Claims Based Authentication

QueryVision fully supports Claims Based Authentication (CBA), and will enable users to authenticate using our SSO Web Part between SharePoint and Cognos.
Both SharePoint 2010 and SharePoint 2013 are fully supported for all versions of Cognos (8.4-10.x)

To set up CBA with QueryVision, you need to configure authentication to use the “SSO Dynamic” option.

There are three different types of Claims Authentication Types in SharePoint all of which are supported.

  1. Windows Authentication / Integrated Windows Authentication
  2. Forms Based Authentication (FBA)
  3. Trusted Identity Provider (e.g. SAML)

Claims Authentication Types are setup on a SharePoint Web Application basis. You can find these settings by going into Central Administration and clicking on Application Management / Manage Web Applications. This will bring you to a list of your Web Applications. Simply choose one and then click “Authentication Providers” from the ribbon, click the zone and you will see the detailed configuration this web application.
Details will include which Authentication Type(s) you are using and in the case of FBA you will see the ASP.NET Membership provider name being used.

Configuring the QueryVision SSO Web Part properly under each situation is simply a matter of mapping to the Cognos Namespace for authentication.
This is done within the QVTConfig.xml configuration file. Within the Namespaces section you will find the following section:

If you followed the setup instructions you will have already defined the Name, DisplayName and NameSpaceID to match that of your Cognos server.
Once you have done this you simply now have to map your NetbiosDomain to this Namespace. Use the table below to determine your settings:

Claim TypeSource ValueExamples for NetbiosDomain Value
Windows Authentication / Integrated Windows AuthenticationActive Directory Domain
If AD user is "MyCompany\username" enter "MyCompany"
Forms Based AuthenticationValue from ASP.Net Memberhip Provider in Web Application Settingsif ASP.NetProvider entry is "MyMemberShipProvider" enter "MyMemberShipProvider"
Trusted Signon Provider (e.g. SAML)Trusted Provider Claim issuer name (e.g. adfs)if SAML provider is "ADFS" enter "ADFS"