To use Cognos product documentation, you must enable JavaScript in your browser.

Configuring Cognos 8 Components to Use an NTLM Namespace

You can configure Cognos 8 components to use the Windows native security, NT LAN Manager (NTLM), as the authentication source.

If you are not using NTLM in your IS environment, you cannot use an NTLM namespace.

If you want to use an NTLM user directory as your authentication source with eTrust SiteMinder, you must verify the Agent Configuration Object properties in the eTrust SiteMinder Policy Server. Ensure that SetRemoteUser is activated.

To use NTLM and to set up single signon, do the following:

      configure an NTLM namespace
      enable single signon between NTLM and Cognos 8 components

Configure an NTLM Namespace

You can configure Cognos 8 components to use an NTLM namespace when users are stored in an NTLM user directory. The NTLM user directory may also be accessed using an eTrust SiteMinder authentication provider.

Steps

  1. On the computer where you installed Content Manager, open Cognos Configuration.

  2. In the Explorer window, under Security, right-click Authentication, and click New resource, Namespace.

  3. In the Name box, type a name for your authentication namespace.

  4. In the Type list, click NTLM and click OK.

    The new authentication provider resource appears in the Explorer window, under the Authentication component.

  5. In the Properties window, for the NamespaceID property, specify a unique identifier for the namespace.

    Tip: Do not use colons (:) in the NamespaceID property.

  6. Specify the values for all other required properties to ensure that Cognos 8 components can locate and use your existing authentication provider.

  7. From the File menu, click Save.

  8. Test the connection to a new namespace. In the Explorer window, under Authentication, right-click the new authentication resource and click Test.

Cognos 8 loads, initializes, and configures the provider libraries for the namespace.

Enable Single Signon Between NTLM and Cognos 8 Components

By default, the Cognos NTLM provider integrates with the IIS Web server for single signon if Windows integrated authentication (formerly named NT Challenge Response) is enabled on the IIS Web server.

If Windows integrated authentication is enabled, you are not prompted to reenter authentication information when accessing Cognos content that is secured by the NTLM namespace.

Steps

  1. Set up Windows integrated authentication on the IIS Web server.

  2. Install Content Manager on a computer that is part of the domain, for the active and standby Content Manager computers.

  3. Set up the computers, or the user account under which Content Manager runs, to be trusted for delegation.

  4. Test the connection to a new namespace. In the Explorer window, under Authentication, right-click the new authentication resource and click Test.

Cognos 8 loads, initializes, and configures the provider libraries for the namespace.