• 1 reply
  • Latest Post - ‏2011-10-31T16:23:53Z by SystemAdmin
1 Post

Pinned topic authenticating using REST

‏2011-09-22T12:32:27Z |
I am new to the CMS and SDK. I want to create a PHP page that uses javascript to authenticate the user to the cognos server so that I can then retrieve the Cognos report data for displaying to my web application.
Here is my big question, and it may be pretty dumb...but I am stumped. I have a web application that resides on server A (host name I need to authenticate to my Cognos server on server B (hot name I am trying to do this using the REST interface. But because I am crossing servers, I am getting the 403 forbidden - which is due to the cross site scripting prevention. is the dumb question, do all my apps that want to use CMS need to reside on the Cognos server???
Updated on 2011-10-31T16:23:53Z at 2011-10-31T16:23:53Z by SystemAdmin
  • SystemAdmin
    217 Posts

    Re: authenticating using REST

    The REST api uses cookies and if cookies cannot be seen from one domain to another, it will not work.

    You can look for cookies by poking around privacy settings on Firefox/IE.

    Try setting the path in Cognos global settings to "" or "/" (least restrictive) so Cognos cookies are visible from your caller application.

    The work-around is to authenticate using the SDK (even REST) from your client app and then form-post all the cookies Cognos sets to a dummy page on the BI server web-gateway (under webcontent or webapps/p2pd/). So long as the dummy page sets an authentication cookies (there are several in C10, not just cam_passport) where Cognos can find it, the request will not be forbidden.

    There's another aspect to cross-site scripting which involves javascript permissions. The browser won't let you replace a URL from one site in another. You can work around this issue with a double frame-set approach. Replace (page having IFRAME with site A link) with (page having IFRAME with site B link).