Hi All,
We have TM1 Application configured with Cognos Analytics authentication. We have been using AD as namespace so far, but changing it AzureAD through Open ID connect.
Our network flow goes like this
Login Page --> CA with AZURE AD namespace Authentication Page --> FQDN:tm1web (9510 Port)
This setup works fine within the internal network, but we would like to have it working from external network without connecting to VPN but still secured. Our network administrator says,that only ports 443 /80 is allowed to be accessible and making 9510 puts us to a risk.
Have any of you done a setup like this? Please advise.
Thanks!
TM1 with Cognos Analytics Open ID connect
-
Elessar
- Community Contributor
- Posts: 412
- Joined: Mon Nov 21, 2011 12:33 pm
- OLAP Product: PA 2
- Version: 2.0.9
- Excel Version: 2016
- Contact:
Re: TM1 with Cognos Analytics Open ID connect
Hello,
You can use IIS reverse proxy / URL Rewrite to accomplish this.
To do this, please refer to IIS documentation. The rule will be something like "http://server:9510/tm1web{R:1}"
You can use IIS reverse proxy / URL Rewrite to accomplish this.
To do this, please refer to IIS documentation. The rule will be something like "http://server:9510/tm1web{R:1}"
-
Chuks
- Posts: 30
- Joined: Wed Dec 05, 2012 2:18 pm
- OLAP Product: IBM Cognos Planning Analytics
- Version: 2.0
- Excel Version: 2010
Re: TM1 with Cognos Analytics Open ID connect
Hi Elessar,Elessar wrote: ↑Wed Jun 10, 2020 2:26 pm Hello,
You can use IIS reverse proxy / URL Rewrite to accomplish this.
To do this, please refer to IIS documentation. The rule will be something like "http://server:9510/tm1web{R:1}"
Thank you for the reply. Should the reverse proxy be setup in the public domain or can we have it setup in the same server as we have TM1 WEB?
Please advise
Thanks,
Chuks
-
Elessar
- Community Contributor
- Posts: 412
- Joined: Mon Nov 21, 2011 12:33 pm
- OLAP Product: PA 2
- Version: 2.0.9
- Excel Version: 2016
- Contact:
Re: TM1 with Cognos Analytics Open ID connect
It depends on your security requirements. Technically, you can configure gateway on any server. Usually it is on the same server with Cognos Analytics
-
Chuks
- Posts: 30
- Joined: Wed Dec 05, 2012 2:18 pm
- OLAP Product: IBM Cognos Planning Analytics
- Version: 2.0
- Excel Version: 2010
Re: TM1 with Cognos Analytics Open ID connect
Hi Again,
With continuation to the OpenID Azure setup,the user accounts in our organization is enabled for Multi Factor Authentication , meaning that we first login with Password or get a Pass code notification in mobile authentication app & then Approve it with Fingerprint or PIN to validate the session.
The login to Cognos Analytics works fine if we choose the pass code in the authenticator APP and then approve it with finger print.But it gives error when we use password and therefore doesn't send the notification approval to the app.
"Error description: AADSTS50076: Due to a configuration change made by your administrator, or because you moved to a new location, you must use multi-factor authentication to access '00000003-0000-0000-c000-000000000000'."
Has anyone faced this issue? Is the problem at the cognos Analytics side or the Open-id Azure login page? Please advise!
Thanks,
Chuks
With continuation to the OpenID Azure setup,the user accounts in our organization is enabled for Multi Factor Authentication , meaning that we first login with Password or get a Pass code notification in mobile authentication app & then Approve it with Fingerprint or PIN to validate the session.
The login to Cognos Analytics works fine if we choose the pass code in the authenticator APP and then approve it with finger print.But it gives error when we use password and therefore doesn't send the notification approval to the app.
"Error description: AADSTS50076: Due to a configuration change made by your administrator, or because you moved to a new location, you must use multi-factor authentication to access '00000003-0000-0000-c000-000000000000'."
Has anyone faced this issue? Is the problem at the cognos Analytics side or the Open-id Azure login page? Please advise!
Thanks,
Chuks