Arc with reverse Proxy CAM Login (ARR IIS Routing)

Hi there,

i tried to beautify our arc url with IIS and a reversed proxy rule which is rewrite to the arc server instance (port 7070).

When i try to access Arc it works fine, can’t see any issue in the console. but when i try to login with CAM i get the error that the server is not a correct location, i added the Proxy URL to TM1Web.html on our Analytics Server similar to the original host name.

i really have no clue why this is not working.

Does anyone already tried this or had success?

Thanks and BR

Hi @Olide02 ,

Have you tried to add your proxy URL to the Cognos Application Firewall as it is explained here:



Hi @Vincent,

yes i have done this and the CAF settings are correct, if i remove my added entry, i don’t get the TM1Web.html message with missing host, instead i got the CAF error message.

i also updated the TM1_Variables.xml file and added every entry with the new Domain used on the reversed proxy in IIS.

Still got this error message, with the Hostname everything works fine (host:7070 → is working || → Loading page but can’t get redirected back to arc after receiving passport, due to Whitelist)

Ofc i restarted Cognos Analytics and IBM PA after doing this changes, i also wiped my cookies and cache.


Here are my host settings from TM1Web.html

var tm1webServices = ["http://hostname:9510","http://hostname:7070","http://proxydomain:9510","http://proxydomain:7070","http://proxydomain:80"];

I’m not sure if i would have to specify port 7070 for the proxydomain since its running on 80, but i tried to add all possibility’s

Edit: ok got it working with remove port 80 from the array and just leave the domain… But i still have the issue that the cam passport/arc Auth token doen’t get over to arc properly, i got the redirect window then it closes but arc says “Auth data invalid” and i can’t login over the proxy domain.

This is just an issue on the proxy domain, not on the host:7070 directly.

Thanks for your help!

Hi @Olide02

To confirm, are you able to authenticate using the Gateway option when Arc is running locally on :7070?

What about authenticating using the CAM namespace option through the proxy domain?

If you’re accessing Arc through a rewrite on IIS, you’ll also need to rewrite the session cookie path that Arc sets so you remain authenticated. Otherwise the next request will return an unauthorized response and you will be promoted to authenticate again.

Hope this helps.


1 Like

Hi @gbryant

thanks for your input, i’m pretty sure you right but i think i forwarded all URL’s correctly… i will check the dev console if i missed a part.

Yes the login works from local/hostdomain:7070, just the does not work right (this is my reversed proxy url i configured in iis).

Anyways here a Screenshot from my cookies on Host after login:

Here the one with the proxy domain, one cookie is missing but the path is “/”

Do you may know a guide or something where i can take a look at it? I forwarded all Paths i could find with the dev console (like “__/” and “_api/”).

I tried to google how to forwared a session cookie but mostly i just find ASP related things.

Thanks for your help.

Edit: Got it working, thank you all!

This is the Outbound rule i added for the Cookie Rewrite, now everything works fine!

                <remove name="Update Cookie Path" />
                <rule name="Update Cookie Path">
                    <match serverVariable="RESPONSE_Set_Cookie" pattern="^(.*; path=/)*" />
                    <conditions />
                    <action type="Rewrite" value="{R:1}" />
1 Like

Hi there,

I’m sorry to bump this again, but how can i open Dev Console in Slice? Arc ist working fine but i found that Slice isn’t working properly (same login issue as before, cookie don’t get fwd) i would like to check the Cookie path in slice, i think it used a different path?

Thanks for your help.

Hi @Olide02

To make Slice work, you need to use valid Arc URL in Slice settings.

To open debug tools in Slice, just press CTRL+ALT+D in Excel.

Hi there,

i hope I’m allowed to push this thread again, as i found an issue with slice and the Reversed Proxy where i’m not sure what is causing that.

Login and Slice Window works perfectly, i can normally edit rules, view cubes etc. but the Formulas in Excel does not get evaluated correctly if i connect to the reversed Proxy url (works with hostname directly)

I got the message #Connect! in Cells.

Any idea what could cause this behavior?


@Olide02 I can’t comment on the error you’re getting in cells. However, I would be interested to know how you are currently rewriting the paths and where from e.g Default Website, virtual directory etc in IIS.

From what you’ve said above, it sounds like you have a number of rules in place to cover all of the paths you’ve found by inspecting the network requests. In theory, this works but it’s likely to cause some trouble as you need to ensure every path has been enumerated. They could also change in future releases of Arc / Slice. You should be able to accomplish a rewrite using a single rule covering all paths.


Hi @Olide02

Can you create an issue here:

Please provide Slice and Arc settings.