As of December 1, 2020, Focal Point is retired and repurposed as a reference repository. We value the wealth of knowledge that's been shared here over the years. You'll continue to have access to this treasure trove of knowledge, for search purposes only.
New TIBCO Community Coming Soon
In early summer, TIBCO plans to launch a new community—with a new user experience, enhanced search, and expanded capabilities for member engagement with answers and discussions! In advance of that, the current myibi community will be retired on April 30. We will continue to provide updates here on both the retirement of myibi and the new community launch.
What You Need to Know about Our New Community
We value the wealth of knowledge and engagement shared by community members and hope the new community will continue cultivating networking, knowledge sharing, and discussion.
During the transition period, from April 20th until the new community is launched this summer, myibi users should access the TIBCO WebFOCUS page to engage.
I am interested in the answer. During the next summit (june 12- june 16) there are some classes (labs) that will explain how this could work. I am intended to follow those sessions. I hope they also will provide me with some interesting documentation.
prod: WF 7.6.10 platform Windows, databases: msSQL2000, msSQL2005, RMS, Oracle, Sybase,IE7 test: WF 7.6.10 on the same platform and databases,IE7
Posts: 2387 | Location: Amsterdam, the Netherlands | Registered: December 03, 2006
Before you start integrating AD with the WebFOCUS product, its good to have a high level understanding of the WebFOCUS security architecture.
A quick overview that can help with this is an article I wrote here:
Its about 6-8 pages of high level overview of the places in the WebFOCUS product where security is implemented.
With that in mind, there are a number of different ways to integrate with AD.
If you're looking for your user's to be prompted for credentials by WebFOCUS once, then I recommend: Managed Reporting Authentication -> WFRS Reporting Server Security -> LDAP (Against AD)
If you're looking for your user's to never be prompted for credentials besides the logon to their computer, I recommend: IWA enabled on IIS web server Managed Reporting Security -> TRUSTED (REMOTE_USER) Reporting Server Security -> LDAP (Against AD) with TRUST_EXT set to Y to allow a trusted connection (LDAP_AD_ONLY must also be set to N).
With the Reporting Server node within the WebFOCUS Admin Console configured for Trusted security passing the WebFOCUS Variable WF_REMOTE_USER.
If you plan on using database level security based on each user's userid using SQL Server, etc, and you don't want your users to be prompted for credentials at all, I recommend setting up Kerberos according to TM4647.
All of the options outlined above outline authentication options, and don't touch the topic of authorization.
Reporting Server authorization can be controlled by the LDAP group, or with group profiles.
Managed Reporting authorization can reside in AD, but I don't recommend it due to its complexity to maintain. Typically putting the authorization data in a DBMS is much easier to maintain and is the way to go.
WebFOCUS 8.0 is going to have quite a few changes that should allow for greater integration with AD.
Originally posted by FrankDutch: I am interested in the answer. During the next summit (june 12- june 16) there are some classes (labs) that will explain how this could work. I am intended to follow those sessions. I hope they also will provide me with some interesting documentation.
Frank, I think those sessions you are referencing are the ones I'm teaching.
I've got a lab on using Tomcat Security with Active Directory (Sunday at 2pm).
A presentation on LDAP, AD & The WebFOCUS Product (Tuesday 1:30PM).
And a lab on using Web Services with the WebFOCUS product (Tuesday at 2:45pm) . In that lab I'll be pulling users and groups from AD, and inserting them into MR using a FEX, web services adapter, and the MR web services. A co-presenter, Gerry Snyder, will then be scheduling one of those FEXes in ReportCaster using web services.
If you're looking at using out-of-the-box functionality to go against AD, the presentation Tuesday at 1:30pm is probably what you most want to see. You might find the two labs interesting as well, but they're more side-topics for special situations.