Hi all,
in a multiserver Cognos 11.1.6 environment (2 Dispatcher w/Cm win, 1 Dispatcher Linux, 2 GW win in https with a true certificate created for FQDN), we have configured main authentication system on MSAD and a new one as Open OID with Azure (MS Cloud).
We followed carefully all the configuration steps on both platforms (app ID, directory ID, secret key, and also installed shared certificates).
When I try to login from GW, Cognos doesn't recognize any other Namespace to log in, even if I can see it (grey) in administration console.
When I login through dispatcher (on port 9300) instead, the system asks me to select the Namespace I want to use to login.
If I choose AzureAD, I'm asked for user id and password and then also if I want to remember my choice (so it seems that everything is correct).
But when it's time to redirect to Return URL (https://gw:443/ibmcognos/bi/bi/completeAuth.jsp
I receive back an authentication CA error message: Selected Namespace not valid .....
I've tried also to activate a specific debug log (json.xml), but I can't see anything strange...
If I log in firstly on MSAD (always from dispatcher URL), I'm allowed to do the second login on Azure: but after the 3 previous steps (User, pswd, confirmation), I receive the same error.
May I use a script for Identity claim name properties?? such as: ${replace(${environment("REMOTE_USER")}, "MyDomain\\","")}
and what I have to set in redirect namespace ID? Azure NS ID or principal AD ID ??
Why gateways don't recognize the configured NS, while Dispatcher does?
Could it be a problem with IIS rewrite rules?
Any help is appreciated...
Bruno
------------------------------
Bruno Abuaf
------------------------------
#CognosAnalyticswithWatson