Configure login using TM1 Web URL API with Cognos Analytics security

Local only In Planning Analytics version 2.0.8, a new parameter CSPHeaderFrameSource is available in the tm1web_config.xml file. If you use the TM1® Web URL API configured with integrated security mode 5 (Cognos® Analytics security authentication), you must set this parameter to allow users to log in. This parameter controls security of the context that is loaded in the <frame> element, which is used by TM1 Web URL API. The CSPHeaderFrameSource parameter defines allowed sources for Content-Security-Policy (CSP) frame-src policy.


<add key="CSPHeaderFrameSource" value="" />

If the CSPHeaderFrameSource is specified, it sets the allowed sources for the frame-src policy. If the value is left blank or the parameter is not set, the default value is '*', which allows content from all sources to load.

Remember: In IBM® Planning Analytics Local version 2.0.8, you install a new version of the tm1web_config.xml file that is called and your existing tm1web_config.xml file is preserved. To take advantage of fixes that are applied to this release, you must rename the file to tm1web_config.xml and you must reapply any changes that you made to your previous configuration settings.


<add key="CSPHeaderFrameSource" value="'self'" /> 

Sets the frame-src policy to 'self'.

Allows contents from the site's origin to load.


<add key="CSPHeaderFrameSource" value="http://CAM_HOST:CAM_PORT http://TM1WEB_HOST:TM1WEB_PORT" />

Sets the frame-src policy to http://CAM_HOST:CAM_PORT http://TM1WEB_HOST:TM1WEB_PORT.

Allows contents from CAM_HOST:PORT and TM1WEB_HOST:PORT to load.

What to do next

For more information on how to define sources for frame-src, see Sources on the MDN web docs site.