Configuring Cognos for Smart Card and certificate login (OnCommand Insight 7.3.10 and later)
-
PDF of this doc site
-
Configuration and administration
- Data Warehouse administration
-
Configuration and administration
Collection of separate PDF docs
Creating your file...
You must modify the OnCommand Insight Data Warehouse configuration to support Smart Card (CAC) and certificate logins for the Cognos server.
Before you begin
This procedure is for systems running OnCommand Insight 7.3.10 and later.
For the most up to date CAC and Certificate instructions, see the following Knowledgebase articles (Support login required): |
Steps
-
Add certificate authorities (CAs) to the Cognos trustore.
-
In a command window, go to
..\SANscreen\cognos\analytics\configuration\certs\
-
Use the
keytool
utility to list the trusted CAs:..\..\ibm-jre\jre\bin\keytool.exe -list -keystore CAMKeystore.jks -storepass NoPassWordSet
The first word in each line indicates the CA alias.
-
If no suitable files exist, supply a CA certificate file, usually a
.pem
file. -
To include customer's CAs with OnCommand Insight trusted CAs, go to
..\SANscreen\cognos\analytics\configuration\certs\
. -
Use the
keytool
utility to import the.pem
file:..\..\ibm-jre\jre\bin\keytool.exe -importcert -keystore CAMKeystore.jks -alias my_alias -file 'path/to/my.pem' -v -trustcacerts
my_alias
is usually an alias that would easily identify the CA in thekeytool -list
operation. -
When prompted for a password, enter
NoPassWordSet
. -
Answer
yes
when prompted to trust the certificate.
-
-
To enable CAC mode, do the following:
-
Configure CAC logout page, using the following steps:
-
Logon to Cognos portal (user must be part of System Administrators group i.e. cognos_admin)
-
(Only for 7.3.10 and 7.3.11) Click Manage -> Configuration -> System -> Security
-
(Only for 7.3.10 and 7.3.11) Enter cacLogout.html against Logout Redirect URL -> Apply
-
Close browser.
-
-
Execute
..\SANscreen\bin\cognos_cac\enableCognosCAC.bat
-
Start IBM Cognos service. Wait for Cognos service to start.
-
-
To disable CAC mode, do the following:
-
Execute
..\SANscreen\bin\cognos_cac\disableCognosCAC.bat
-
Start IBM Cognos service. Wait for Cognos service to start.
-
(Only for 7.3.10 and 7.3.11) Unconfigure CAC logout page, using the following steps:
-
Logon to Cognos portal (user must be part of System Administrators group i.e. cognos_admin)
-
Click Manage -> Configuration -> System -> Security
-
Enter cacLogout.html against Logout Redirect URL -> Apply
-
Close browser.
-
-