Oracle Portal uses a version of the Apache web server to serve Oracle web content. One feature of this web server provides the ability to “protect” external (non-Oracle) web resources by intercepting calls to these resources and forcing users to provide valid Oracle Portal authentication information in order to proceed. By including the IBM Cognos 8 gateways among these protected resources, attempts to access IBM Cognos 8 pages will be intercepted and unauthenticated users will be prompted with the Oracle Portal login page.
Upon successfully logging in via the Oracle Portal login page, the Oracle/Apache server will populate the REMOTE_USER CGI variable and pass the user directly to the requested IBM Cognos resource. IBM Cognos 8 can use the REMOTE_USER variable to determine the users’ identity, thereby negating the need for an IBM Cognos-specific login. Similarly, any user who has successfully logged directly into the Oracle portal will not be presented with an IBM Cognos login page when accessing an IBM Cognos 8 resource.
In order to force Oracle to protect the IBM Cognos resources, the IBM Cognos gateways must be installed on the Oracle Portal Server (Apache) machine. On this machine (and any others that may contain distributed components of the IBM Cognos 8 installation) you must set the gateway port to 7777 (the default Oracle Portal port) as below. Change localhost to match the gateway and dispatcher server names as needed.
In order to secure IBM Cognos roles, groups, and content to OID users and groups, you must create an LDAP authentication source in Cognos Configuration that references the Oracle Portal OID. To connect to your OID server, enter a logical ID for your OID directory, the host and port of the OID server, and the Base DN of the OID directory. These settings will vary between installations, so check with your Directory Administrator to verify the settings, or to create a bind user if no suitable user exists. To enable SSO, set the User Lookup, Use External Identity, and External Identity Mapping
properties. Use parentheses and brackets as shown. To enable user and group lookups, set the Folder and Group Mappings as below. Again, these settings may change between installations, so verify all changes with your directory administrator.
In order to serve IBM Cognos pages from the Apache web server, you must create Aliases within Apache. Per the IBM Cognos documentation, add the IBM Cognos Gateway directory locations to the Apache httpd.conf file by inserting the following lines to the “Aliases:” section (about row 774). This file should reside at ORACLE_HOME\Apache\Apache\conf\httpd.conf. This document assumes the use of the CGI gateways. See the IBM Cognos documentation for information on using the Apache Mod gateways.
The mod_osso file provides information about which resources are “protected” by Oracle Portal Security. It also configures Oracle Portal to pass the REMOTE_USER variable to these resources for authentication. To Configure Oracle to protect IBM Cognos 8, add these lines to the mod_osso.conf file in the section labeled “Insert Protected Resources:” (about line 10). This file should be at
ORACLE_HOME/Apache/Apache/conf/mod_osso.conf. This syntax tells Oracle to intercept any requests for Cognos resources and invokes the Oracle SSO process. Authenticated users will be passed transparently to the requested Cognos resource. Unauthenticated users will be prompted with the Oracle portal login screen and, upon successfully entering OID credentials, be passed to the requested Cognos resource.
Restart the Apache instance and the IBM Cognos 8 services.
