Setting up SSO with CAM and Canvas

This document will guide you to configure Single Sign On with CAM Security. Before proceeding, ensure that the user is able to go to http://<host>:<port>/ibmcognos using his/her PC, without being prompt for a username and password. Note also this only works with Internet Explorer and Chrome due to security configuration.

In order to configure SSO with CAM in Canvas, please follow these steps:

1. Cognos BI

Update variables_TM1.xml to add the url of your Canvas application. For example, if you have a Canvas application (folder name in CWAS/webapps folder) named "finance-canvas", and you are still using the default port of "8080" for Canvas, then the URL entry will look like:


Copy the js and the html file inside ../webapps/<canvas app>/assets/sso and place them into the WebContent folder of your Cognos BI installation.

Open up xdomain.canvas.html file and add your Canvas origin and port. By default, you will see below:

<script src="xdomain.canvas.js"></script>
      "http://localhost:8080": "/*"

If you will access your Canvas application through an FQDN named SERVER-PROD for example, and on port 9555, add the following entry:

<script src="xdomain.canvas.js"></script>
      "http://localhost:8080": "/*",
      "http://SERVER-PROD:9555": "/*"


Update instances.json file and add the following last 3 properties:

        "chartColorScheme":["#FB6900", "#F63700", "#004853", "#007E80", "#00B9BD"]      

Lastly, open up the WEB-INF/pages/header.script.init.ftl file and update the following section accordingly:

// For SSO Configuration
ssoSlaves = {
  "http://localhost": "/ibmcognos/xdomain.canvas.html"

The format of the above is <origin>:<path to the xdomain.canvas.html> file. Note that the <origin> should be the same as the origin you have configured on your clientCAMURI property. This will be: http://localhost/ibmcognos/cgi-bin/cognos.cgi.

Save and Restart your Canvas application via Cubewise Application Server.