Cognos Analytics

Expand all | Collapse all

Problems with sharing of dashboards using Iframe and Azure AD og ADFS

  • 1.  Problems with sharing of dashboards using Iframe and Azure AD og ADFS

    Posted 30 days ago
    Edited by Rikke Jacobsen 26 days ago
    Solved: We have solved it, I will describe the solution in a comment below:

    We want to share some dashboards in Microsoft CRM.
    We are doing it using an Iframe, and we have copied it from the Share menu from the Dashboard in Cognos Analytics.
    We are using Azure AD as user security and we also get the same problems using ADFS.
    I hope some of you already have a solution for it, and that you can help me with a solution. Because we need some more code to get the Iframe to work.

    We get this error now:
    Error in CA-logon validation
    Cannot create account object.


    ------------------------------
    Rikke Jacobsen
    CEO
    CogniTech A/S
    Herning
    +4520859352
    ------------------------------


  • 2.  RE: Problems with sharing of dashboards using Iframe and Azure AD og ADFS

    Posted 30 days ago
    You are probably getting the error due to trying to set a cookie from a different site. A lot of changes were made recently to block this. See for example: https://docs.microsoft.com/en-us/azure/active-directory/develop/howto-handle-samesite-cookie-changes-chrome-browser?tabs=dotnet. This would be the case if for example your Microsoft CRM site were somesite.microsoft.com but your dashboards are on cognos.yourcompany.com. In that case microsft.com != yourcompany.com. You might be able to relax some settings to allow it if your security allows it. Using browser debugging might shed some light on which call failed and why.

    ------------------------------
    Robert Hofstetter
    ------------------------------



  • 3.  RE: Problems with sharing of dashboards using Iframe and Azure AD og ADFS

    Posted 30 days ago
    We have tried setting it to lax, that didn't give anything, so we will try some of the other setting in the document.

    ------------------------------
    Rikke Jacobsen
    CEO
    CogniTech A/S
    Herning
    +4520859352
    ------------------------------



  • 4.  RE: Problems with sharing of dashboards using Iframe and Azure AD og ADFS

    Posted 28 days ago
    Hi Rikke, 

    If the problem is due to Samesite cookie across domains, you can refer to the below thread where I provided references to the changes to be made to IIS to set Samesite to None; Secure. Setting it to Lax is the default behavior and will not allow accepting cookies from cross domains. 

    https://community.ibm.com/community/user/businessanalytics/communities/community-home/digestviewer/viewthread?MessageKey=110a3c3f-bfa3-4ae7-b6b2-ffff29391930&CommunityKey=6b10df83-0b3c-4f92-8b1f-1fd80d0e7e58&tab=digestviewer#bm110a3c3f-bfa3-4ae7-b6b2-ffff29391930

    Regards,

    ------------------------------
    Kiran Passumarthi
    www.linkedin.com/in/kiranpassumarthi
    ------------------------------



  • 5.  RE: Problems with sharing of dashboards using Iframe and Azure AD og ADFS

    Posted 29 days ago
    Hi Rikke,

    We just resolved what sounds like a very similar issue. After scouring the web and days of trial and error, we finally found this to work for us.

    On our gateway server, we are running IIS and had to make the following change in IIS. We may have made the change at a higher level than necessary, but it works.

    At the "Default Web Site" level, I added to HTTP Response Headers.

    Open HTTP Response Headers, and click Add... in the Actions menu.
    It should open a window "Edit Custom HTTP Response Header."
    For Name, type Access-Control-Allow-Origin.
    For Value, type *.


    You can play with using it at different levels, it may be that you only need it at the ibmcognos, bi, or sso level.

    Let me know if that works!

    ------------------------------
    Jonathan McKnight
    5x IBM Champion
    Business Intelligence Analyst
    Nashville, TN
    www.linkedin.com/in/jonathanmcknight
    ------------------------------



  • 6.  RE: Problems with sharing of dashboards using Iframe and Azure AD og ADFS

    Posted 25 days ago
    Our solution to the problem:

    Turns out it is a limitation in chromium based browsers – issue is with "samesite cookies".

    We created a new outbound rule – like this:

    On the "ibmcognos"-site:

    • URL Rewrite - create new outbound rule
    • [Matching scope] = Server Variable
    • [Variable name]: RESPONSE_Set-Cookie
    • [Variable value] = Matches the Pattern
    • [Pattern]: ^(.*=.*)$
    • [Action type] = Rewrite
    • [Action Properties] – [Value]: {R:0};SameSite=None;Secure
    • Make sure [Replace existing server variable] is checked

     

     



    ------------------------------
    Rikke Jacobsen
    CEO
    CogniTech A/S
    Herning
    +4520859352
    ------------------------------



  • 7.  RE: Problems with sharing of dashboards using Iframe and Azure AD og ADFS

    Posted 25 days ago
    Hi Rikke, 

    This is what I responded to in my post two days ago with a reference to another thread where I have mentioned the solution. Also, for Pattern even if you use .* that would suffice; at least that worked for us. 

    Glad that your problem is resolved. 

    Regards,

    ------------------------------
    Kiran Passumarthi
    www.linkedin.com/in/kiranpassumarthi
    ------------------------------



  • 8.  RE: Problems with sharing of dashboards using Iframe and Azure AD og ADFS

    Posted 25 days ago
    Thank you Kiran, but we worked on it Wednesday and finished Friday, so ufortunately we got your input too late. :-)

    ------------------------------
    Rikke Jacobsen
    CEO
    CogniTech A/S
    Herning
    +4520859352
    ------------------------------