IBM Support



You can track all active APARs for this component.


APAR status

  • Closed as fixed if next.

Error description

  • There is a section on URL Security in the Cognos Software
    Development Kit Developer Guide as follows:??URL
    Security?Because URL commands can bypass IBM Cognos access
    controls, we recommend?that you fully discuss security issues
    with your administrator before implementing?them.?For more
    information about access permissions, see the Administration and
    Security?Guide.??Browser Cookie Support?If a user logs on before
    issuing a URL request, the browser cookie already contains?their
    IBM Cognos Access Manager passport ID. The dispatcher
    automatically?extracts this ID and appends it to the bibus ?
    biBusHeader class before forwarding?the request to the target
    service provider for processing.??Anonymous Logon Support?If a
    user attempts to log on and no authorized passport ID is
    detected in their?browser cookie, the Web gateway or dispatcher
    can enable anonymous logon for?this request. Before the service
    request is forwarded, an anonymous ID is?appended to the bibus ?
    biBusHeader class. Anonymous logon only occurs if a?bibus ? CAM
    passport is not found in the browser cookie and if IBM Cognos
    is?configured to support this option.??Multiple Logon
    Alternative?You can disable both cookie ID detection and
    anonymous logon. However, if you?do, your users must log on
    manually every time they use a URL to perform a task.?One way to
    avoid the need for multiple logons is to specify a PASS form
    variable?immediately after the last form variable in the URL.
    This appends a passport ID?onto the bibus ? biBusHeader class
    and forwards it, along with the URL request, to?the target
    service provider. This PASS variable takes precedence over any
    other?passport ID in the user's cookie list. However, we do not
    recommend this?technique for use in HTTP environments, because
    it exposes unencrypted?passwords to anyone reading the
    URL.?Tips: To ensure that system security is not compromised, we
    recommend that you?only use the PASS method if Secure Socket
    Layer (SSL) HTTPS transport is?implemented. If you must use the
    PASS method in an HTTP environment, enable it?only for users
    having the highest security clearance, and set up timeouts that
    force?these users to log off promptly. Otherwise, URL recipients
    can use their?unencrypted passport IDs to log on remotely and
    perform unauthorized tasks on?the sender's computer.???How does
    one disable cookie ID detection so as to allow logon but to
    require a user to log on manually every time they use a URL to
    perform a task when anonymous logon has also been disabled??

Local fix

Problem summary

  • ****************************************************************
    * USERS AFFECTED:                                              *
    * All Users                                                    *
    * PROBLEM DESCRIPTION:                                         *
    * See error description.                                       *
    * RECOMMENDATION:                                              *
    * Upgrade to IBM Cognos Business Intelligence 10.2 Refresh     *
    * Pack 1                                                       *

Problem conclusion

Temporary fix


APAR Information

  • APAR number


  • Reported component name


  • Reported component ID


  • Reported release


  • Status


  • PE




  • Special Attention


  • Submitted date


  • Closed date


  • Last modified date


  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

Applicable component levels

  • RA21 PSN


[{"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSCHNWX","label":"Software Development Kit (SDK) v11x"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"A11","Edition":"","Line of Business":{"code":"","label":""}}]

Document Information

Modified date:
11 June 2013