Integrated Login

Post Reply
Mark RMBC
Regular Participant
Posts: 194
Joined: Tue Sep 06, 2016 7:55 am
OLAP Product: TM1
Version: 10.1.1
Excel Version: Excel 2010

Integrated Login

Post by Mark RMBC » Mon Sep 09, 2019 8:37 am

Hi,

I am trying to create integrated login. I have managed to get architect and perspectives to work (Just click on the server and it lets you in).
However with mode 2 when prompted for a user name and password, I can no longer login manually using my windows id and password, my windows password doesn’t work. This isn’t so much an issue for Architect/Perspectives as I can go back to mode 3 and SSO works fine.

But for TM1 web it is an issue.

When I read the IBM guide my understanding is that I don't actually have to configure anything for TM1web. To quote:
Integrated login works without any configuration in TM1 Web. You can select a server that is configured for integrated login and TM1 Web prompts for your credentials. When you enter your credentials, TM1 Web sends them to the TM1 Server for authentication.
So when logging into the web it will prompt for id and password (and not just let them straight in) but I should be able to use
my windows login details to get into tm1web.

Thing is this doesn't work and I have to use the password in TM1.

Did I read the guide incorrectly? Is there something that has to be configured in TM1web? I know there is a long list of tasks for SSO but I though this was required to mean you didn't need to enter any credentials and it would take you straight in like Architect and perspectives.

regards, Mark

User avatar
gtonkin
MVP
Posts: 704
Joined: Thu May 06, 2010 3:03 pm
OLAP Product: TM1
Version: PAL 2.0.3
Excel Version: 2016 64-bit
Location: JHB, South Africa
Contact:

Re: Integrated Login

Post by gtonkin » Mon Sep 09, 2019 9:48 am

Mark RMBC wrote:
Mon Sep 09, 2019 8:37 am
...
Did I read the guide incorrectly? Is there something that has to be configured in TM1web? I know there is a long list of tasks for SSO but I though this was required to mean you didn't need to enter any credentials and it would take you straight in like Architect and perspectives.
...
Hi Mark, Have a look at this link, may help.

Mark RMBC
Regular Participant
Posts: 194
Joined: Tue Sep 06, 2016 7:55 am
OLAP Product: TM1
Version: 10.1.1
Excel Version: Excel 2010

Re: Integrated Login

Post by Mark RMBC » Mon Sep 09, 2019 10:28 am

Hi gtonkin,

I noticed your steps were for 10.2, before I look into this, do you think all those steps are still relevant for planning analytics?

regards, Mark

User avatar
gtonkin
MVP
Posts: 704
Joined: Thu May 06, 2010 3:03 pm
OLAP Product: TM1
Version: PAL 2.0.3
Excel Version: 2016 64-bit
Location: JHB, South Africa
Contact:

Re: Integrated Login

Post by gtonkin » Mon Sep 09, 2019 10:59 am

Hi Mark, I think so - I am going to be setting one up this week sometime and was reading this article ahead of doing this.

User avatar
gtonkin
MVP
Posts: 704
Joined: Thu May 06, 2010 3:03 pm
OLAP Product: TM1
Version: PAL 2.0.3
Excel Version: 2016 64-bit
Location: JHB, South Africa
Contact:

Re: Integrated Login

Post by gtonkin » Tue Sep 10, 2019 2:22 pm

HI Mark, Made any progress-we got as far as getting a popup box asking for credentials but these are not being accepted.
TM1_Messages.log is complaining that the user cannot be found or password is incorrect. Been tweaking the various files but no luck yet.

[2019/09/10 16:19:52:974 CAT] 0000005c com.ibm.ws.security.wim.registry.util.LoginBridge E CWIML4537E: The login operation could not be completed. The specified principal name XXXXX is not found in the back-end repository.
[2019/09/10 16:19:52:974 CAT] 0000005c y.authentication.jaas.modules.UsernameAndPasswordLoginModule A CWWKS1100A: Authentication did not succeed for user ID XXXXX. An invalid user ID or password was specified.

Would be interested to hear back if you got this all working and any issues you found/differences to the documentation you had to implement.

Mark RMBC
Regular Participant
Posts: 194
Joined: Tue Sep 06, 2016 7:55 am
OLAP Product: TM1
Version: 10.1.1
Excel Version: Excel 2010

Re: Integrated Login

Post by Mark RMBC » Tue Sep 10, 2019 2:52 pm

Hi,

no progress yet, got as far as you really. Have parked this at the mo due to other priorities but will be back on it at some point.

I will let you know how I get on!

regards, Mark

User avatar
gtonkin
MVP
Posts: 704
Joined: Thu May 06, 2010 3:03 pm
OLAP Product: TM1
Version: PAL 2.0.3
Excel Version: 2016 64-bit
Location: JHB, South Africa
Contact:

Re: Integrated Login

Post by gtonkin » Tue Sep 10, 2019 4:27 pm

Thanks Mark, found another link that I am posting just in case you need it as a reference before I get myself sorted. This one looks like more of a step-by-step guide.

User avatar
gtonkin
MVP
Posts: 704
Joined: Thu May 06, 2010 3:03 pm
OLAP Product: TM1
Version: PAL 2.0.3
Excel Version: 2016 64-bit
Location: JHB, South Africa
Contact:

Re: Integrated Login

Post by gtonkin » Tue Sep 17, 2019 2:53 pm

We managed to get this working after many, many hours fighting with case, sAMAccounts vs principals, domain names vs realms etc. etc.
Make sure that when you create the keytab, the FQDN is lowercase and the realm is uppercase i.e.
... -princ HTTP/<PA_APP_HOST>@<PA_APP_REALM> ...
... -princ HTTP/tm1server.acme.net@ACME.NET ...

The next issue we had was in the Server.xml file in the LDAP section.
We had: baseDN="CN=Users,DC=acme,DC=net" and we had to use baseDN="DC=acme,DC=net" i.e. remove the cannonicalName tag.

Once configured and assuming you models are set up to mode 3, you should get the TM1 Web landing page and would be able to select a TM1 Server to Login to. You simply click the Login button and you are in.

With mode 2, you are prompted for the method to connect to TM1 Web via the radio box method and could supply details or login as appropriate.

It is thus Integrated Login, not the SSO we had in 10.2 (unless you went with the workaround using IIS)

Post Reply