Troubleshooting
Problem
User launches Excel. User clicks the 'Controller' add-in, and then clicks 'Log on...':
User chooses database. This works OK.
User then clicks "Log off". Again this works OK.
User then clicks "Log on...". User chooses database. An error message appears.
Symptom
AAA-AUT-0013
The user is already authenticated in all available namepaces.
The user is already authenticated in all available namepaces.
Cause
There are several known causes of the 'AAA-AUT-0013' error.
- TIP: For more examples, see separate IBM Technote #1346138.
This Technote specifically relates to the scenario where the cause is a limitation of Controller, when all of the following are true:
- Controller using a Cognos Analytics report server
- CA is using the default settings inside its 'logoff.xts' file.
- Cognos Analytics and Controller are configured to use SSO
- In other words, when users launch Controller they are not prompted to logon to Controller (instead, they are automatically logged on using their Active Directory username/password)
- Cognos Analytics SSO is configured to have the 'SSO Login' method enabled:
More Information
The problem is caused by the CA logout redirecting back to the welcome page (instead of a logout page).
- This causes a new CAM passport to be generated (and received by the Excel Add-in).
Environment
This behaviour has been seen with:
- Controller 10.3.1
- Controller 10.4.0 / Cognos Analytics 11.0.12
Resolving The Problem
Instant Fix:
1. Click "File - Exit" (to close Excel)
2. Re-launch Excel
3. Retry.
Long-term Fix:
Reconfigure the Cognos Analytics 'logoff.xts' file.
Steps:
1. Logon to the Cognos Analytics server
- TIP: For many 'smaller' customers, the CA server will probably be the same server as the 'main' Controller application server.
2. Browse to the following folder: .../templates/ps/portal/
- TIP: By default, this is located here: C:\Program Files\ibm\cognos\analytics\templates\ps\portal
3. As a precaution, create a backup copy of the following file: logoff.xts
4. Edit the following file (for example in Notepad): logoff.xts
5. Locate the following section:
<xos: entityBody>
<html>
<head>
<meta http-equiv="refresh" content="0; URL={$loggoffURL}"/>
<title> Logout Redirect </title>
6. Comment the line shown in bold (above)
- In other words, modify the line so that it looks similar to:
<!--<meta http-equiv="refresh" content="0; URL={$loggoffURL}"/>-->
7. Stop the CA service.
- TIP: By default, this means stopping the Windows service: IBM Cognos
8. Browse to the following folder: .../webapps/p2pd/WEB-INF/lib/
- TIP: By default, this is located here: C:\Program Files\ibm\cognos\analytics\webapps\p2pd\WEB-INF\lib
9. Rename the following file: portal.jar
- For example, rename it to: portal.jar.backup
10. Start the CA service (by default, called: IBM Cognos)
============================================================
Workaround:
Reconfigure Cognos Analytics (CA) to use the 'Legacy SSO' method (instead of 'SSO Login' method).
- NOTE: This will stop SSO working (for Cognos Analytics) when accessed through IE and a gateway.
Steps:
1. Logon to the relevant CA server
2. Launch "Internet Information Services (IIS) Manager"
3. Expand "Default Web Site" - <site name hosting your CA SSO website>" (for example "ibmcognossso")
4. Select subfolder: bi
5. On the right-hand page, double-click on: URL Rewrite
6. Highlight the row 'SSO Login'
7. Click "Disable Rule"
- It should now look 'greyed out', similar to:
8. Test.
Related Information
Document Location
Worldwide
[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SS9S6B","label":"IBM Cognos Controller"},"Component":"","Platform":[{"code":"PF033","label":"Windows"}],"Version":"10.3.1, 10.4.0","Edition":"","Line of Business":{"code":"LOB10","label":"Data and AI"}}]
Was this topic helpful?
Document Information
Modified date:
12 June 2019
UID
ibm10884136