Configuring Cognos for Smart Card and certificate login

You must modify the OnCommand Insight Data Warehouse configuration to support Smart Card (CAC) and certificate logins for the Cognos server.

Steps

  1. Add certificate authorities (CAs) to the Cognos trust store.
    1. In a command window, go to ..\SANscreen\cognos\c10_64\configuration\certs\
    2. Use the keytool utility to list the trusted CAs: C:\Program Files\SANscreen\java64\bin\keytool.exe -list -keystore CognosTruststore.jks -storepass changeit
      The first word in each line indicates the CA alias.
    3. If no suitable files exist, supply a CA certificate file, usually a .pem file.
    4. Optional: To include customer's CAs with OnCommand Insight trusted CAs, go to ..\SANscreen\cognos\c10_64\configuration\certs\.
    5. Use the keytool utility to import the .pem fileC:\Program Files\SANscreen\java64\bin\keytool.exe -importcert -keystore CognosTruststore.jks -alias my_alias -file 'path/to/my.pem' -v -trustcacerts
      my_alias is usually an alias that would easily identify the CA in the keytool -list operation.
    6. When prompted for a password, enter changeit, the default password.
    7. Answer yes when prompted to trust the certificate.
  2. Modify the reporting portal registry:
    1. Use regedit to modify HKEY_LOCAL_MACHINE\SOFTWARE\JavaSoft\Prefs\com\netapp\sanscreen\reporting.
    2. Change the portal_url value to https:\\DWHServer.name:8080/ibmcognos.
  3. Redirect the reporting portal:
    1. Open the ..\SANscreen\wildfly\standalone\deployments\dwh-redirect.war\redirect.html file in edit mode.
    2. Change the URL value from https:\\DWHServer.name:9300/p2pd/servlet/dispatch to https:\\DWHServer.name:8080/ibmcognos.
  4. Enable CAC mode:
    1. Open the ..\SANscreen\cognos\c10_6\configuration\SANscreenAP.properties file in edit mode.
    2. Change authentication.mode=form to authentication.mode=cac.
    3. Save the file.
    4. Restart the Cognos service: From the Windows Start menu, select All Programs > IBM Cognos > IBM Cognos configuration
  5. Start the ServletGateway:
    1. Go to ..\SANscreen\cognos\c10_64\wlp\bin.
    2. Set the Java Home path: set java_home=..\SANscreen\cognos\c10_64\bin64\jre\7.0
    3. Start the ServletGateway: server start servletgateway
  6. Changing the ServletGateway port from the default port (8080) to a custom port requires repeating the following steps:
    1. Update the reporting portal in registry entry.
    2. Update the reporting portal redirect.
    3. Restart the ServletGateway port.

After you finish