TM1 with Cognos Analytics Open ID connect

Post Reply
Chuks
Posts: 30
Joined: Wed Dec 05, 2012 2:18 pm
OLAP Product: IBM Cognos Planning Analytics
Version: 2.0
Excel Version: 2010

TM1 with Cognos Analytics Open ID connect

Post by Chuks » Wed Jun 10, 2020 2:01 pm

Hi All,

We have TM1 Application configured with Cognos Analytics authentication. We have been using AD as namespace so far, but changing it AzureAD through Open ID connect.
Our network flow goes like this
Login Page --> CA with AZURE AD namespace Authentication Page --> FQDN:tm1web (9510 Port)
This setup works fine within the internal network, but we would like to have it working from external network without connecting to VPN but still secured. Our network administrator says,that only ports 443 /80 is allowed to be accessible and making 9510 puts us to a risk.

Have any of you done a setup like this? Please advise.

Thanks!

User avatar
Elessar
Community Contributor
Posts: 194
Joined: Mon Nov 21, 2011 12:33 pm
OLAP Product: PA 2
Version: 2.0.9
Excel Version: 2016
Location: Russia

Re: TM1 with Cognos Analytics Open ID connect

Post by Elessar » Wed Jun 10, 2020 2:26 pm

Hello,

You can use IIS reverse proxy / URL Rewrite to accomplish this.

To do this, please refer to IIS documentation. The rule will be something like "http://server:9510/tm1web{R:1}"
Best regards, Alexander Dvoynev

Chuks
Posts: 30
Joined: Wed Dec 05, 2012 2:18 pm
OLAP Product: IBM Cognos Planning Analytics
Version: 2.0
Excel Version: 2010

Re: TM1 with Cognos Analytics Open ID connect

Post by Chuks » Wed Jun 17, 2020 6:53 am

Elessar wrote:
Wed Jun 10, 2020 2:26 pm
Hello,

You can use IIS reverse proxy / URL Rewrite to accomplish this.

To do this, please refer to IIS documentation. The rule will be something like "http://server:9510/tm1web{R:1}"
Hi Elessar,

Thank you for the reply. Should the reverse proxy be setup in the public domain or can we have it setup in the same server as we have TM1 WEB?

Please advise

Thanks,
Chuks

User avatar
Elessar
Community Contributor
Posts: 194
Joined: Mon Nov 21, 2011 12:33 pm
OLAP Product: PA 2
Version: 2.0.9
Excel Version: 2016
Location: Russia

Re: TM1 with Cognos Analytics Open ID connect

Post by Elessar » Wed Jun 17, 2020 8:31 am

It depends on your security requirements. Technically, you can configure gateway on any server. Usually it is on the same server with Cognos Analytics
Best regards, Alexander Dvoynev

Chuks
Posts: 30
Joined: Wed Dec 05, 2012 2:18 pm
OLAP Product: IBM Cognos Planning Analytics
Version: 2.0
Excel Version: 2010

Re: TM1 with Cognos Analytics Open ID connect

Post by Chuks » Thu Jun 18, 2020 3:17 pm

Elessar wrote:
Wed Jun 17, 2020 8:31 am
It depends on your security requirements. Technically, you can configure gateway on any server. Usually it is on the same server with Cognos Analytics
Hi Elssar,

Set it up in the same server with Cognos Analytics and works fine. Thank you :D

Regards,
Chuks

Chuks
Posts: 30
Joined: Wed Dec 05, 2012 2:18 pm
OLAP Product: IBM Cognos Planning Analytics
Version: 2.0
Excel Version: 2010

Re: TM1 with Cognos Analytics Open ID connect

Post by Chuks » Thu Jun 25, 2020 8:24 am

Hi Again,

With continuation to the OpenID Azure setup,the user accounts in our organization is enabled for Multi Factor Authentication , meaning that we first login with Password or get a Pass code notification in mobile authentication app & then Approve it with Fingerprint or PIN to validate the session.

The login to Cognos Analytics works fine if we choose the pass code in the authenticator APP and then approve it with finger print.But it gives error when we use password and therefore doesn't send the notification approval to the app.

"Error description: AADSTS50076: Due to a configuration change made by your administrator, or because you moved to a new location, you must use multi-factor authentication to access '00000003-0000-0000-c000-000000000000'."

Has anyone faced this issue? Is the problem at the cognos Analytics side or the Open-id Azure login page? Please advise!

Thanks,
Chuks

Post Reply