问题
Problem description: Theren are two subsystems. One is a web based Java EE application and the other a Cognos reporting tool. Currently, both these applications provide individual login pages that allow the users to perform their activities, as per the roles defined in the system. Java EE users can directly login to the Java EE application using its login page. Similarly, the Cognos users can login to the Portal using its login page by supplying their intranet ID credentials.
There is a requirement, wherein the users of the Java EE application should be able to view the Cognos reports by clicking on a URL link in the Java EE web application. At present, clicking this URL would open the Cognos portal prompting for user credentials.
I am expecting a solution that would help us bypass the Cognos Portal login page, when clicked on the URL. This will help the users who have logged in the Java EE application to view the Cognos reports on a new web page without having to logging in again.
回答1:
Would this address your problem?
http://www.ibm.com/developerworks/data/library/cognos/security/cognos8_platform/page511.html
回答2:
You would achieve single sign on between your app and cognos by following these steps:
(I will assume that you are using LDAP and Java)
- Install Cognos SDK on the dev machine where you already have Cognos BI server. To try the samples bundled with the Cognos SDK, you will need JDK. If you are already running Cognos without a JDK, Cognos might be using it's bundled JRE, which unfortunately is not from Oracle. In that case, you may have to uninstall Cognos, install Oracle JDK first and then re-install Cognos and Cognos SDK. Otherwise, you will run into some cryptography incompatibility issues.
- Make sure you have configured a full authentication provider namespace like LDAP correctly.
- Go to the TrustedSignonSample shipped with Cognos SDK. In Cognos 10, the Java sample can be found under $COGNOS_SDK/java/AuthenticationProvider.
- Modify the TrustedSignonSample.java and set your LDAP namespace id there. The trusted sign on provider will use this namespace to verify whether the user exist or not.
- Build the sample using the provided build.bat and you should get a jar file.
- Read the "readme.txt" that's shipped with the sample and configure this provider correctly.
- Now, if you go to Cognos login page, you should see two namespace choices.
- If you are running your app in the same machine as Cognos, just create a cookie with the respective name (refer TrustedSignonSample for the cookie name) and value. You would set the cookie's value as the currently-logged-in-user-of-your-app.
- That's it, after setting the cookie, if you go to Cognos login page and choose the custom trusted signon provider namespace, you will not be prompted for login.
- If you don't want Cognos to display login page at all, you can configure your custom trusted signon provider's namespace as the default in cognos configuration.
- If you are running your app in a different machine than Cognos, you have to make a few more configurations in Cognos global configuration to ensure that it accepts cookies from that machine/domain.
For more info, refer this "thread":http://businessintelligence.ittoolbox.com/groups/technical-functional/cognos-l/the-cookie-trusted_signon_user-is-not-set-4863689 initiated by yours truly.
I achieved single sign on between Cognos and my app this way. I hope it helps you.
来源:https://stackoverflow.com/questions/4756007/sso-between-java-ee-and-cognos-application