Tm1py: SSO connection problem - Failed to authenticate through CAM. HTTP response does not contain 'cam_passport' cookie

Created on 15 Apr 2020  Â·  13Comments  Â·  Source: cubewise-code/tm1py

Hello all,

I have a problem about SSO in TM1Py.

I read all the problems that are mentioned in this github page, and even edit RestService.py as a guy made it work with chrome server and selenium. But it does not work again.

I took this error when I run check.py
"Failed to authenticate through CAM. HTTP response does not contain 'cam_passport' cookie"

I want to show my tm1s.cfg, tm1py config.ini, etc to want your help about any mistake in these configuration.
tm1s_cfg.txt

config_ini.txt

I tried SSO in my local environment. I took these errors also so I do not think it is about demo environment, but it is about my configuration.

I also tried UseSSL = F but nothing changes again.

Running another cube_get.py with attached configuration gives this error:

Traceback (most recent call last):
File "c:/Users/Administrator/Desktop/tm1py-samples-master/Metadata/cube_get.py", line 11, in
with TM1Service(**config['tm1srv01']) as tm1:
File "C:\Users\Administrator\AppData\Local\Programs\Python\Python37\lib\configparser.py", line 958, in __getitem__
raise KeyError(key)
KeyError: 'tm1srv01'

I am using Python 3.7 and Tm1Py 1.4.1

Appreciate your work and help.

question

All 13 comments

Hi,

The config_ini.txt file looks good. so, the error log you pasted should not come up for cube_get.py
I would check the below line in your code. Seeing the error log, I believe the code is trying to fetch the config file from some other location.

configur.read(<your config file path>)

For the SSO authentication:

Are you able to use SSO authentication via Architect or Perspectives (are you able to login without passing username and password)?
If not -> Check with your TM1 administrator to understand if the server has Cognos SSO enabled.

Hi Vinoth,
Thanks for your reply, I solved the config.ini problem by giving absolute path rather than relative path.

But SSO problem still exists , as you said I tried SSO via Architect.
When I firstly logon to my server with username and password, I am not able to login without username and password in Architect and Perspectives. I guess this indicates a problem about SSO.

How can I solve this, I tried to solve by changing tm1p.ini file I cannot. I am attaching last version of tm1p.ini file.
tm1p_ini.txt

Note: SSO between Cognos TM1Web and Cognos BI seems to work because when I logon to TM1Web, I can log on to Cognos BI without username and password.

As another side note, I am trying SSO in IBM Blue Demos environment. Maybe the issue is about a configuration in IBM blue demos server.

If you are able to login to TM1Web without passing your credentials, then that proves SSO is ON.

From your comment, I could see that you are trying to use the Architect inside your server.
If that is the case, enable windows SSO in your server and then try to connect using Architect or Perspectives.

_Internet Properties -> Security -> Custom Level -> Automatic logon with current username and password_ (you will find this at the end)

I also believe that you are calling the cube_get.py inside your server. So, enabling windows SSO in your server will resolve the issue.

Thanks Vinoth for your reply, but unfortunately
"Internet Properties -> Security -> Custom Level -> Automatic logon with current username and password " do not resolve this issue. When I first login to Architect with username and password, 2nd Architect session still ask for username and password.

It is apparent that this is about SSO problem in Architect/Perspectives.
Is there any other ideas to solve this problem?

Follow the below approaches:

  1. Inside the server mark your domain under trusted sites.
  2. Try executing the cube_get.py in your local machine where you can log into TM1WEB (without passing your credentials).

Firstly, I added http://ibmdemos and https://ibmdemos to trusted sites but unfortunately there is no change.
About the second, I am using IBM Blue Demos server to use both Architect and TM1Web, there is no client machine for TM1Web.

So you used both TM1Web and Architect inside the same machine?
If yes, then try reaching out to IBM support. The machine's configuration could be causing the issue.

I am able to work SSO in Architect with changing Authentication ->Allow session information to be shared between client applications to "True" in Cognos Analytics Configuration. But, this does not solve the issue of "Failed to authenticate through CAM. HTTP response does not contain 'cam_passport' cookie". So, I think that it is not about SSO in enabled or not.

Any other help or hint about this issue would greatly appreciated.

