Page 1 of 1
TM1 with Cognos Analytics Open ID connect
Posted: Wed Jun 10, 2020 2:01 pm
by Chuks
Hi All,
We have TM1 Application configured with Cognos Analytics authentication. We have been using AD as namespace so far, but changing it AzureAD through Open ID connect.
Our network flow goes like this
Login Page --> CA with AZURE AD namespace Authentication Page --> FQDN:tm1web (9510 Port)
This setup works fine within the internal network, but we would like to have it working from external network without connecting to VPN but still secured. Our network administrator says,that only ports 443 /80 is allowed to be accessible and making 9510 puts us to a risk.
Have any of you done a setup like this? Please advise.
Thanks!
Re: TM1 with Cognos Analytics Open ID connect
Posted: Wed Jun 10, 2020 2:26 pm
by Elessar
Hello,
You can use IIS reverse proxy / URL Rewrite to accomplish this.
To do this, please refer to IIS documentation. The rule will be something like "
http://server:9510/tm1web{R:1}"
Re: TM1 with Cognos Analytics Open ID connect
Posted: Wed Jun 17, 2020 6:53 am
by Chuks
Elessar wrote: ↑Wed Jun 10, 2020 2:26 pm
Hello,
You can use IIS reverse proxy / URL Rewrite to accomplish this.
To do this, please refer to IIS documentation. The rule will be something like "
http://server:9510/tm1web{R:1}"
Hi Elessar,
Thank you for the reply. Should the reverse proxy be setup in the public domain or can we have it setup in the same server as we have TM1 WEB?
Please advise
Thanks,
Chuks
Re: TM1 with Cognos Analytics Open ID connect
Posted: Wed Jun 17, 2020 8:31 am
by Elessar
It depends on your security requirements. Technically, you can configure gateway on any server. Usually it is on the same server with Cognos Analytics
Re: TM1 with Cognos Analytics Open ID connect
Posted: Thu Jun 18, 2020 3:17 pm
by Chuks
Elessar wrote: ↑Wed Jun 17, 2020 8:31 am
It depends on your security requirements. Technically, you can configure gateway on any server. Usually it is on the same server with Cognos Analytics
Hi Elssar,
Set it up in the same server with Cognos Analytics and works fine. Thank you
Regards,
Chuks
Re: TM1 with Cognos Analytics Open ID connect
Posted: Thu Jun 25, 2020 8:24 am
by Chuks
Hi Again,
With continuation to the OpenID Azure setup,the user accounts in our organization is enabled for Multi Factor Authentication , meaning that we first login with Password or get a Pass code notification in mobile authentication app & then Approve it with Fingerprint or PIN to validate the session.
The login to Cognos Analytics works fine if we choose the pass code in the authenticator APP and then approve it with finger print.But it gives error when we use password and therefore doesn't send the notification approval to the app.
"Error description: AADSTS50076: Due to a configuration change made by your administrator, or because you moved to a new location, you must use multi-factor authentication to access '00000003-0000-0000-c000-000000000000'."
Has anyone faced this issue? Is the problem at the cognos Analytics side or the Open-id Azure login page? Please advise!
Thanks,
Chuks