Topic
IC4NOTICE: developerWorks Community will be offline May 29-30, 2015 while we upgrade to the latest version of IBM Connections. For more information, read our upgrade FAQ.
1 reply Latest Post - ‏2011-10-31T16:23:53Z by SystemAdmin
JosieRies
JosieRies
1 Post
ACCEPTED ANSWER

Pinned topic authenticating using REST

‏2011-09-22T12:32:27Z |
I am new to the CMS and SDK. I want to create a PHP page that uses javascript to authenticate the user to the cognos server so that I can then retrieve the Cognos report data for displaying to my web application.
Here is my big question, and it may be pretty dumb...but I am stumped. I have a web application that resides on server A (host name eiprod.xxxx.edu). I need to authenticate to my Cognos server on server B (hot name bireporting.xxxx.edu). I am trying to do this using the REST interface. But because I am crossing servers, I am getting the 403 forbidden - which is due to the cross site scripting prevention. So...here is the dumb question, do all my apps that want to use CMS need to reside on the Cognos server???
Thanks
Updated on 2011-10-31T16:23:53Z at 2011-10-31T16:23:53Z by SystemAdmin
  • SystemAdmin
    SystemAdmin
    217 Posts
    ACCEPTED ANSWER

    Re: authenticating using REST

    ‏2011-10-31T16:23:53Z  in response to JosieRies
    The REST api uses cookies and if cookies cannot be seen from one domain to another, it will not work.

    You can look for cookies by poking around privacy settings on Firefox/IE.

    Try setting the path in Cognos global settings to "xxxx.edu" or "/" (least restrictive) so Cognos cookies are visible from your caller application.

    The work-around is to authenticate using the SDK (even REST) from your client app and then form-post all the cookies Cognos sets to a dummy page on the BI server web-gateway (under webcontent or webapps/p2pd/). So long as the dummy page sets an authentication cookies (there are several in C10, not just cam_passport) where Cognos can find it, the request will not be forbidden.

    There's another aspect to cross-site scripting which involves javascript permissions. The browser won't let you replace a URL from one site in another. You can work around this issue with a double frame-set approach. Replace (page having IFRAME with site A link) with (page having IFRAME with site B link).