Focal Point
[CASE OPENED] Security Issue with Tomcat and IIS connector

This topic can be found at:
https://forums.informationbuilders.com/eve/forums/a/tpc/f/7971057331/m/6157072196

April 30, 2019, 03:20 PM
iBeny
[CASE OPENED] Security Issue with Tomcat and IIS connector
Hi All,


I have a situation here and have raised a case with IBI as well and not getting much help. Migrated 8008 to 8105 using a clone of the repository(Updated portals and Favourites to make it work with the new version)

I have installed WebFOCUS Client on XXXX10 and WebFOCUS Server on XXXX02.

Where Tomcat and IIS is using JAKARTA ISAPI redirector and WebFOCUS Security is Mapped to External Groups.

The installation was done using a admin service account svc_webfocus_dev, Single sign on is set up.

Now the environment is working correctly for all the defined users in the AD groups, except the 'SVC_WEBFOCUS_DEV'.

When i go to http://XXXX10/ the IIS screen pops up.
When i go to http://XXXX10:8080 , the tomcat screen pops up
When i go to https://XXXX10/ibi_apps it gives me 500 internal server error.

this happens just for the svc_webfocus_dev (Also [part of MRAdmin].

If i check the WebFOCUS logs, the request doesn't even go to webfocus server.

Any ideas on where should i look are welcome.

This message has been edited. Last edited by: FP Mod Chuck,


Webfocus 8105,8808,7703,7611, EXL2K,HTML,PDF,COMT,AHTML Info Assist+ , Reportcaster
April 30, 2019, 05:27 PM
FP Mod Chuck
iBeny

Look at the Tomcat logs.. \ibi\Tomcat\logs


Thank you for using Focal Point!

Chuck Wolff - Focal Point Moderator
WebFOCUS 7x and 8x, Windows, Linux All output Formats
May 01, 2019, 04:20 PM
iBeny
Tomcat Logs do not provide much information and simply show that svc_webfocus_Dev tried to login and but gave 500 error:

10.34.102.69 - XXXXXX\svc_webfocus_dev [01/May/2019:16:17:53 -0400] "GET /ibi_apps/ HTTP/1.1" 500 411


Webfocus 8105,8808,7703,7611, EXL2K,HTML,PDF,COMT,AHTML Info Assist+ , Reportcaster
May 01, 2019, 04:26 PM
FP Mod Chuck
iBeny

I wasn't sure if you looked at the WebFOCUS client Event.log from the Client Administration console


Thank you for using Focal Point!

Chuck Wolff - Focal Point Moderator
WebFOCUS 7x and 8x, Windows, Linux All output Formats
May 02, 2019, 08:21 AM
jnc
IBeny,

My comments may not specifically help, but.....

1. Is svc_webfocus_Dev a real AD userid? (if no, then that is the problem. trusted user id's have to be real userid's)

2. If you want to work around the issue, then you can configure that user id as a super user.

3. You looked at a http log. If you are getting a http 500, then there will be a log file with more details. The tomcat logs are log4j redirected to the event.log. So, look at the event.log first to find why http 500. If it doesn't make the event.log, then the tomcat logs will have http 500 details somewhere. You don't throw http 500 errors with no logging.

Use a string search tool (agent ransack) and search ALL the logs for the string srv_webfocus_Dev. You will find http 500 details.


WebFocus 7x, 8x, Win / Linux, any output format
May 02, 2019, 10:39 AM
Les J
That's a pretty steep price for that book. I would think any online help would just be as useful.


WebFOCUS 8

Windows, All Outputs
May 03, 2019, 09:36 AM
iBeny
@jnc , SVC_WEBFOCUS_DEV is an actual AD user mapped to external group which is further mapped to MRAdmin WF Security group.
Also, if by super user you mean IBIMR_ADMIN user, then yes, this is the admin id for that back door entry as well.

Tech Support, Did ask for the event.log and other logs associated with the tomcat, Didn't give me anything heplful yet.

I have grepwin for such string search tools will look for the references in the Tomcat Logs folder.


Webfocus 8105,8808,7703,7611, EXL2K,HTML,PDF,COMT,AHTML Info Assist+ , Reportcaster