Focal Point Banner
Community Center Education Summit Technical Support User Groups
Let's Get Social!

Facebook Twitter LinkedIn YouTube
Focal Point    Focal Point Forums  Hop To Forum Categories  WebFOCUS/FOCUS Forum on Focal Point     [CLOSED] Alternate security zone for developer studio
Go
New
Search
Notify
Tools
Reply
  
[CLOSED] Alternate security zone for developer studio
 Login/Join
 
Member
posted
Hi
We have a rather complicated preauthentication setup that Developer Studio doesn't support.
Is it possible to configure a seperate security zone to be used in Developer Studio and to get access without preauth?
I have tried a lot of things but mostly Developer Studio just gives me empty "Ok" boxes when trying to authenticate against the alternate zone.
The alternate zones web UI is accessible from server:8080/ibi_apps/zone/signin and authentication works.
What should the Web Component parameters be for accessing this alternative zone in Dev Studio? Maybe a custom authentication type for Developer Studio is neccessary?
Second question would be if it is possible to add more than 1 security zone? I think the mobile and portlet zones are not fit for normal use.

Thank you in advance!

Webfocus and Developer Studio 8005 on Centos 6.4

This message has been edited. Last edited by: <Kathryn Henning>,
 
Posts: 16 | Registered: April 07, 2011Reply With QuoteReport This Post
Gold member
posted Hide Post
Hi Precipice,
I suggest you open case in Techsupport. I have used preauth + alternative security zone for Developer Studio, but for filtering we had IP-addresses (only developer computers).
Maybe this is option for you.

Regards,


Release: WebFOCUS 8104, AppStudio: 8105
OS: Windows
Output: HTML,Excel,Active Reports
 
Posts: 89 | Registered: November 19, 2013Reply With QuoteReport This Post
Member
posted Hide Post
Hi again.
Filtered IP-s are OK and I know how to set them up. So what parameters did you use to connect to this alternative zone?
Host name as servername/ibi_apps/zone and then just normal authentication ?
Ill have to check yet if this isn't the fault of our technical setup, before submitting a case. In this setup tomcat is used behind apache (mod_jk).

Greetings


Wf 8005 Centos 6.4
 
Posts: 16 | Registered: April 07, 2011Reply With QuoteReport This Post
Guru
posted Hide Post
You are using Apache to redirect for pre-auth? If so, as long as your local machine where Developer is, the IP is listed in the securitysetting-zone.xml, you should be able to go directly against Tomcat.

We do the same thing with Apache and Weblogic using SiteMinder. I have alternate zones setup to do config changes on each side of the cluster.


WebFOCUS 8.1.05
 
Posts: 496 | Registered: January 04, 2008Reply With QuoteReport This Post
Gold member
posted Hide Post
Hi Precipice,
Yes as MattC pointed out. You should be OK with just IP-s listed in the securitysettings-zone.xml. After that all Developer should be directed to "formAuthEnabled" or what ever secondary authentication method you have.
Regards,


Release: WebFOCUS 8104, AppStudio: 8105
OS: Windows
Output: HTML,Excel,Active Reports
 
Posts: 89 | Registered: November 19, 2013Reply With QuoteReport This Post
Member
posted Hide Post
Ok, good to hear that it should work.
Thinking now, forget about apache... tomcat on 8080 is directly accessed.
So Developer Studio should use the alternative zone automatically when my IP is in the filterChainIPAddresses list and I dont have to use any different hostname, html alias or client path?

I can login like this when I have "anonymousAuthEnabled" value="true" and only the public folder is visible. But when anonymousAuth is false I get asked 2 times for credentials and then:
Error -2147220983 - Unable to connect to the WebFOCUS environment.
Also I cannot login though browser /ibi_apps, when my IP is in zone list. The signin page just reloads every time I enter credentials. Audit log says "admin signIn SUCCESS" tho.

Greetings


Wf 8005 Centos 6.4
 
Posts: 16 | Registered: April 07, 2011Reply With QuoteReport This Post
Gold member
posted Hide Post
Hi Precipice,
Yes thats correct you do not need any different hostname/html alias etc. Well "anonymouseAuthEnable" should be false as you dont want anonymouse users into the system.
So I did test in our Test enviorment (although its 8006 not 8005).
Primary authentication: OpenID - throguh Google.com
Secondary authentication: FormBased. Only thing I did in the securitysettings-zone is added my IP - and set following to true/false
  
<property name="filterChainEnabled" value="true"/>
		<property name="filterChainPatternEnabled" value="false"/><property name="filterChainIPAddresseEnabled" value="true"/>	


Hope this helps.

Regards,


Release: WebFOCUS 8104, AppStudio: 8105
OS: Windows
Output: HTML,Excel,Active Reports
 
Posts: 89 | Registered: November 19, 2013Reply With QuoteReport This Post
Member
posted Hide Post
Hi again
So I wanted to see where this problem originates from and made a new install.
All deafult settings WF Client 8006 - Webfocus, tomcat, derby, default ports. And I cant login in Developer Studio after configuring only securitysettings-zone.xml and adding my IP. "Unable to logon"
<property name="filterChainEnabled" value="true"/>
		<property name="filterChainPatternEnabled" value="true"/>
		<property name="filterChainPatterns">
			<list>
				<value>/**</value>
			</list>
		</property>
		<property name="filterChainIPAddresseEnabled" value="true"/>		
		<property name="filterChainIPAddresses">
			<list>
				<value>192.168.11.26</value>
				<value>127.0.0.1</value>
				<value>::1</value> 


Wf 8005 Centos 6.4
 
Posts: 16 | Registered: April 07, 2011Reply With QuoteReport This Post
Gold member
posted Hide Post
Hi Precipice,
Try turning
filterChainPatternEnable to "false" so it will only filter using IP addresses.

Regards,


Release: WebFOCUS 8104, AppStudio: 8105
OS: Windows
Output: HTML,Excel,Active Reports
 
Posts: 89 | Registered: November 19, 2013Reply With QuoteReport This Post
  Powered by Social Strata  
 

Focal Point    Focal Point Forums  Hop To Forum Categories  WebFOCUS/FOCUS Forum on Focal Point     [CLOSED] Alternate security zone for developer studio

Copyright © 1996-2018 Information Builders, leaders in enterprise business intelligence.