anonymous access

A method of accessing resources in which users are not authenticated, and all users gain the same access permissions.

authentication

The process of verifying the identity of users when they log on. Users must be authenticated before they can be authorized to use any secured resources.

authentication provider

The communication mechanism to an external authentication source. Functionality such as user authentication, group membership, and namespace searches are made available through authentication providers.

IBM Cognos Authentication Services

Authentication is the process of identifying individuals before allowing them to log on.

Authentication in IBM Cognos 8 is integrated with third-party authentication providers. Authentication providers define users, groups, and roles used for authentication. User names, IDs, passwords, regional settings, and personal preferences are some examples of information stored in the authentication source accessed by the provider. An authentication namespace is an instance of a configured authentication provider.

To set up authentication for IBM Cognos 8, you must configure IBM Cognos 8 using one or more of these authentication providers:

*

LDAP
*

Windows NT LAN Manager (NTLM)
*

Microsoft Active Directory
*

IBM Cognos 7 namespaces created using IBM Cognos 7 Access Manager and available with other IBM Cognos products
*

eTrust SiteMinder
*

Custom Java provider



Anonymous Users

Anonymous users do not log on. However, you can choose to override the anonymous account and log on using Logon As from the Data Manager Actions menu. This forces a logon to one of your other namespaces. You can repeat this process for as many namespaces as you have. If you have logged on to all your namespaces, and attempt to log on again, a message informs you of this. Using anonymous access means that there is no authentication required to access IBM Cognos 8 data sources or published packages.

A user can request anonymous or authenticated access to IBM Cognos 8. Anonymous access can be enabled or disabled for IBM Cognos 8. For more information see IBM Cognos Authentication Services.

Anonymous Access


When a user requests anonymous access to IBM Cognos 8, the following occurs:

1.

The user attempts to access the IBM Cognos 8 Welcome page or any other IBM Cognos 8 user interface from a Web browser, sending a request to the IBM Cognos 8 gateway.
2.

The IBM Cognos 8 gateway accepts the request and sends it to a dispatcher.
3.

The dispatcher notes that there is no passport attached to the request, and sends the request to Content Manager.
4.

Content Manager sends the request to Access Manager.
5.

Anonymous access is enabled in this IBM Cognos 8 system, so a passport is attached to the request and the request is returned through Content Manager to the dispatcher.
6.

The dispatcher processes the request and sends it to the presentation service.
7.

The presentation service sends the Welcome page back through the dispatcher and the gateway to the user.

Enable Anonymous Access Steps

When using single signon with Microsoft Internet Information Services (IIS), anonymous access must be enabled for portal users to access IBM Cognos 8
Steps

1.

On each computer where Content Manager is installed, start IBM Cognos Configuration.
2.

In the Explorer window, under Security, Authentication, click Cognos.
3.

In the Properties window, click the box next to the Allow anonymous access property and then click True.
4.

From the File menu, click Save.

Authenticated Access

When a user requests authenticated access to IBM Cognos 8, the following occurs:

1.

The user attempts to access the IBM Cognos 8 Welcome page or any other IBM Cognos 8 user interface from a Web browser, sending a request to the IBM Cognos 8 gateway.
2.

The gateway accepts the request and sends it to a dispatcher.
3.

The dispatcher notes that there is no passport attached to the request and sends the request to Content Manager.
4.

Content Manager sends the request to Access Manager.
5.

Anonymous access is disabled in this IBM Cognos 8 system, so Access Manager sends the request back to Content Manager with a fault attached. The fault contains information about what is needed to log on. For example, if there are multiple namespaces, the user may be required to select a namespace. If there is only one namespace, the user may be required to provide a user ID and password.
6.

Content Manager returns the request with the attached fault to the dispatcher.
7.

The dispatcher sends the request to the presentation service.
8.

The presentation service creates the appropriate logon page for the user, and returns the page through the dispatcher and the gateway to the user.
9.

The user enters the required information, such as a user ID and password. The information is attached to the original request and sent through the gateway to the dispatcher.
10.

The dispatcher sends the request to Content Manager.
11.

Content Manager sends the request to Access Manager.
12.

If all the required information is correct, Access Manager issues a passport, attaches it to the original request, and sends the request back to Content Manager. If the required information is incorrect or incomplete, then the request faults back to step 9.
13.

Content Manager sends the request to a dispatcher.
14.

The dispatcher processes the request and sends it to the presentation service.
15.

The presentation service sends the Welcome page back through the dispatcher and the gateway to the user.

http://publib.boulder.ibm.com/infocenter/c8bi/v8r4m0/index.jsp?topic=/com.ibm.swg.im.cognos.ug_inst_crn_cnfg.8.4.0.doc/ug_inst_crn_cnfg.html