Disable the Transfer of the IBM Cognos Passport ID as a URL Parameter

To ensure a higher degree of security, you can disable the mechanism that transfers the IBM® Cognos® passport ID as a URL parameter between users' browsers and the IBM Cognos gateway. You can do this only when single signon is implemented between the users' browsers and IBM Cognos Business Intelligence, and, if applicable, IBM Cognos Series 7, independently of Portal Services.

By default, Portal Services re-creates the active credential cookie in the user's browser by passing the passport ID as a URL parameter. If single signon is not implemented, then when portal users interact with Cognos portlets, they are authenticated both in the portal and in IBM Cognos BI. The portal, not the user's browser, maintains the active credential token generated by IBM Cognos BI. In some situations, for example when you want to see a report in a Cognos portlet, a direct connection between the user's browser and the IBM Cognos gateway must be established. This may become a security risk because a valid IBM Cognos passport ID appears in some log files. The same applies when IBM Cognos BI is integrated with IBM Cognos Series 7 and the active credential is passed as a URL parameter.

Procedure

  1. In IBM Cognos Connection, in the upper-right corner, click Launch, IBM Cognos Administration.
  2. On the Configuration tab, click Dispatchers and Services.
  3. Click the dispatcher you want.
  4. For the PresentationService, in the Actions column, click the set properties button.
  5. Click the Settings tab.
  6. For the Environment category, next to Advanced settings, click the Edit link.
  7. Select the Override the settings acquired from the parent entry check box.
  8. In the Parameter column, type the parameter names:
    • CPSPropagatePassport

      This parameter controls the transfer of the IBM Cognos passport ID as a URL parameter. When set to 0, it stops the transfer.

    • CPSPropagateTicket

      Controls the transfer of the IBM Cognos Series 7 ticket ID as a URL parameter. When set to 0, it stops the transfer.

    The parameters are case sensitive.

  9. In the Value column, type 0 for each parameter.
  10. Click OK.
  11. Click OK again.
  12. Click the Configuration link next to the path at the top of the page.

    You return to the list of dispatchers.

  13. If you have more than one dispatcher configured, perform steps 3 to 12 for each remaining dispatcher.
Parent topic: Deploying Cognos Portlets to Other Portals