IBM Connections SSO not working with Metrics

The one problem I had out the back of the Metrics install which was post-Connections 4.0 was the when users clicked on the Metrics tab they were not signed into Metrics automatically. Users were faced with the following screen.


The User ID field was pre-populated with the users userPrincipalName ( which was not accepted. To log in to metrics the needed to be removed leaving the users sAMAccountName which did work.

I changed the following fields in Cognos BI which worked and the user was signed in BUT it broke the daily and weekly cube refresh/build and no data appeared in Metrics.

User lookup – (userPrincipalName=${userID})
External identity mapping – (userPrincipalName=${environment(“REMOTE_USER”)})

I reverted back to using sAMAccountName so data was presented but the user had to remove the domain and log in manually.

I spoke with a colleague who performed the migration from 3.0.1 to 4.0 and it turns out that there was a change to the wimconfig.xml to allow the customer to log in with different attributes.

<config:attributes name=”samAccountName” propertyName=”uid”>

With this:
<config:attributes name=”userPrincipalName” propertyName=”uid”>
<config:attributes name=”samAccountName” propertyName=”cn”>

So I looked more closely at it and read an interesting piece which talks about using the replace function to remove the domain name from the string. The example given is (&(uid=${replace(${environment(“REMOTE_USER”)},”ABC\\”,””)}

I added (&(sAMAccountName=${replace(${environment(“REMOTE_USER”)},”\\”,””)} to External identity mapping and changed the syntax a few times before realising that it was supposed to be stripping the domain in from a format such as ACME\Joe Bloggs. I then changed it and after a couple of goes I got the correct syntax of (sAMAccountName=${replace(${environment(“REMOTE_USER”)},””,””)}) and after I restarted the Cognos application server the user was able to sign in automatically and all the data was there.