Проблема настройки единого входа с Cognos 11 и Websphere Portal

Question

Проблема настройки единого входа с Cognos 11 и Websphere Portal

Я не могу заставить Single Sign-On работать с Cognos. Я пытаюсь настроить единый вход с помощью IBM Websphere Portal 8.5 и Cognos 11.0.11 с IBM HTTP Server 8.5.

Я следовал руководству IBM по настройке Cognos SSO с LTPA и IHS. Однако после входа в приложение портала я нажимаю URL-адрес Cognos, и браузер запрашивает имя пользователя / пароль. Я могу войти в Cognos, если введу идентификатор пользователя / pw, но как мне заставить SSO работать? Ниже приведена копия моих файлов конфигурации. Любая помощь приветствуется. Спасибо.

местного server.xml

<?xml version="1.0" encoding="UTF-8"?>
<server>
<featureManager>
    <feature>ldapRegistry-3.0</feature>
    <feature>appSecurity-2.0</feature>
</featureManager>
<ldapRegistry id="portalLdap" realm="defaultWIMFileBasedRealm" 
    host="directory" port="389" ignoreCase="true" 
    baseDN="dc=ttt,dc=com" ldapType="IBM Tivoli Directory Server" sslEnabled="false" bindDN="cn=root" bindPassword="REMOVED">
    <idsFilters 
        userFilter="(&amp;(uid=%v)(objectclass=inetOrgPerson))"
        userIdMap="*:uid"
        groupFilter="(&amp;(cn=%v)(objectclass=groupOfUniqueNames))"
        groupIdMap="*:cn">
    </idsFilters>
</ldapRegistry>
  <webAppSecurity allowFailOverToBasicAuth="true" displayAuthenticationRealm="true" />
  <ltpa keysFileName="D:\ttt\portal\security\HOU06Portal.key" keysPassword="REMOVED" expiration="120" />
</server>

cognos.conf

# Licensed Materials - Property of IBM
# IBM Cognos Products: gate
# (C) Copyright IBM Corp. 2017
# US Government Users Restricted Rights - Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp.
# 
# this is a sample cognos.conf for IHS 8 ( with Apache 2.2).  To use it, rename or
# copy it to "cognos.conf"
#

LoadModule headers_module modules/mod_headers.so 
LoadModule rewrite_module modules/mod_rewrite.so
LoadModule expires_module modules/mod_expires.so
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule authnz_ldap_module modules/mod_authnz_ldap.so
LoadModule ldap_module modules/mod_ldap.so

#mod_proxy_balancer is not a supported component of IBM HTTP Server, 
#however on select platforms this module is distributed with IHS in the modules/WebSphereCE/ subdirectory
LoadModule proxy_balancer_module modules/WebSphereCE/mod_proxy_balancer.so

LoadModule deflate_module modules/mod_deflate.so
LoadModule cognos_module "d:/act/cognos/cgi-bin/mod2_2_cognos.dll"

<IfModule mod_expires.c>
<FilesMatch "\.(jpe?g|png|gif|js|css|json|html|woff2?|template)$">
    ExpiresActive On
    ExpiresDefault "access plus 1 day"
</FilesMatch>
</IfModule>

<IfModule mod2_2_cognos.c>
CGIBinDir "d:/act/cognos/cgi-bin"
</IfModule>

<Directory d:/act/cognos>
<IfModule mod_deflate>
    AddOutputFilterByType DEFLATE text/html application/json text/css application/javascript
</IfModule>
Options Indexes MultiViews
AllowOverride None
Order allow,deny
Allow from all
</Directory>

#Set up a cluster for load-balancing
# Include all ICA servers that have the ICA Application server components installed and configured.
# Note: do not include ICA servers that are used to run the Content Manager service.
<Proxy balancer://mycluster>
BalancerMember http://houw12ttt03.clearlake.com:9081 route=1
</Proxy>

# UI to monitor/configure load balancer
<Location /ibmcognos/balancer-manager>
SetHandler balancer-manager
</Location>

# Uncomment the following line if you want to use cognos.cgi instead of mod_cognos for SSO
#ScriptAlias /ibmcognos/cgi-bin /opt/IBM/cognos/analytics/cgi-bin
Alias /ibmcognos d:/act/cognos/webcontent

RewriteEngine On
# Send default URL to service
RewriteRule ^/ibmcognos/bi/($|[^/.]+(\.jsp)(.*)?) balancer://mycluster/bi/$1$3 [P] 
# Send login requests and legacy UI's through cognos module for SSO
RewriteRule ^/ibmcognos/bi/v1/(login|disp)(/.*)? /ibmcognos/sso/bi/v1/$1$2 [PT,L]
# OR (enable one or the other)
# Send login requests and legacy UI's through the cognos cgi for SSO
#RewriteRule ^/ibmcognos/bi/v1/(login|disp)(/.*)? /ibmcognos/cgi-bin/cognos.cgi/bi/v1/$1$2 [PT]

# Rewrite Event Studio static references
RewriteCond %{HTTP_REFERER} v1/disp [NC]
RewriteRule ^/ibmcognos/bi/(ags|cr1|prompting|ccl|common|skins|ps)/(.*) /ibmcognos/$1/$2 [PT,L]

# Rewrite Saved-Output and Viewer static references
RewriteRule ^/ibmcognos/bi/rv/(.*)$ /ibmcognos/rv/$1 [PT,L]

# Define cognos location
<Location /ibmcognos>
RequestHeader set X-BI-PATH /ibmcognos/bi/v1
</Location>

# Route CA REST service requests through proxy with load balancing
<Location /ibmcognos/bi/v1>
ProxyPass balancer://mycluster/bi/v1
</Location>

# To enable the stickysession, uncomment the following lines to replace the above section 
#<Location /ibmcognos/bi/v1>
#   Header add Set-Cookie "ROUTEID=.%{BALANCER_WORKER_ROUTE}e; path=/ibmcognos/bi/v1" env=BALANCER_ROUTE_CHANGED
#   ProxyPass balancer://mycluster/bi/v1 stickysession=ROUTEID
#</Location>

# Route login and legacy UI requests through mod_cognos
<Location /ibmcognos/sso>
SetHandler cognos-handler
AuthType Basic
AuthName "portalLdap"
AuthBasicProvider ldap
AuthLDAPBindDN "cn=root"
AuthLDAPBindPassword "REMOVED"
AuthLDAPURL "ldap://directory:389"
Require valid-user
</Location>
# Route login and legacy UI requests through cognos.cgi
#<Location /ibmcognos/cgi-bin>
#   SetHandler cognos-handler
#   AuthType Basic
#   AuthName "portalLdap"
#   AuthBasicProvider ldap
#   AuthLDAPBindDN "cn=root"
#   AuthLDAPBindPassword "REMOVED"
#   AuthLDAPURL "ldap://directory:389"
#   Require valid-user
#</Location>

0

ibm single-sign-on websphere ihs cognos

Источник

BeersNGears 11 июл '18 в 14:37

0 ответов

Другие вопросы по тегам ibm single-sign-on websphere ihs cognos