful authentication. The URL format should be:

   https://CA_Server/ibmcognos/bi/completeAuth.jsp

   or, if using the dispatcher URL instead of the gateway URL:

   https://CA_Server:9300/bi/completeAuth.jsp

This URL should match the return URL set in your Cognos OpenID Connect namespace configuration. If there’s a mismatch between the two, the authentication will fail.

To configure the required grant types for the application in Auth0, follow these steps:

1. Navigate to the Application Settings: Log into your Auth0 dashboard, then go to the application you created for Cognos Analytics.

2. Go to the Advanced Settings: In the application's settings, find the Advanced Settings section.

3. Select the Grant Types Tab: Within the Advanced Settings, locate the Grant Types tab.

4. Enable the Required Grant Types:

   • Implicit
   • Authorization Code
   • Refresh Token
   • Optionally, enable Client Credentials and Password if your integration requires them.

By enabling these grant types, you're ensuring that your Auth0 application supports the necessary authentication flows for seamless integration with Cognos Analytics, such as the authorization code flow and token refresh capabilities.

B) Setting up the OpenID Connect Connection in Cognos Analytics

Once the Auth0 identity provider is configured, proceed with setting up Cognos Analytics to use the Auth0 namespace.Continue with the following steps to ensure a seamless integration with Cognos Analytics and Auth0.

Launch the Cognos Configuration and create a new authentication OpenID Connect namespace of Type Generic as shown below:

In the Generic OpenID Connect Template for configuring Auth0 with Cognos Analytics, you will need to populate the following fields with the appropriate information from your Auth0 setup:

1. Discovery Endpoint:

   • This is the endpoint where Cognos Analytics retrieves metadata to configure the OIDC connection automatically.
   • Format:https://<Auth0_domain>/.well-known/openid-configuration 
     
     

2. Client ID:

   • This ID is generated when you create an application in Auth0. It's a unique identifier for the application.
     
     

3. Client Secret:

   • The secret key generated alongside the Client ID when creating the Auth0 application.
     
     

4. Return URL:

   • This is the URL to which users are redirected after successful authentication. It must match the Allowed Callback URL in your Auth0 application settings.
   • Example: https://<Cognos_Server>/ibmcognos/bi/completeAuth.jsp
   • If you are using the dispatcher, the format is https://<Cognos_Server>:9300/bi/completeAuth.jsp

5. Scopes:

   • These define the data you are requesting from Auth0. Typically, the openid, profile, and email scopes are used for OIDC authentication.
     Example: openid profile email

6. Unique Identifier:

   • This field typically holds the attribute used to uniquely identify users in Cognos, such as the email claim from Auth0, which contains the unique user ID.
     
     

Now that the configuration of the Auth0 namespace with Cognos Analytics is complete, it is time to test the namespace to ensure the connection is successful. This testing phase will validate whether the integration works correctly and that authentication can be performed without issues. Follow these steps:

1.Test the Namespace Connection in Cognos Analytics:

• • Navigate to Cognos Configuration.
  • Under the Security section, locate the namespace you configured for Auth0.
  • Test the connection to verify that Cognos is able to communicate with Auth0.

2.Authenticate Through the Browser:

• Open a web browser and navigate to the Cognos Analytics URL.
• Select the newly created Auth0 namespace for login
• You will be redirected to the Auth0 login page, where you will authenticate using the credentials managed by Auth0.
• After successful authentication, you should be redirected back to Cognos Analytics and logged in as a recognized user as shown in example below.

Conclusion

In this blog, we've walked through the entire process of integrating an Auth0 Identity provider with Cognos Analytics.

While this guide serves as a comprehensive method for configuring this setup, it’s important to note that different organizations may require alternate configurations depending on their specific needs. Additionally, the steps discussed in this blog involve 3rd-party vendors and services that are beyond IBM's direct scope of support. The objective of this blog is to provide a clear understanding of the configurations needed for Cognos Analytics with Auth0. However, due to evolving technologies, IBM does not assume responsibility for potential future changes in 3rd-party vendors' technical specifications or processes.

It's always advisable to consult the latest documentation from Auth0 or any relevant 3rd-party provider for updates on procedures or configurations. This ensures that your integration remains compatible with future changes or enhancements that the vendors may introduce.

#IBMCognosAnalytics#CognosAnalyticswithWatson#CognosAnalytics#Cognos#cognosanalyticssupport#GlobalBusinessAnalytics

#CognosAnalytics #Snowflake  #JWT #openidoauth  #Security  #LearnCognosAnalytics #resources #CognosAnalytics #IBMCognosAnalytics #cognosanalyticssupport #CognosAnalyticswithWatson