The one problem I had out the back of the Metrics install which was post-Connections 4.0 was the when users clicked on the Metrics tab they were not signed into Metrics automatically. Users were faced with the following screen.

2013-08-01_092532

The User ID field was pre-populated with the users userPrincipalName (joe.bloggs@acme.com) which was not accepted. To log in to metrics the @acme.com needed to be removed leaving the users sAMAccountName which did work.

I changed the following fields in Cognos BI which worked and the user was signed in BUT it broke the daily and weekly cube refresh/build and no data appeared in Metrics.

User lookup – (userPrincipalName=${userID})
External identity mapping – (userPrincipalName=${environment(“REMOTE_USER”)})

I reverted back to using sAMAccountName so data was presented but the user had to remove the domain and log in manually.

I spoke with a colleague who performed the migration from 3.0.1 to 4.0 and it turns out that there was a change to the wimconfig.xml to allow the customer to log in with different attributes.

Replaced:
<config:attributes name=”samAccountName” propertyName=”uid”>
<config:entityTypes>PersonAccount</config:entityTypes>
</config:attributes>

With this:
<config:attributes name=”userPrincipalName” propertyName=”uid”>
<config:entityTypes>PersonAccount</config:entityTypes>
</config:attributes>
<config:attributes name=”samAccountName” propertyName=”cn”>
<config:entityTypes>PersonAccount</config:entityTypes>
</config:attributes>

So I looked more closely at it and read an interesting piece http://publib.boulder.ibm.com/infocenter/c8bi/v8r4m0/index.jsp?topic=/com.ibm.swg.im.cognos.crn_arch.8.4.0.doc/crn_arch_id4601Securing_Access_to_Cognos_Connection.html which talks about using the replace function to remove the domain name from the string. The example given is (&(uid=${replace(${environment(“REMOTE_USER”)},”ABC\\”,””)}

I added (&(sAMAccountName=${replace(${environment(“REMOTE_USER”)},”acme.com\\”,””)} to External identity mapping and changed the syntax a few times before realising that it was supposed to be stripping the domain in from a format such as ACME\Joe Bloggs. I then changed it and after a couple of goes I got the correct syntax of (sAMAccountName=${replace(${environment(“REMOTE_USER”)},”@acme.com”,””)}) and after I restarted the Cognos application server the user was able to sign in automatically and all the data was there.

About these ads