And users were expecting it would do SSO accordingly and then go to http://twtpewapmap2u.hq.intra.mycompany.com:8080/SOMEAPP/#/dashboard, however, it actually goes to http://twtpewapmap2u.hq.intra.mycompany.com:8080/SOMEAPP/#/home instead, we have multiple pages created under this application, each made for different purpose and for different user groups, so we cannot squeeze everything into home.html and then use either the replacing home.html technique or the $state.go technique to redirect it back to the desired page.
Also, what is the clientCAMURI value on your instances.json? Do they have the same Cognos Server name (twtpewapmap2u.hq.intra.mycompany.com), and sso path used (cognosisapi.dll vs cognos.cgi)?
How about your ssoSlaves property in header.script.init.ftl file? They should all have the same port and machine name.
If I am doing it on a normal browser environment, the URL works, but as soon as I add http://twtpewapmap2u.hq.intra.mycompany.com/ibmcognos/cgi-bin/cognosisapi.dll? in front, it does not work anymore, according to our last discussion, the SSO redirects back to the page that has triggered the unauthorised access, and therefore home.html, however, the URL we are passing in should be the dashboard, so far I don’t have any idea how to get around this.
the clientCAMURI are the same, all lower case, FQDN and using cognosisapi.dll.
As that environment has a conflict of redirect and therefore authentication didn’t happen if using the normal Canvas URL, it would always stuck on the page for logging in but nothing happening (in the face of the user).
Using this long URL would trigger the authentication properly, at least for TM1Web, it works ok.
Can I assume if I update variables_TM1.xml it would work?
Tests from going through the URL in browser gave me this:
http://< canvas server > /< canvas app >/?cam_passport=XXXXX&CAMNamespace=CCCCCC
That is, after passing in a URL with c_cmd value as http://< canvas server > /< canvas app >/#/configuration. And as noted, it strips down the #/configuration part, and just replaces it with ?cam_passport and CAMNamespace parameter/value.
So if there is a simple setting or flag maybe in Cognos BI that allows redirect with the full URL passed, then that should help on this.
Then on using Canvas’ SSO mechanism, the returned response by Cognos BI should have in its HTML response / body, details about the CAMPassport. There should be visible information in there about:
cam_passport
CAMNamespace
You can check this out by opening the Developer Console of Chrome for example and clicking on the request to Cognos. It will look something like: