Setup SSO Between DigDash Enterprise And IBM Cognos 8
Setup Single Sign-On Between DigDash Enterprise And IBM Cognos 8
This document explains how to access Cognos data sources from DigDash Enterprise in the context of a user.
DigDash Enterprise allows the creation of an information flow for all users exiting in a Cognos name-space. The information flow will display data specific to each user, as defined in the security parameters of Cognos.
supported versions
- Cognos 8
Preparing the Cognos server
To allow DigDash Enterprise server to retrieve data from your Cognos server the first step is to link the two of them.
For this we have an DigDash authentication plug-in which must be deployed on the Cognos server. You must also define a shared global password between the two servers.
The authentication of a user from DigDash Enterprise will be done by using the user name in the Cognos name-space, and the shared password (not the user's password in the Cognos system).
Here are the detailed steps.
Setting up the Cognos single sign-on
The authentication plug-in will access a specific name-space, for example your LDAP name-space. Retrieve the identifier of this name-space from the configuration console of Cognos:
- Start IBM Cognos Configuration
- Select Security
- Select Authentication
- Select the desired name-space
- Remember the value of the field Namespace ID
- Choose a shared password
Create configuration files
- Start a DOS command prompt go to the folder <DDE install>/add-ons/cognos
- Run the following command: java -jar tsap_configurator.jar
- Enter Authorization namespace shows. press Enter.
- Enter Authorization namespace shows. Type in the identifier of the name-space you remember from step 1
- Create global password for DigDash shows. Enter the shared password you chose in step 1
- Enter the same password again.
- A message Configuration file successfully created shows. A file ddauth4Cognos.properties containing the name-space ID and the shared password has been created
Copy the authentication files on your Cognos server
- Copy the file digdash_cognos.jar to the folder:
<Program Files>/cognos/c8/webapps/p2pd/WEB-INF/lib - Copy the file ddauth4cognos.properties to the folder:
<Program Files>/cognos/c8/webapps/p2pd/WEB-INF/classes - Restart Cognos
Configure authentication plug-in in Cognos
- Start IBM Cognos Configuration
- Select Security
- Select Authentication
- Add a new name-space (right-click Authentication, then select New ressource and Namespace...)
- Choose a name for the new name-space
- In the drop-down list select Custom Java Provider.
- In the Resource Properties panel, change the value of Java class name to com.digdash.cognos.TSAP.DDTrustedSignon
Access to COGNOS REPORTS from DigDash Enterprise
- In the flow panel on the left, click on the Data Model icon . The Flow Properties dialog box opens. In the Parameters section, Data source group, click on Select..., then New. Choose Cognos Report (Portal)...
- The data source dialog box opens. In the Cognos Gateway URL field, type in the address of the Cognos CGI (Example : http://127.0.0.1/cognos8/cgi-bin/cognos.cgi)
- In Report path field, type in the full path of the report. This path can be retrieved from the Cognos Portal. Connect to the Cognos Portal, display the report properties then click on the link View the search path, ID and URL. The full path is the Search path value
- Enter the authentication parameter:
- in the Authentication Domain field, type in the name-space ID you created in previous steps
- In the User field, type in the name of a user who has access to the Cognos report or ${user.cn}
Note: When refreshing this data source, the variable ${user.cn} is replaced by the name of the connected user (value of the LDAP attribute cn). This will allow the display of personalized data defined for the user in Cognos
- In the Password field, type in the global shared password defined in previous steps
- Click on Reload button to extract the data from the Cognos report and preview it.