I am trying to configure single sign through AD using Kerberos delegation, however the best I can get is the username populated in the login box, I have followed the instructions as per the IBM infocentre, is there something I have missed or is there something missing from the IBM instructions, I am on Cognos 10.2.1
Hi,
What is the OS and IIS version,
and let us know what are the steps you have done for enabling the Single Signon
Hi thanks for asking
Its Windows Server 2008R2 with IIS7.5.
We have folowed the insturctions as per this the ibm info centre
http://pic.dhe.ibm.com/infocenter/cfpm/v10r1m0/index.jsp?topic=%2Fcom.ibm.swg.im.cognos.inst_cr_winux.10.1.0.doc%2Finst_cr_winux_id17682stp_SSO_active_drctry.html
details below
Steps for Single Signon Using Kerberos Delegation
Set up Windows integrated authentication on the IIS Web server.
Install Content Manager in a location that is part of the domain, for the active and standby Content Managers.
Set up the computers, or the user account under which Content Manager runs, to be trusted for delegation.
When setting up the computers using the Active Directory user tool, do not select the Account attribute, which is sensitive and cannot be delegated.
Hi,
1.Have you enabled the Windows Authentication in IIS on cognos virtual Directory -> cgi-bin->cognosisapi.dll ?
2.Adn also you need to disable the Anonymous Authentication got the cognosisapi.dll file
Regards,
Murali.
Windows authentication has been enabled on the entire IIS website and disabled anonymous logon.
Might not apply, but on client-side, the webserver is listed in Local Intranet sites in IE? (Trusted is typically not open enough for it to work).