tm1py icon indicating copy to clipboard operation
tm1py copied to clipboard
verified publisher icon cubewise-code

SSO with Allow Anonymous False

Open RobbyMeyers opened this issue 2 years ago • 3 comments

I just wanted to check back in on the possibility of using SSO when having "Allow Anonymous" set to false. I confirmed that changing this to true would allow TM1py to authenticate however it allows users to end up logged into the system as anonymous which is not what we want.

Issue #509 was the original but it was closed.

RobbyMeyers avatar Sep 21 '23 21:09 RobbyMeyers

I can confirm that "Allow Anonymous" is not a desirable solution. Unsuccessful CAM SSO has been raised a few times in the past. Let's keep this issue open until we find a reliable solution to this edge case.

MariusWirtz avatar Oct 11 '23 21:10 MariusWirtz

It's interesting that when you open ClientCamUri in the browser, it authenticates fine, and you get the browser cookie that you need to authenticate with TM1.

I wonder if you could use a package like browsercookie to open the gateway uri in the browser from Python and grab the cam_passport. Once you have the cam_passport, you can iniate TM1Service like this:

with TM1Service(address=address, port=port, ssl=ssl, cam_passport=passport) as tm1:
    print(tm1.server.get_server_name())

MariusWirtz avatar Oct 11 '23 21:10 MariusWirtz

Any update on this issue, or know of a workaround? I am experiencing the same problem.

The check.py throws 'HTTP response does not contain 'cam_passport' cookie' error, but If I set the Anonymous login is set to 'True' in CA, then I am able to connect.

Unfortunately, setting the Anonymous login property to 'True' will not for us.

NinjaKullan avatar Feb 02 '24 13:02 NinjaKullan