WebFocus security and admin 8201 (page 166-168) provides details on how to configure WebFocus client to enable pre-authentication with Web Access Management System.

but after performing all the configuration steps, we manage to test WebFocus portal login using Javascript and adding custom http headers. From the report server logs, we can see that login request is able to reach the backend Report Server with error message like this:

rejected cmrpip000068 u=srvadmin (password failure)

The security document doesn't specify what kind of security provider should be used for SSO integration. In this case, we enable the default PTH (internal) which accepts trusted WebFocus client. The user srvadmin is registered under this security provider.

Kindly advise.

This message has been edited. Last edited by: FP Mod Chuck,

I have SSO and

On RS :
- Primary Security Providers is LDAP
- Secondary Security Providers is PTH

On Client :
- Authentication_Type and External_Group_type as WFRS
- User_Group_Membership_ExtAuthN and User_Group_Membership_PreAuthN as EXTERNAL
- WFRS_Group_Provider as blank
- WFRS_Service_User is PTH\srvadmin

Maybe this can help

FYI,

8201's security setup/layout has changed.

Looks very different now.

The Security model and concepts in WF 8.2 are the same as in WF 8.1. It’s only the Security GUI interface (and parameter names) in WebFOCUS Administration Console that has changed in WF 8201.

For WF 8201 the description of pre-authentication with Web Access Management System (used by member ‘yehf’) is provided in the WF Security document starting on p. 175:

WebFOCUS Administration and Security

The process of configuring pre-authentication is described starting from p. 156 in the same document.
The process of pre-authentication is done before WebFOCUS is accessed, so they should not be using WF Internal Security Provider PTH for pre-authentication. They should be using an External Security Provider, such as LDAP.

The settings provided by ‘MartinY’ above are for External Authentication against LDAP.

Hope this helps.

Thank you for participating in the Focal Point Forum!
Tamra Colangelo
Focal Point Moderator
Information Builders

quote:

The security document doesn't specify what kind of security provider should be used for SSO integration. In this case, we enable the default PTH (internal) which accepts trusted WebFocus client. The user srvadmin is registered under this security provider.

It doesn't matter, you just have to make the connection to the server trusted, and set the server to allow trusted.

quote:

but after performing all the configuration steps, we manage to test WebFocus portal login using Javascript and adding custom http headers.

When you use pre-auth and are expecting a HTTP Header, that header must exist for every interaction to the WFC and not just the login. I'm a little confused how you can manage this by using JS. Can you explain in more detail?

quote:

quote:

but after performing all the configuration steps, we manage to test WebFocus portal login using Javascript and adding custom http headers.


When you use pre-auth and are expecting a HTTP Header, that header must exist for every interaction to the WFC and not just the login. I'm a little confused how you can manage this by using JS. Can you explain in more detail?

There is no SSO server setup in dev environment. So we have to find way to test out pre-auth approach. In the end, we use the chrome plugin Modify Header Value (HTTP Headers) to set the HTTP header value and then send requests to WebFocus.