Topic
  • 4 replies
  • Latest Post - ‏2013-04-01T17:52:25Z by KCamp
SystemAdmin
SystemAdmin
217 Posts

Pinned topic How to reuse cam_passport to get hold of cmservice after sso

‏2013-03-29T16:09:13Z |
Hi,

I am trying to see how I can reuse cam_passport to get hold of cmService to do further processing without relogin, like running a report or executing a query...
In order to do so, I reused IBM provided DSServlet example and modified it to get cam_passport from cookies (present in request header).

But while executing cmService.run() or cmService.query() method calls, it returns with

"faultString: org.xml.sax.SAXException: Processing instructions are not allowed within SOAP messages" error.

So I am trying to understand if this is because the call to the gateway to get hold of the service is treated as a new session call? or is it something else? Please advise if you have any help on this.

code snippet from modified DSServlet

try
{

String endpoint = "https://localhost:9300/ibmcognos/cgi-bin/cognos.cgi";

String BIBUS_NS = "http://developer.cognos.com/schemas/bibus/3/";
String BIBUS_HDR = "biBusHeader";
/**
*
* The default port number 9300 above may need to be changed, if your Tomcat is listening on a different port number.
* The port number 9300 is the default port for Tomcat.
*
*/
ContentManagerService_ServiceLocator cmServiceLocator=new ContentManagerService_ServiceLocator();
ContentManagerService_PortType cmService=null;
cmService=cmServiceLocator.getcontentManagerService(new java.net.URL(endpoint));

System.out.println("Search for CAMPassport...");
System.out.println("Checking parameter...");
String cam_passport = request.getParameter("CAMPassport");
System.out.println("-----cam_passport=" + cam_passport);

System.out.println("Checking Header...");
if ( cam_passport == null ) {
// check in header
Enumeration headerNames = request.getHeaderNames();
while (headerNames.hasMoreElements()) {
String headerName = (String)headerNames.nextElement();
if( headerName.equalsIgnoreCase("CAMPassport") ||
headerName.equalsIgnoreCase("cam_passport") ) {

System.out.println("-----headerName=" + headerName);
cam_passport=request.getHeader(headerName);
System.out.println("Found-----cam_passport=" + cam_passport);
}
}
}

System.out.println("Checking Cookies...");
Cookie[] cookies = request.getCookies();
for ( int i=0; i<cookies.length; i++) {
Cookie cookieLocal = cookies[i];
if ( cookieLocal.getName().equalsIgnoreCase("CAMPassport") ||
cookieLocal.getName().equalsIgnoreCase("cam_passport") ) {

System.out.println("-----cookieLocal.getName()=" + cookieLocal.getName());
cam_passport = cookieLocal.getValue();
System.out.println("Found-----cookieLocal.getValue()=" + cookieLocal.getValue());

}
}

BiBusHeader bibus = new BiBusHeader();

CookieVar newBiBusCookieVars[] = new CookieVar[1];
newBiBusCookieVars[0] = new CookieVar();
newBiBusCookieVars[0].setName("cam_passport");
newBiBusCookieVars[0].setValue(cam_passport);
HdrSession hdrSession = new HdrSession();
hdrSession.setCookieVars(newBiBusCookieVars);
bibus.setHdrSession(hdrSession);
((Stub)cmService).setHeader(BIBUS_NS, BIBUS_HDR, bibus);
BaseClass bc[];
QueryOptions qop = new QueryOptions();
System.out.println("binding.getActiveContentManager()="+cmService.getActiveContentManager());

bc = cmService.query(new SearchPathMultipleObject("/content/folder{PropEnum.searchPath}, new Sort[]{},new QueryOptions());
if (bc.length > 0)
{
for(int i = 0; i < bc.length; i ++)
{
Report rep = (Report)bc[i];
String encoded_path = xmlEncodeHelper(rep.getSearchPath().getValue());
xml += "<row><value>" + encoded_path + "</value></row>";
}
}
}

The code fails on
cmService.getActiveContentManager() with the error. The same happens on
bc = cmService.query(new SearchPathMulti... line as well if I remove the earlier cmService method call.

This servlet is called after SSO is being done and the SSO attribute ("userid") is present in the request attribute and also since I launched to get into gateway from the same browser session it takes into Cognos home page directly( implying sso is working fine, without asking any new auth ) and I can see cam_passport in the request header as cookie. And I am using this cam_passport from request header to pass along to get hold for cmService in DSServlet. I am not sure what is wrong with this approach yet except if the new call creates a completely new http session and can not even do valid connect/login.