Have you tried putting the gateway URL directly in a browser on the server you are working on? If it prompts you for a UN/PW then SSO is not working.

Thanks,

Ryan Clapp

From: MaaYuu notifications@github.com
Sent: Friday, April 17, 2020 12:01 PM
To: cubewise-code/tm1py tm1py@noreply.github.com
Cc: Subscribed subscribed@noreply.github.com
Subject: Re: [cubewise-code/tm1py] SSO connection problem - Failed to authenticate through CAM. HTTP response does not contain 'cam_passport' cookie (#222)

I am able to work SSO in Architect with changing Authentication ->Allow session information to be shared between client applications to "True" in Cognos Analytics Configuration. But, this does not solve the issue of "Failed to authenticate through CAM. HTTP response does not contain 'cam_passport' cookie". So, I think that it is not about SSO in enabled or not.

Any other help or hint about this issue would greatly appreciated.

—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHubhttps://github.com/cubewise-code/tm1py/issues/222#issuecomment-615411816, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AEK7GZUBXJ6YDTUVMJEOK2TRNCRQNANCNFSM4MI2R35A.

Hello Ryan,
Now I tried putting the gateway URL directly in a browser.
If I firstly login to CA BI (ibmdemos:9300/bi) with UN/PW, and then gateway(http://ibmdemos:9300/bi/v1/disp), it does not prompt for a UN/PW.
But when I try putting gateway without firstly login to CA BI, it prompts for a UN/PW.
Is this still indicate SSO problem, if so can you suggest any solution?

Regards.

Yes that means SSO is not set up properly. When you login initially you carry the cookie with you so it looks like you have SSO.

It has been a very long time since I worked with the IBM Demos environment. I would go to internal support since this is not a python issue it is a cognos configuration issue

Thanks,

Ryan Clapp

From: MaaYuu notifications@github.com
Sent: Friday, April 17, 2020 12:50 PM
To: cubewise-code/tm1py tm1py@noreply.github.com
Cc: Clapp, Ryan rdclapp@amazon.com; Comment comment@noreply.github.com
Subject: Re: [cubewise-code/tm1py] SSO connection problem - Failed to authenticate through CAM. HTTP response does not contain 'cam_passport' cookie (#222)

Hello Ryan,
Now I tried putting the gateway URL directly in a browser.
If I firstly login to CA BI (ibmdemos:9300/bi) with UN/PW, and then gateway(http://ibmdemos:9300/bi/v1/disp), it does not prompt for a UN/PW.
But when I try putting gateway without firstly login to CA BI, it prompts for a UN/PW.
Is this still indicate SSO problem, if so can you suggest any solution?

Regards.

—
You are receiving this because you commented.
Reply to this email directly, view it on GitHubhttps://github.com/cubewise-code/tm1py/issues/222#issuecomment-615434304, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AEK7GZQ43SUHGJINRTWL5I3RNCXHTANCNFSM4MI2R35A.

Hello,
When I changed Security -> Authentication -> Cognos -> Allow Anonymous Access? to True.
I will be able to use SSO feature of Tm1Py.
Is there any other drawbacks of setting Allow Anonymous access to True.

Regards

That would be a question better suited for Cognos support. Tm1 has no concept of anonymous access.

Sent from my mobile device

On Apr 27, 2020 5:10 PM, MaaYuu notifications@github.com wrote:

Hello,
When I changed Security -> Authentication -> Cognos -> Allow Anonymous Access? to True.
I will be able to use SSO feature of Tm1Py.
Is there any other drawbacks of setting Allow Anonymous access to True.

Regards

-
You are receiving this because you commented.
Reply to this email directly, view it on GitHubhttps://github.com/cubewise-code/tm1py/issues/222#issuecomment-620300563, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AEK7GZTLXQIRFYAPDCEYNMLROYNFDANCNFSM4MI2R35A.

Was this page helpful?
0 / 5 - 0 ratings

Related issues

yyzz1010 picture yyzz1010  Â·  3Comments

scrambldchannel picture scrambldchannel  Â·  6Comments

hermie64 picture hermie64  Â·  3Comments

cubewise-gng picture cubewise-gng  Â·  3Comments

hermie64 picture hermie64  Â·  3Comments