SSO & TM1Web 10.2.2 FP2

Post Reply
yng
Posts: 7
Joined: Wed Aug 26, 2009 8:19 am
OLAP Product: IBM Cognos TM1
Version: 10.2.2
Excel Version: 2013

SSO & TM1Web 10.2.2 FP2

Post by yng »

Hi guys!
Has anyone been able to configure SSO authentication TM1Web 10.2.2. FP2 (mode 2 or 3 in tm1.cfg)?
I completed the instruction from http://www.ibm.com/developerworks/analy ... index.html but it does't work as it should.
The user still has to re-enter username and password :(
With Architect the SSO works!
Do you think I keep looking for a solution or it can not solve?
Top
User avatar
gtonkin
MVP
Posts: 1268
Joined: Thu May 06, 2010 3:03 pm
OLAP Product: TM1
Version: Latest and greatest
Excel Version: Office 365 64-bit
Location: JHB, South Africa
Contact:
Contact gtonkin

Re: SSO & TM1Web 10.2.2 FP2

Post by gtonkin »

Have a look at the document in the URL you posted. Page 2 sets the stage in terms of the .Net vs Java changes.
TM1 Web will act as a client on behalf of a user looking to access a kerberized service, in this context a TM1 server on Windows in a given Microsoft Kerberos realm. In Microsoft Windows,a Kerberos realm is defined implicitly by a Windows domain. Therefore a user from a Windows domain which is trusted (implicit or explicit domain/forest trust required) by the domain in whichthe TM1 server is running can authenticate to the TM1 server through Kerberos. However, theuser is not accessing the TM1 server directly but is using TM1 Web. For this to work, the Windows user will have to provide their Windows user name and password to TM1 Web which will run the authentication process on the user's behalf and if successful, the user is considered authenticated to TM1 Web as well.
Architect is using Integrated Login (options 2/3), not SSO per TM1Web
This said, Integrated, Seamless login using your Kerberos token you already have been issued would be much friendlier!
BR, George.

Learn something new: MDX Views
Top
tomok
MVP
Posts: 2836
Joined: Tue Feb 16, 2010 2:39 pm
OLAP Product: TM1, Palo
Version: Beginning of time thru 10.2
Excel Version: 2003-2007-2010-2013
Location: Atlanta, GA
Contact:
Contact tomok

Re: SSO & TM1Web 10.2.2 FP2

Post by tomok »

yng wrote:I completed the instruction from http://www.ibm.com/developerworks/analy ... index.html but it does't work as it should.
Did you perchance see this? It was right there at the top of that URL.
Exclusions and Exceptions
There is currently no support for Single Sign-On (SSO) to TM1 Web when referring to a TM1 server configured for integrated security based on Kerberos. Refer to the IBM Cognos TM1 10.2 – TM1 Web F.A.Q. linked in the Resources section for details.
SSO no longer works in TM1Web. It only worked before because it was running under IIS. Now that it is running under Java there is no functionality for TM1Web to grab your AD credentials automatically from your workstation and pass it into TM1. You have to manually provide those credentials again when logging into TM1Web when using integrated security. I find it hard to believe there is no piece of Java code somewhere that can do that but either 1) there really isn't, or 2) IBM didn't want to use it because they really want to push you into CAM anyway.
Tom O'Kelley - Manager Finance Systems
American Tower
http://www.onlinecourtreservations.com/
Top
Post Reply

Return to “IBM TM1, Planning Analytics, PAx and PAW”