SSO to Cognos Analytics give windows login dialog

Product:
Cognos Analytics 11.1.3
Microsoft Windows 2016 server
Problem:
Login dialog when user try to access CA11 website http://caservername.domain.com/ibmcognos

Solution:
Check that the server name is in local intranet sites or trusted sites in internet options.

At most company’s this is controlled by group policy in the network, ask the IT department to add the CA server name and DNS alias to the local intranet site.

The new Edge that use chromium, will only allow SSO for servers in Local Intranet zone. But Internet Explorer on the same computer will allow SSO for servers both in Local Intranet Zone and Trusted Zone.

In Windows only, if the AuthServerWhitelist setting is not specified, the permitted list consists of those servers allowed by the Windows Zones Security Manager (queried for URLACTION_CREDENTIALS_USE). By default, this includes servers in the Local Machine or Local Intranet security zones. For example, when the host in the URL includes a “.” character, by default it is outside the Local Intranet security zone). This behavior matches Internet Explorer and other Windows components.

https://www.chromium.org/developers/design-documents/http-authentication

You have to search the internet to find where you can set the Edge Zone security in the local windows.

https://specopssoft.com/blog/configuring-chrome-and-firefox-for-windows-integrated-authentication/

There is also granular settings in Custom level there you should uncheck “automatic logon only in intranet zone”.

Then you can have the cognos analytics site in Trusted tab instead.

Steps for Adding Trusted Sites in old Browser

clipboard_e8a7609ba67df6fed071fd60091e07355.pngGoogle Chrome > Adding Trusted Sites

  1. Click the Chrome Menu icon on the far right of the Address bar.
  2. Click on Settings, scroll to the bottom and click the Show Advanced Settings link.
  3. Click on Change proxy settings (under Network)
  4. Click the Security tab > Trusted Sites icon, then click Sites.
  5. Enter the URL of your Trusted Site, then click Add.
  6. Click Close > OK.

clipboard_ea8e5cecec1e5dca38441c9c37134257b.pngMozilla Firefox > Adding Trusted Sites

  1. Click the menu icon in the upper right-hand corner of the browser.
  2. Click Options.
  3. Click Privacy and Security.
  4. Scroll down to the “Permissions” section, and click on Exceptions to the right of “Warn you when websites try to install add-ons.”
  5. Type the trusted sites into the “Address of website” field.
  6. Click Allow.
  7. Click Save Changes.

clipboard_eec6508771be7e2766cbef130f1739002.png Safari > Adding Trusted Sites

  1. At the top of the screen, click Bookmarks.
  2. Click “Add Bookmark…”
  3. Click “Top Sites” from the dropdown menu.
  4. Click Add.

clipboard_eaed7201dc9178b78099be4d2fd603773.png Internet Explorer 9, 10 and 11 > Adding Trusted Sites

  1. Click Tools, click Internet Options, and then click the Security tab.
  2. In the Select a Web content zone to specify its current security settings box, click Trusted Sites, and then click Sites.
  3. If you want to add sites that do not require an encrypted channel, click to clear the Require server verification (https:) for all sites in this zone check box.
  4. In the  Add this Web site to the zone box, type the URL of a site that you trust, and then click Add.
  5. Repeat these steps for each site that you want to add to the zone.
  6. Click OK two times to accept the changes and return to Internet Explorer.

clipboard_e7cae9f0eed9e3179b0a0bb00194c503c.pngMicrosoft Edge > Adding Trusted Sites

  1. Search in the Start Menu for the Control Panel.
  2. Click or double-click the Internet Options icon.
  3. In the Internet Properties window, click the Security tab.
  4. Select the Trusted sites entry and click the Sites button.
  5. Enter the address for the trusted website in the Add this website to the zone text field.
  6. Click the Add button, then click OK to save the website addition.

More information:

https://support.edmentum.com/4_General_and_Technical_Solutions/How_to_clear_browser_cookies%2C_history%2C_temporary_files_and_clear_proxy_cache/Page_Title/Disabling_the_Pop-Up_Blockers_by_Browser/Adding_Trusted_Sites_by_Browser

Security Zones in Edge

https://docs.centrify.com/Content/CoreServices/Authenticate/SilentAuthEdge.htm

https://www.chromium.org/administrators/policy-list-3