Any help on this will be great.
Thank You


List of attributes and values seen after doing sso into gateway

host: abc.com user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:19.0) Gecko/20100101 Firefox/19.0 accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate cookie: __utma=58484526.1198209776.1364402488.1364506937.1364571335.5; __utmc=58484526; __utmz=58484526.1364571335.5.3.utmcsr=sso.com|utmccn=(referral)|utmcmd=referral|utmcct=/uPortal/render.userLayoutRootNode.uP; CRN=showWelcomePage%3Dtrue%26listViewSeparator%3Dnone%26displayMode%3Dlist%26timeZoneID%3DPST%26automaticPageRefresh%3D30%26format%3DHTML%26productLocale%3Den%26useAccessibilityFeatures%3Dfalse%26showOptionSummary%3Dtrue%26columnsPerPage%3D3%26contentLocale%3Den-us%26showHiddenObjects%3Dfalse%26skin%3Dcorporate%26linesPerPage%3D15%26; cea-ssa=false; usersessionid=AQgAAACi811RAAAAAAoAAABOdfrGCWeSkx4PFAAAAF5wIx0g+BJnN1djefywyCt2uXdzFAAAAEbkXSkqP5swmA7Jq1tAMEsYCaVB; cam_passport=MTsxMDE6YTk0NWMyNmUtZGUxYS02Yzc0LTczY2ItMjU4NzFhMzRlMmZiOjEwMzQ4NDg0OTE7MDszOzA7; userCapabilities=3%3B703f8000%3B2f%3B8f0770fa%26ARQAAABecCMdIPgSZzdXY3n8sMgrdrl3c6F9o%2B2rOhFPE6KsKXKZ%2FuwiBlEG; caf=CAFW000001d0Q0FGQTNjMDAwMDAxMTBGQUFBQUY1d0l4MGcqQkpuTjFkamVmeXd5Q3QydVhkekZEU0VqeERBenZhNHNqMC1zazhjNmd3OVlhNF8zNzkwMjl8MTAxOjJlOGFlOTc2LTMyYjctNGU3Ny0xZWU1LWY5NmU2NDEyMGU0NToxMDU0MTc0MDc0fE1Uc3hNREU2TW1VNFlXVTVOell0TXpKaU55MDBaVGMzTFRGbFpUVXRaamsyWlRZME1USXdaVFExT2pFd05UUXhOelF3TnpRN01Ec3pPekE3fDEwMTphOTQ1YzI2ZS1kZTFhLTZjNzQtNzNjYi0yNTg3MWEzNGUyZmI6MTAzNDg0ODQ5MXxNVHN4TURFNllUazBOV015Tm1VdFpHVXhZUzAyWXpjMExUY3pZMkl0TWpVNE56RmhNelJsTW1aaU9qRXdNelE0TkRnME9URTdNRHN6T3pBNw__; CogCacheService=606310330438753; cc_session="s_cc:|s_conf:na|s_sch:td|s_hd:sa|s_serv:na|s_disp:na|s_set:|s_dep:na|s_dir:na|s_sms:dd|s_ct:sa|s_cs:sa|s_so:sa|e_hp:CAMID(*22default*3au*3auid*3d56133*22)|e_proot:Public*20Folders|prootid:iEF4E0C6706EF4FAE9480C6F5AFD917EB|e_mroot:My*20Folders|mrootid:i62F252356AF64664BB68EA8BA2C8FDF7|e_mrootpath:CAMID(*22default*3au*3auid*3d56133*22)*2ffolder*5b*40name*3d*27My*20Folders*27*5d|e_user:Rayamajhi*2c*20Susil|cl:en-us|dcid:iEF4E0C6706EF4FAE9480C6F5AFD917EB|show_logon:true|uig:|ui:|rsuiprofile:all|lch:f|lca:f|ci:f|write:true|eom:0|pp:1034848491|cachestamp:2013-03-28T17:41:55"; __utmb=58484526.2.10.1364571335; _shibsession_64656661756c7468747470733a2f2f767834342e756373662e6564752f73686962626f6c657468=_2a92380fe89a47293bfd991438bc5b38 connection: keep-alive Shib-Session-ID: _2a92380fe89a47293bfd991438bc5b38 Shib-Identity-Provider: https://idp-stage..com/idp/shibboleth Shib-Authentication-Method: urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport Shib-Authentication-Instant: 2013-03-29T15:35:32.516Z Shib-AuthnContext-Class: urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport Shib-AuthnContext-Decl: Shib-Assertion-Count: uid: user123 userid: 02user1235 eppn: affiliation: unscoped-affiliation: entitlement: assurance: targeted-id: persistent-id: Shib-Application-ID: default REMOTE_USER: user123 content-length: 0



Output on the console:


Search for CAMPassport...
Checking parameter...
Checking Header...
Checking Cookies...
-----cookieLocal.getName()=cam_passport
Found-----cookieLocal.getValue()=MTsxMDE6MGQzNTRhYTMtMzhkYi1hZGNlLWIzMWUtZmFlZDgxMWYyZmRjOjA3NDEyMTAyMjY7MDszOzA7
AxisFault
faultCode: {http://schemas.xmlsoap.org/soap/envelope/}Server.userException
faultSubcode:
faultString: org.xml.sax.SAXException: Processing instructions are not allowed within SOAP messages
faultActor:
faultNode:
faultDetail:
{http://xml.apache.org/axis/}stackTrace:org.xml.sax.SAXException: Processing instructions are not allowed within SOAP messages
at org.apache.axis.encoding.DeserializationContext.startDTD(DeserializationContext.java:1161)
at org.apache.xerces.parsers.AbstractSAXParser.doctypeDecl(Unknown Source)
at org.apache.xerces.impl.dtd.XMLDTDValidator.doctypeDecl(Unknown Source)
at org.apache.xerces.impl.XMLDocumentScannerImpl.scanDoctypeDecl(Unknown Source)
at org.apache.xerces.impl.XMLDocumentScannerImpl$PrologDispatcher.dispatch(Unknown Source)

