Cognos Analytics

Expand all | Collapse all

AZURE AD OIDC provider : unable to create a schedule

Jump to Best Answer
  • 1.  AZURE AD OIDC provider : unable to create a schedule

    Posted Fri May 24, 2019 11:04 AM
    Hi all,

    Few months ago, I connected Cognos Analytics to Azure AD.
    I used Azure AD OIDC provider.
    It works fine in interactivity mode (portal navigation, dashboards creation, and so on...).
    But we can't create a schedule. Cognos asks us credentials.
    I enable internal OIDC logging.
    You'll find it in the file attached (AZURE_AD_OIDC_provider_log.txt).

    First question = Do you know settings, in AZURE AD application or in Cognos Analytics, for schedule creation to work ?

    I tried OIDC generic provider to connect to AZURE AD, but I didn't find good setup to open a session on Cognos Analytics portal.
    Here is a screen shot of error message
    You'll find the log file attached (generic_OIDC_provider_log.txt)

    Second question = Do you have a "how to" guide to setup generic OIDC for Azure AD ?

    I summarize :
    With Azure AD OIDC provider, I can connect to Cognos Analytics portal, but I can't create schedule.
    With generic OIDC provider, I can't connect to Cognos Analytics portal. 

    Environment :
    Cognos Analytics 11.1.1
    3 directories  : Azure AD,  Cognos Access Manager and AD
    Windows server 2012 R2

    Thanks for your help,
    Regards,

    ------------------------------
    DAVID MOULIN
    Analytics expert
    Micropole
    Levallois-Perret
    ------------------------------

    Attachment(s)



  • 2.  RE: AZURE AD OIDC provider : unable to create a schedule

    Posted Wed May 29, 2019 02:44 AM
    What impacts schedules with OIDC is password grant flow and whether MFA is enabled. Can you share your cogstartup.xml file?

    ------------------------------
    ANTONIO MARZIANO
    ------------------------------



  • 3.  RE: AZURE AD OIDC provider : unable to create a schedule

    Posted Wed May 29, 2019 03:40 AM
      |   view attached
    Here is cogstartup.xml file.
    I followed your last guide about OIDC but it doesn't work for Azure AD.
    Thanks.

    ------------------------------
    DAVID MOULIN
    Analytics expert
    Micropole
    Levallois-Perret
    ------------------------------

    Attachment(s)



  • 4.  RE: AZURE AD OIDC provider : unable to create a schedule
    Best Answer

    Posted Wed May 29, 2019 04:49 AM
    I've tested this inhouse and it works. Checking your generic namespace, you've set the password grant flow to "unsupported" which is incorrect. So, I would suggest you set it as follows:



    Then test.

    ------------------------------
    ANTONIO MARZIANO
    ------------------------------



  • 5.  RE: AZURE AD OIDC provider : unable to create a schedule

    Posted Wed May 29, 2019 05:05 AM
    Your configuration works fine.
    Our waves of migration will be able to continue.
    Thanks a lot

    ------------------------------
    DAVID MOULIN
    Analytics expert
    Micropole
    Levallois-Perret
    ------------------------------