Thanks so much for sharing everyone. I can't tell you how helpful this post has been. We're facing a similar issue in our production environment. Is there any way of leveraging the custom fields with the Azure AD 1.0 settings, to pass the credentials for Scheduling? We're trying to avoid deleting the current NAMESAPCE and adding Azure AD 2.0 to our Cognos 11.2.4 install.
Original Message:
Sent: Tue August 08, 2023 12:46 PM
From: Amy Rivito
Subject: CA v11.1.7 with AzureAD : unable to renew credentials and unable to run scheduled reports
We are also using OIDC with AzureAD and MFA. It took us forever to get the settings correct. I'm unable to upload our settings here so I will try to email you a word doc.
------------------------------
Amy Rivito
Original Message:
Sent: Tue August 08, 2023 11:33 AM
From: Patrick Neveu
Subject: CA v11.1.7 with AzureAD : unable to renew credentials and unable to run scheduled reports
Hi Amy,
I am using OIDC with AzureAD as provider type. In this case, I believe there is no such Scheduling credentials option.
Please correct me if I am wrong.
Best regards,
------------------------------
Patrick Neveu
Positive Thinking Company
IBM Champion
Original Message:
Sent: Tue August 08, 2023 11:12 AM
From: Amy Rivito
Subject: CA v11.1.7 with AzureAD : unable to renew credentials and unable to run scheduled reports
Try changing the Strategy setting under Scheduling credentials in Cognos Configuration to ID Token Only
------------------------------
Amy Rivito
Original Message:
Sent: Fri August 04, 2023 04:09 AM
From: Patrick Neveu
Subject: CA v11.1.7 with AzureAD : unable to renew credentials and unable to run scheduled reports
Hi,
This is a Cognos Analytics v11.1.7 server with AzureAD. In Cognos Configuration, there is no advanced parameters used.
Users can access to the reports and run non-scheduled reports.
They can't renew credentials (Authentication is not possible). They cannot run scheduled reports/jobs (it is also true with samples reports, same issue).
In the log files (cognosserver.log and cognosserver-session-<number>.log, I have the following error messages:
An error occurred with the client
CNC-BAL-0506: Credentials not found in Content Manager.
CM-REQ-4342 An error occurred with the client.
CM-REQ-4159 Content Manager returned an error in the response header. The error "cmAuthenticateFailed CM-CAM-4005 Unable to authenticate. Check your security directory server connection and confirm the credentials entered at login" can be found in the response SOAP header.
There was no credential. We attempted to generate one but this failed.
CNC-BAL-0503 The Server has failed.
CNC-BAL-0502 Error Number 0506
CNC-BAL-0506 Credentials not found in Content Manager.
[ContentManagerServiceClientPortImpl] Error when authenticating.
Any idea would be appreciated.
Best regards,
------------------------------
Patrick Neveu
Positive Thinking Company
IBM Champion
------------------------------