Apliqo SSO and Cognos Analytics

rdclapp · July 2, 2020, 7:17pm

Hello!
We are struggling to get SSO to work with Cognos Analytics and Apliqo. SSO works for all of our other front ends (Architect, PAW, PAX, TM1Web, CA, etc). However on redirect Cognos returns “The forward URL does not exist or it has failed validation. Ensure that a valid forward URL is specified.”

We have validated that the variables_TM1.xml file is updated and it matches the redirect URL from the gateway.

CA URL: https://mycognossite/ca/bi/v1/disp?b_action=xts.run&m=portal/bridge.xts&CAMNamespace=Cognos%20ANT&c_env=portal/variables_TM1.xml&c_mode=get&c_cmd=https://myapliqosite:443/app/

<CRNenv>
	<urls>
		<url is-regex="true">http://localhost/TM1Web(/\([aAsS]\([A-Za-z0-9]+\)\))?/TM1WebLogin.aspx</url>
		<url is-regex="true">http://localhost/TM1Web(/\([aAsS]\([A-Za-z0-9]+\)\))?/TM1WebLoginHandler.aspx</url>
		<url is-regex="true">http://localhost/TM1Web(/\([aAsS]\([A-Za-z0-9]+\)\))?/TM1WebMain.aspx</url>
		<url>https://myapliqosite:443/app/</url>
		<url>https://myapliqosite/app/</url>
		<url>../tm1/web/tm1web.html</url> 
	</urls>
	<cookies>
		<param name="cam_passport"/>
	</cookies>
</CRNenv>

The xdomain files are in place and updated as well. Is there anything special that needs to be done for CA to work correctly? What should we do to troubleshoot this further?

nkaushal · July 2, 2020, 10:20pm

Hi @rdclapp,

Looks like a “/” missing in the 4th URL within variables_tm1.xml. Could you add that missing slash and give it a re-test? I’d suggest clearing your cache or testing it incognito mode before the test.

Thanks,
Nimeesh

rdclapp · July 2, 2020, 10:38pm

Sorry, bad copy paste job. Fixed the original post.

nkaushal · July 3, 2020, 1:07am

Hi @rdclapp,

Are you able to share a screenshot of instances.json file? Specifically keen to check what the CAM properties are as defined here in this link: Parameters in the instances.json file - Cubewise CODE.

Thanks,
Nimeesh

plim · July 3, 2020, 1:19am

Just to add to @nkaushal, that error usually is due to some configuration in CA.

The test that could be quickly done for that would be to copy and paste that URL:

https://mycognossite/ca/bi/v1/disp?b_action=xts.run&m=portal/bridge.xts&CAMNamespace=Cognos%20ANT&c_env=portal/variables_TM1.xml&c_mode=get&c_cmd=https://myapliqosite:443/app/

Into any browser and see if it redirects to the Apliqo site/URL.

Looks like the URL passed is exactly as what was in the variables_TM1.xml. Perhaps there is some configuration that needs to be done with the Cognos Application Firewall?

If it is a non-production server, is it possible to temporarily turn that off and see if that helps?

Cheers,

Paul

rdclapp · July 3, 2020, 1:33am

The firewall has been disabled and in our instances file we have the following options set

[

    {

        "name": "contentStore",

        "restUri": "http://MYTM1Server-ux-d01:8888",

        "camNamespaces":["Cognos ANT"],

        "tm1WebUri": "http://MYTM1Server-ux-d01:9510/tm1web",

        "applyParenthesisFormatting": true,

        "chartColorScheme": [

            "#232F3E"

        ],

        "useSSOWithCAM":true,

        "useSSORedirecWithBaseURL":true,

        "loginInstances": [

            "Management",

            "Finance",

            "MissionControl",

            "WFPSample"

        ]

    },

    {

        "name": "Management",

        "restUri": "https://MYTM1Server-dev-09:9000",

        "camNamespaces":["Cognos ANT"],

        "tm1WebUri": "https://MYTM1Serverweb.corp.company.com/tm1web",

        "applyParenthesisFormatting": true,

        "useSSOWithCAM":true,

        "useSSORedirecWithBaseURL":true,

        "chartColorScheme": [

            "#232F3E"

        ]

    },

    {

        "name": "Finance",

        "restUri": "https://MYTM1Server-dev-12:9091",

        "camNamespaces":["Cognos ANT"],

        "tm1WebUri": "https://MYTM1Serverweb.corp.company.com/tm1web",

        "applyParenthesisFormatting": true,

        "useSSOWithCAM":true,

        "chartColorScheme": [

            "#232F3E"

        ]

    },

    {

        "name": "MissionControl",

        "restUri": "https://MYTM1Server-util-01:9091",

        "camNamespaces":["Cognos ANT"],

        "tm1WebUri": "https://MYTM1Serverweb.corp.company.com/tm1web",

        "applyParenthesisFormatting": true,

        "useSSOWithCAM":true,

        "useSSORedirecWithBaseURL":true,

        "chartColorScheme": [

            "#232F3E"

        ]

    },

    {

        "name": "WFPSample",

        "restUri": "https://MYTM1Server-TEST-01:9001",

        "camNamespaces":["Cognos ANT"],

        "tm1WebUri": "https://MYTM1Serverweb.corp.company.com/tm1web",

        "applyParenthesisFormatting": true,

        "useSSOWithCAM":true,

        "useSSORedirecWithBaseURL":true,

        "chartColorScheme": [

            "#232F3E"

        ]

    }

]

plim · July 3, 2020, 1:49am

Thanks for posting the content of instances.json file. It looks to be alright from the Apliqo side of things.

The next check would be on the CA side.

The first check/test to do on this case is to copy the CA URL that you posted into any browser and see if CA redirects it back to that URL (value of c_cmd).

Can you confirm / double check that the variables_TM1.xml and the other relevant files are on the correct location / server?

–
Paul