Updated on 2013-04-01T17:52:25Z at 2013-04-01T17:52:25Z by KCamp
  • KCamp
    KCamp
    20 Posts

    Re: How to reuse cam_passport to get hold of cmservice after sso

    ‏2013-04-01T12:50:48Z  
    I'd suggest putting using TCPMon to proxy your communication to your server to see what response you are actually getting back. I suspect you are getting some sort of HTTP error page back from the gateway.

    Is this URL actually correct? "https://localhost:9300/ibmcognos/cgi-bin/cognos.cgi"

    In a normal cognos setup, 9300 is the tomcat port, not the gateway (i.e. webserver) port. Also, be very cautious about domains for your cookies. In a default congos install, let's say with this URL

    https://localhost:80/ibmcognos/cgi-bin/cognos.cgi

    A cookie generated there will be valid for localhost only, with a path of /ibmcognos. If you for example try to go to the disptacher URL for external applications (i.e. https://localhost:9300/p2pd/servlet/dispatch) or use a
    real machine name like "myserver.org" then the cookies won't be valid in that context and will be rejected.
  • SystemAdmin
    SystemAdmin
    217 Posts

    Re: How to reuse cam_passport to get hold of cmservice after sso

    ‏2013-04-01T17:43:45Z  
    • KCamp
    • ‏2013-04-01T12:50:48Z
    I'd suggest putting using TCPMon to proxy your communication to your server to see what response you are actually getting back. I suspect you are getting some sort of HTTP error page back from the gateway.

    Is this URL actually correct? "https://localhost:9300/ibmcognos/cgi-bin/cognos.cgi"

    In a normal cognos setup, 9300 is the tomcat port, not the gateway (i.e. webserver) port. Also, be very cautious about domains for your cookies. In a default congos install, let's say with this URL

    https://localhost:80/ibmcognos/cgi-bin/cognos.cgi

    A cookie generated there will be valid for localhost only, with a path of /ibmcognos. If you for example try to go to the disptacher URL for external applications (i.e. https://localhost:9300/p2pd/servlet/dispatch) or use a
    real machine name like "myserver.org" then the cookies won't be valid in that context and will be rejected.
    Hi KCamp,

    Thanks for your response. I am using gateway url not dispatcher (p2pd..) . And it is in the form;
    https://http://abc.mycompany.edu/ibmcognos/cgi-bin/cognos.cgi.

    This URL is what is used to get into Cognos via browser and also via DSServlet code.

    When you say put TCPMon, are you saying to use something like wireshark to check http response back?

    Also is it enough to attached the cam_passport only( doc says so ) ? because I see a lot of other cookies regarding cognos. Do they all need to be attached as well in "BiBusHeader"?

    Thank you.
  • SystemAdmin
    SystemAdmin
    217 Posts

    Re: How to reuse cam_passport to get hold of cmservice after sso

    ‏2013-04-01T17:47:30Z  
    Hi KCamp,

    Thanks for your response. I am using gateway url not dispatcher (p2pd..) . And it is in the form;
    https://http://abc.mycompany.edu/ibmcognos/cgi-bin/cognos.cgi.

    This URL is what is used to get into Cognos via browser and also via DSServlet code.

    When you say put TCPMon, are you saying to use something like wireshark to check http response back?

    Also is it enough to attached the cam_passport only( doc says so ) ? because I see a lot of other cookies regarding cognos. Do they all need to be attached as well in "BiBusHeader"?

    Thank you.
    The url is being displayed as
    https://http://abc.mycompany.edu/ibmcognos/cgi-bin/cognos.cgi.

    I simply wanted to write it as

    https://abc.mycompany.edu/ibmcognos/cgi-bin/cognos.cgi.
  • KCamp
    KCamp
    20 Posts

    Re: How to reuse cam_passport to get hold of cmservice after sso

    ‏2013-04-01T17:52:25Z  
    Yes, something like Wireshark or TCPMon.

    The error you are getting back "faultString: org.xml.sax.SAXException: Processing instructions are not allowed within SOAP messages" error. isn't from Cognos.
    The Cognos SDK uses SOAP to talk to the Cognos server, the error you are getting back is exactly the kind of thing you would see if it made a request back and
    got back some sort of HTML error page instead. I.e. if you pointed your Cognos SDK at any arbitrary url, say ibm.com, you'd see that kind of message.

    As for cookies, it is good practice to copy them all verbatim.