IBM Support

Kerberos based Single Sign-On fails for some but not all users

Troubleshooting


Problem

Kerberos based SSO to IBM Cognos BI deployed to Apache Tomcat via an IIS deployed Gateway reproducingly fails for some, but not all users. The same was working for older versions of IBM Cognos BI (8.4.x) in the same environment. The issue can occur due to a change in the Tomcat server configuration introduced as of IBM Cognos BI 10.x. The same is potentially applicable to IBM Cognos BI deployed to other Application Servers as well.

Symptom

Kerberos based SSO to IBM Cognos BI deployed to Apache Tomcat via an IIS deployed Gateway reproducingly fails for some, but not all users.

The affected users get "HTTP 400 Bad Request" error in Browser
or even
"The IBM Cognos gateway is unable to connect to the IBM Cognos BI server. The server may be unavailable or the gateway may not be correctly configured."

  • Without SSO the affected users can authenticate without issue.
  • The SSO was working for older versions of IBM Cognos BI ( 8.4.x ) in the very same environment.
  • The affected users are members of many groups/roles in the AD.

[{"Product":{"code":"SSEP7J","label":"Cognos Business Intelligence"},"Business Unit":{"code":"BU048","label":"IBM Software"},"Component":"Install and Config","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"}],"Version":"10.2.1;10.2;10.1.1;10.1","Edition":"All Editions","Line of Business":{"code":"LOB76","label":"Data Platform"}},{"Product":{"code":"SS6G84","label":"IBM Cognos Analytics on Cloud"},"Business Unit":{"code":"BU048","label":"IBM Software"},"Component":" ","Platform":[{"code":"","label":""}],"Version":"","Edition":"","Line of Business":{"code":"LOB76","label":"Data Platform"}}]

Log InLog in to view more of this document

This document has the abstract of a technical article that is available to authorized users once you have logged on. Please use Log in button above to access the full document. After log in, if you do not have the right authorization for this document, there will be instructions on what to do next.

Document Information

Modified date:
08 May 2025

UID

swg21516226

Page Feedback