Configuring Cognos for Smart Card and certificate login (OnCommand Insight 7.3.2 and earlier)

You must modify the OnCommand Insight Data Warehouse configuration to support Smart Card (CAC) and certificate logins for the Cognos server.

Before you begin

This procedure is for systems running OnCommand Insight 7.3.2 and earlier.


  1. Add certificate authorities (CAs) to the Cognos trustore.
    1. In a command window, go to ..\SANscreen\cognos\c10_64\configuration\certs\
    2. Use the keytool utility to list the trusted CAs: C:\Program Files\SANscreen\java64\bin\keytool.exe -list -keystore CognosTrustore.jks -storepass changeit
      The first word in each line indicates the CA alias.
    3. If no suitable files exist, supply a CA certificate file, usually a .pem file.
    4. Optional: To include customer's CAs with OnCommand Insight trusted CAs, go to ..\SANscreen\cognos\c10_64\configuration\certs\.
    5. Use the keytool utility to import the .pem fileC:\Program Files\SANscreen\java64\bin\keytool.exe -importcert -keystore CognosTrustore.jks -alias my_alias -file 'path/to/my.pem' -v -trustcacerts
      my_alias is usually an alias that would easily identify the CA in the keytool -list operation.
    6. When prompted for a password, enter changeit, the default password.
    7. Answer yes when prompted to trust the certificate.
  2. Modify the reporting portal registry:
    1. Use regedit to modify HKEY_LOCAL_MACHINE\SOFTWARE\JavaSoft\Prefs\com\netapp\sanscreen\reporting.
    2. Change the portal_url value to https:\\
  3. Redirect the reporting portal:
    1. Open the ..\SANscreen\wildfly\standalone\deployments\dwh-redirect.war\redirect.html file in edit mode.
    2. Change the URL value from https:\\ to https:\\
  4. Enable CAC mode:
    1. Open the ..\SANscreen\cognos\c10_6\configuration\ file in edit mode.
    2. Change authentication.mode=form to authentication.mode=cac.
    3. Save the file.
    4. Restart the Cognos service: From the Windows Start menu, select All Programs > IBM Cognos > IBM Cognos configuration
  5. Start the ServletGateway:
    1. Go to ..\SANscreen\cognos\c10_64\wlp\bin.
    2. Set the Java Home path: set java_home=..\SANscreen\cognos\c10_64\bin64\jre\7.0
    3. Start the ServletGateway: server start servletgateway
  6. Changing the ServletGateway port from the default port (8080) to a custom port requires repeating the following steps:
    1. Update the reporting portal in registry entry.
    2. Update the reporting portal redirect.
    3. Restart the ServletGateway port.

After you finish