Scenario 1: Processing Requests That Contain All Required Logon Information

An authentication request is sent to the provider with enough information to authenticate the user in the source namespace. When the user is successfully authenticated, the provider creates a visa. The IBM® Cognos® Analytics server appends the visa to its passport and sets the passport ID cookie in the browser.

The following examples meet these criteria:

  • The request includes information for single sign-on with cookies. For example, it includes a session cookie.
  • A Software Development Kit program sends a request with the logon credentials in the Credential element of the BiBusHeader section.

The steps when the request contains all required information to authenticate a named user are shown here.

  1. The gateway makes a request to the dispatcher for a resource.

    No passport is attached to the request.

  2. The dispatcher makes a request to authentication services.
  3. Authentication services calls the provider to authenticate the user.
  4. The user is authenticated by the provider and a visa is created.
  5. Authentication services issues a passport and adds the newly created visa to it.
  6. A reference to the passport is attached to the request. This reference is stored in the browser as a session cookie.