Focal Point Banner


As of December 1, 2020, Focal Point is retired and repurposed as a reference repository. We value the wealth of knowledge that's been shared here over the years. You'll continue to have access to this treasure trove of knowledge, for search purposes only.

Join the TIBCO Community
TIBCO Community is a collaborative space for users to share knowledge and support one another in making the best use of TIBCO products and services. There are several TIBCO WebFOCUS resources in the community.

  • From the Home page, select Predict: WebFOCUS to view articles, questions, and trending articles.
  • Select Products from the top navigation bar, scroll, and then select the TIBCO WebFOCUS product page to view product overview, articles, and discussions.
  • Request access to the private WebFOCUS User Group (login required) to network with fellow members.

Former myibi community members should have received an email on 8/3/22 to activate their user accounts to join the community. Check your Spam folder for the email. Please get in touch with us at community@tibco.com for further assistance. Reference the community FAQ to learn more about the community.


Focal Point    Focal Point Forums  Hop To Forum Categories  WebFOCUS/FOCUS Forum on Focal Point     [CLOSED] Auto Add Users to Groups in SSO

Read-Only Read-Only Topic
Go
Search
Notify
Tools
[CLOSED] Auto Add Users to Groups in SSO
 Login/Join
 
Platinum Member
posted
Hi All,

We are trying to configure Single Sign On using OpenID option under the security section in the WebFOCUS Client Administration (we are using WebFOCUS 8203). The authentication is working fine and able to login to the WebFOCUS client using the userid/password created in the OpenID server. But, by default everyuser is able to see only the Public folder upon initial login. How to auto add the users Groups?

Earlier in another project I have implemented External security which I have configured in the Reporting Server with external DB and in this case I was able to see the map the external groups with the WebFOCUS groups. But, currently for SSO using OpenID I did not make any changes to the Reporting server side. Do I have to setup an adapter connection in the WebFOCUS Reporting server to the database using by OpenID server in order to get the groups and map them in the security center on the client side?

Please share any ideas.

Thanks,
Subbu.

This message has been edited. Last edited by: FP Mod Chuck,


WebFOCUS - ver8201
[ReportingServers: Windows 64bit;
Client: tomcat and IIS on windows 2012
AppStudio

 
Posts: 104 | Location: Indianapolis | Registered: November 08, 2007Report This Post
Virtuoso
posted Hide Post
Subbu

I found this case on techsupport that says OpenID is no longer supported in version 8.2 due to security vulnerabilities.

https://techsupport.informatio...track/180419008.html

You can reach out to them to find out more.


Thank you for using Focal Point!

Chuck Wolff - Focal Point Moderator
WebFOCUS 7x and 8x, Windows, Linux All output Formats
 
Posts: 2127 | Location: Customer Support | Registered: April 12, 2005Report This Post
Gold member
posted Hide Post
Hi Subbu

It never hurts to double check by opening a case with techsupport regarding the use of OpenID.
I see it still clearly documented in the 8203 security manual for Authentication but I didn't see anything about Authorization.

Sounds like your question is based a lot around that Authorization part.

You didn't say where your external group membership list is stored. Is it in a SQL based table someplace? or is it maybe in LDAP?

If it's in LDAP, I think you'd be better off (and actually it may be required) that you use the LDAP/AD for authentication too. So you'd quit using OpenID in that case.

But- if you're groups are in a SQL based table, you can read up on making a Custom SQL provider (via 'tutorials' on the WF Reporting server). you can read about how to set up a Custom SQL provider by getting out the 8203 WF Server Administration manual around page 60. You could set up a secondary provider there and test to see that you can log on and retrieve a list of groups from that custom provider that you will build.

If your groups are coming back on the WFRS (thats the reporting server), then I bet you can get the client to ask the WFRS for that list by way of a service account. External Authorization is described in the WebFOCUS security manual for 8203 starting around page 243 in the PDF. Look for "understanding External Authorization".

Somewhere in here, you'll also find the rules for AUTOADD that says to only AUTOADD if a user is a member of a MAPPED group.

So - in summary, if you have your groups in a SQL table, make a custom provider by using the WFRS admin console first just to make sure you can hit it. Then if you can, configure the client to use the list.

There's a setting that you can turn on tracing for in log4j.xml (com.ibilog) so you can see more info about how the logon is working (Page 248 in the security manual for 8203). I find that useful to enable whenever I'm experimenting with external providers.

I'll try to check back in on you. If you get stuck, just open a case with all your release info and describe where you Authentication / Authorization should come from.

If it's too tricky, IBI professional services might be able to write a custom servlet for you to help with this stuff. Feel free to reach out to your local IBI branch to talk over the issue too.

Later!
Toby Mills, CISSP
 
Posts: 62 | Registered: October 31, 2006Report This Post
Platinum Member
posted Hide Post
Hi Toby

Thanks for the details. Yes, I did go through the IBI documents and security manuals and I am on same page with you to create a custom provider for authorization alone as they have the userinfo in Postgresql and there is no LDAP setup they use a openid setup for their existing application.

Thanks,
Rao.


WebFOCUS - ver8201
[ReportingServers: Windows 64bit;
Client: tomcat and IIS on windows 2012
AppStudio

 
Posts: 104 | Location: Indianapolis | Registered: November 08, 2007Report This Post
  Powered by Social Strata  

Read-Only Read-Only Topic

Focal Point    Focal Point Forums  Hop To Forum Categories  WebFOCUS/FOCUS Forum on Focal Point     [CLOSED] Auto Add Users to Groups in SSO

Copyright © 1996-2020 Information Builders