Hi,

I wonder if anyone came across the following scenario, and if so, how it was solved:

• CA 11.1.4 configured successfully to use an external OpenID auth service (Keycloak).
  On initial access to CA, the user is redirected to Keycloak login page and on successful login, he/she is redirected back to the CA site.
  It all works and user's data is successfully extracted from the tokens (e.g. user details, group membership and so on)
  
  
• Custom Javascript Control on a report page that requires to make an authenticated REST API call to an external service (e.g.

fetch(url, {
  ...,
  headers: {
    Authorization: 'Bearer ' + token
  }
})...

In order to make the REST API call, the custom control must be able to get hold of the user's JWT token from somewhere.

Does Cognos make the token available to the Javascript? Can the Javascript retrieve it from session variables (e.g. cookies)?

What's the recommended solution to allow a Javascript on a report page to be able to retrieve user's tokens?

Regards,

------------------------------
Marco
------------------------------

#CognosAnalyticswithWatson

@Marco Spizzichino,

We have exactly the same issue. However, our OIDC is different.
How are you able to manage triggers though ? I also need some assistance with running triggers from external world.
Thank you in advance.​​

------------------------------
Sudheen Kulkarni
------------------------------

Original Message:
Sent: Thu March 26, 2020 09:00 AM
From: Marco Spizzichino
Subject: Authenticated Javascript REST API call for OpenID logged in user

Hi,

I wonder if anyone came across the following scenario, and if so, how it was solved:

• CA 11.1.4 configured successfully to use an external OpenID auth service (Keycloak).
  On initial access to CA, the user is redirected to Keycloak login page and on successful login, he/she is redirected back to the CA site.
  It all works and user's data is successfully extracted from the tokens (e.g. user details, group membership and so on)
  
  
• Custom Javascript Control on a report page that requires to make an authenticated REST API call to an external service (e.g.

fetch(url, {
  ...,
  headers: {
    Authorization: 'Bearer ' + token
  }
})...

In order to make the REST API call, the custom control must be able to get hold of the user's JWT token from somewhere.

Does Cognos make the token available to the Javascript? Can the Javascript retrieve it from session variables (e.g. cookies)?

What's the recommended solution to allow a Javascript on a report page to be able to retrieve user's tokens?

Regards,

------------------------------
Marco
------------------------------

#CognosAnalyticswithWatson