I've think I've configured everything based on the KB article but it's not automatically authenticating.
I've verified the settings and prerequisites. Everything seems to be setup right. Only thing I question is that in IIS, I went to the specific website and set the directory security. Should I have done it a higher level?
When I select AD as my namespace, Cognos pulls in my domain/username but I still have to enter my password. What am I missing to get this far but not have Cognos pull in my password? I didn't think an advanced property was required for kerebos...or does it? Do I need to restart the service?
Is IIS configured to require Kerberos? In my experience, IIS usually isn't using Kerberos but NTLM. I've had success in getting single signon to work when I used NTLM (singleSignonOption IdentityMapping for the parm)
I thought that it uses Kerberos by default? How do I check this setting?
Update: I got it to work by using the singleSignonOption
Without that setting, it uses as full kerberos handshake, that has a lot of requirements to meet, includign making changes to your AD.
The singlesignonoption utilises the remote_user variable, which is a bit less safer as it can be spoofed, but still does the job of a single signon very well.
Normally no problem inside a regular network.