[CASE OPENED] Security Issue with Tomcat and IIS connector
Hi All,
I have a situation here and have raised a case with IBI as well and not getting much help. Migrated 8008 to 8105 using a clone of the repository(Updated portals and Favourites to make it work with the new version)
I have installed WebFOCUS Client on XXXX10 and WebFOCUS Server on XXXX02.
Where Tomcat and IIS is using JAKARTA ISAPI redirector and WebFOCUS Security is Mapped to External Groups.
The installation was done using a admin service account svc_webfocus_dev, Single sign on is set up.
Now the environment is working correctly for all the defined users in the AD groups, except the 'SVC_WEBFOCUS_DEV'.
Webfocus 8105,8808,7703,7611, EXL2K,HTML,PDF,COMT,AHTML Info Assist+ , Reportcaster
May 01, 2019, 04:26 PM
FP Mod Chuck
iBeny
I wasn't sure if you looked at the WebFOCUS client Event.log from the Client Administration console
Thank you for using Focal Point!
Chuck Wolff - Focal Point Moderator WebFOCUS 7x and 8x, Windows, Linux All output Formats
May 02, 2019, 08:21 AM
jnc
IBeny,
My comments may not specifically help, but.....
1. Is svc_webfocus_Dev a real AD userid? (if no, then that is the problem. trusted user id's have to be real userid's)
2. If you want to work around the issue, then you can configure that user id as a super user.
3. You looked at a http log. If you are getting a http 500, then there will be a log file with more details. The tomcat logs are log4j redirected to the event.log. So, look at the event.log first to find why http 500. If it doesn't make the event.log, then the tomcat logs will have http 500 details somewhere. You don't throw http 500 errors with no logging.
Use a string search tool (agent ransack) and search ALL the logs for the string srv_webfocus_Dev. You will find http 500 details.
WebFocus 7x, 8x, Win / Linux, any output format
May 02, 2019, 10:39 AM
Les J
That's a pretty steep price for that book. I would think any online help would just be as useful.
WebFOCUS 8
Windows, All Outputs
May 03, 2019, 09:36 AM
iBeny
@jnc , SVC_WEBFOCUS_DEV is an actual AD user mapped to external group which is further mapped to MRAdmin WF Security group. Also, if by super user you mean IBIMR_ADMIN user, then yes, this is the admin id for that back door entry as well.
Tech Support, Did ask for the event.log and other logs associated with the tomcat, Didn't give me anything heplful yet.
I have grepwin for such string search tools will look for the references in the Tomcat Logs folder.
Webfocus 8105,8808,7703,7611, EXL2K,HTML,PDF,COMT,AHTML Info Assist+ , Reportcaster