Is This Content Helpful?
We're glad to know this article was helpful.
In deployments where the web adaptor for Portal for ArcGIS and the IBM Cognos Gateway are not on the same domain, cross-origin (cross-domain) requests must be made from Esri Maps for IBM Cognos to Portal for ArcGIS. Because the default security settings in Internet Explorer do not allow cross-origin requests, the Esri Maps for IBM Cognos internal proxy (em4c.cgi) is configured to perform these requests when Internet Explorer is used.
This default configuration does not work when Portal for ArcGIS is configured with Integrated Windows Authentication (IWA) or Public Key Infrastructure (PKI). In the case of IWA, this is because the browser must use IWA to pass credentials. In the case of PKI, the browser must use PKI to validate the web server certificate against the certificate authority root certificate. To authenticate with PKI or IWA on Portal for ArcGIS using Internet Explorer, override the internal proxy and configure Internet Explorer to allow cross-origin requests.
This solution involves overriding the internal proxy using the neverUseProxy setting in settings.js and configuring Internet Explorer to allow cross-origin requests. Internet Explorer provides a series of security zones that allow specification of security options for different types of web content. A zone consists of a collection of web sites that are assigned the same level of trust. Each zone contains various security settings. The Access data sources across domains security option specifies whether components that access data are allowed to do so if that data is served from a different domain. Access to data sources across domains can be enabled for the Local Intranet zone. Before beginning, have the following information ready.
Note: This setting must be added to each settings.js file on each EM4C Gateway in your environment. The settings must be identical on all gateways.
Note: All URLs must be defined and accessed using the HTTPS protocol because SSL is required for IWA/PKI. All URLs must be defined and accessed using the server's fully qualified domain name.
Note: Network administrators must modify group policies to apply the above settings across the organization. If problems occur while implementing this solution, another option is to host the Portal for ArcGIS web adaptor on the same server as the EM4C Gateway. For this solution, configure the Portal for ArcGIS web adaptor and the EM4C Gateway to be served from the same origin so cross-origin requests are not required. This means they must be on the same host, domain, and port, and use the same protocol.