Focal Point Banner
Community Center Education Summit Technical Support User Groups
Let's Get Social!

Facebook Twitter LinkedIn YouTube
Focal Point    Focal Point Forums  Hop To Forum Categories  WebFOCUS/FOCUS Forum on Focal Point     [CASE OPENED] Security Issue with Tomcat and IIS connector
Go
New
Search
Notify
Tools
Reply
  
[CASE OPENED] Security Issue with Tomcat and IIS connector
 Login/Join
 
Gold member
posted
Hi All,


I have a situation here and have raised a case with IBI as well and not getting much help. Migrated 8008 to 8105 using a clone of the repository(Updated portals and Favourites to make it work with the new version)

I have installed WebFOCUS Client on XXXX10 and WebFOCUS Server on XXXX02.

Where Tomcat and IIS is using JAKARTA ISAPI redirector and WebFOCUS Security is Mapped to External Groups.

The installation was done using a admin service account svc_webfocus_dev, Single sign on is set up.

Now the environment is working correctly for all the defined users in the AD groups, except the 'SVC_WEBFOCUS_DEV'.

When i go to http://XXXX10/ the IIS screen pops up.
When i go to http://XXXX10:8080 , the tomcat screen pops up
When i go to https://XXXX10/ibi_apps it gives me 500 internal server error.

this happens just for the svc_webfocus_dev (Also [part of MRAdmin].

If i check the WebFOCUS logs, the request doesn't even go to webfocus server.

Any ideas on where should i look are welcome.

This message has been edited. Last edited by: FP Mod Chuck,


Webfocus 8105,8808,7703,7611, EXL2K,HTML,PDF,COMT,AHTML Info Assist+ , Reportcaster
 
Posts: 60 | Location: Toronto, Ontario | Registered: May 15, 2014Reply With QuoteReport This Post
Virtuoso
posted Hide Post
iBeny

Look at the Tomcat logs.. \ibi\Tomcat\logs


Thank you for using Focal Point!

Chuck Wolff - Focal Point Moderator
WebFOCUS 7x and 8x, Windows, Linux All output Formats
 
Posts: 1694 | Location: Customer Support | Registered: April 12, 2005Reply With QuoteReport This Post
Gold member
posted Hide Post
Tomcat Logs do not provide much information and simply show that svc_webfocus_Dev tried to login and but gave 500 error:

10.34.102.69 - XXXXXX\svc_webfocus_dev [01/May/2019:16:17:53 -0400] "GET /ibi_apps/ HTTP/1.1" 500 411


Webfocus 8105,8808,7703,7611, EXL2K,HTML,PDF,COMT,AHTML Info Assist+ , Reportcaster
 
Posts: 60 | Location: Toronto, Ontario | Registered: May 15, 2014Reply With QuoteReport This Post
Virtuoso
posted Hide Post
iBeny

I wasn't sure if you looked at the WebFOCUS client Event.log from the Client Administration console


Thank you for using Focal Point!

Chuck Wolff - Focal Point Moderator
WebFOCUS 7x and 8x, Windows, Linux All output Formats
 
Posts: 1694 | Location: Customer Support | Registered: April 12, 2005Reply With QuoteReport This Post
Silver Member
posted Hide Post
IBeny,

My comments may not specifically help, but.....

1. Is svc_webfocus_Dev a real AD userid? (if no, then that is the problem. trusted user id's have to be real userid's)

2. If you want to work around the issue, then you can configure that user id as a super user.

3. You looked at a http log. If you are getting a http 500, then there will be a log file with more details. The tomcat logs are log4j redirected to the event.log. So, look at the event.log first to find why http 500. If it doesn't make the event.log, then the tomcat logs will have http 500 details somewhere. You don't throw http 500 errors with no logging.

Use a string search tool (agent ransack) and search ALL the logs for the string srv_webfocus_Dev. You will find http 500 details.


WebFocus 7x, 8x, Win / Linux, any output format
 
Posts: 44 | Location: reading, pa | Registered: April 07, 2007Reply With QuoteReport This Post
Silver Member
posted Hide Post
That's a pretty steep price for that book. I would think any online help would just be as useful.


WebFOCUS 8

Windows, All Outputs
 
Posts: 45 | Location: Phoenix | Registered: March 01, 2018Reply With QuoteReport This Post
Gold member
posted Hide Post
@jnc , SVC_WEBFOCUS_DEV is an actual AD user mapped to external group which is further mapped to MRAdmin WF Security group.
Also, if by super user you mean IBIMR_ADMIN user, then yes, this is the admin id for that back door entry as well.

Tech Support, Did ask for the event.log and other logs associated with the tomcat, Didn't give me anything heplful yet.

I have grepwin for such string search tools will look for the references in the Tomcat Logs folder.


Webfocus 8105,8808,7703,7611, EXL2K,HTML,PDF,COMT,AHTML Info Assist+ , Reportcaster
 
Posts: 60 | Location: Toronto, Ontario | Registered: May 15, 2014Reply With QuoteReport This Post
  Powered by Social Strata  
 

Focal Point    Focal Point Forums  Hop To Forum Categories  WebFOCUS/FOCUS Forum on Focal Point     [CASE OPENED] Security Issue with Tomcat and IIS connector

Copyright © 1996-2018 Information Builders, leaders in enterprise business intelligence.