Focal Point Banner
Community Center Education Summit Technical Support User Groups
Let's Get Social!

Facebook Twitter LinkedIn YouTube
Focal Point    Focal Point Forums  Hop To Forum Categories  WebFOCUS/FOCUS Forum on Focal Point     [CLOSED] Unable to access WebFOCUS portal using pre-authentication
Go
New
Search
Notify
Tools
Reply
  
[CLOSED] Unable to access WebFOCUS portal using pre-authentication
 Login/Join
 
Member
posted
WebFocus security and admin 8201 (page 166-168) provides details on how to configure WebFocus client to enable pre-authentication with Web Access Management System.

but after performing all the configuration steps, we manage to test WebFocus portal login using Javascript and adding custom http headers. From the report server logs, we can see that login request is able to reach the backend Report Server with error message like this:

rejected cmrpip000068 u=srvadmin (password failure)

The security document doesn't specify what kind of security provider should be used for SSO integration. In this case, we enable the default PTH (internal) which accepts trusted WebFocus client. The user srvadmin is registered under this security provider.

Kindly advise.

This message has been edited. Last edited by: FP Mod Chuck,


WebFOCUS 8.2
Windows Server 2016
PDF, Excel
 
Posts: 11 | Registered: June 08, 2017Reply With QuoteReport This Post
Virtuoso
posted Hide Post
I have SSO and

On RS :
- Primary Security Providers is LDAP
- Secondary Security Providers is PTH

On Client :
- Authentication_Type and External_Group_type as WFRS
- User_Group_Membership_ExtAuthN and User_Group_Membership_PreAuthN as EXTERNAL
- WFRS_Group_Provider as blank
- WFRS_Service_User is PTH\srvadmin

Maybe this can help


WF versions : Prod 8.2.0.1M gen 240, Dev 8.2.04 gen 48, OS : Windows, DB : MSSQL, Outputs : HTML, Excel, PDF
In Focus since 2007
 
Posts: 2163 | Location: Montreal Area, Qc, CA | Registered: September 25, 2013Reply With QuoteReport This Post
Expert
posted Hide Post
FYI,

8201's security setup/layout has changed.

Looks very different now.


Waz...

Prod:WebFOCUS 7.6.10/8.1.04Upgrade:WebFOCUS 8.2.05OS:LinuxOutputs:HTML, PDF, Excel, PPT
In Focus since 1984
Know The Code

 
Posts: 6104 | Location: Land of the Darug people, Terra Australis Incognita | Registered: October 31, 2006Reply With QuoteReport This Post
Guru
posted Hide Post
The Security model and concepts in WF 8.2 are the same as in WF 8.1. It’s only the Security GUI interface (and parameter names) in WebFOCUS Administration Console that has changed in WF 8201.

For WF 8201 the description of pre-authentication with Web Access Management System (used by member ‘yehf’) is provided in the WF Security document starting on p. 175:

WebFOCUS Administration and Security

The process of configuring pre-authentication is described starting from p. 156 in the same document.
The process of pre-authentication is done before WebFOCUS is accessed, so they should not be using WF Internal Security Provider PTH for pre-authentication. They should be using an External Security Provider, such as LDAP.

The settings provided by ‘MartinY’ above are for External Authentication against LDAP.

Hope this helps.

Thank you for participating in the Focal Point Forum!
Tamra Colangelo
Focal Point Moderator
Information Builders


WebFOCUS 8x - BI Portal, Developer Studio, App Studio, Excel, PDF, Active Formats and HTML5
 
Posts: 487 | Location: Toronto | Registered: June 23, 2009Reply With QuoteReport This Post
Virtuoso
posted Hide Post
quote:

The security document doesn't specify what kind of security provider should be used for SSO integration. In this case, we enable the default PTH (internal) which accepts trusted WebFocus client. The user srvadmin is registered under this security provider.


It doesn't matter, you just have to make the connection to the server trusted, and set the server to allow trusted.

quote:

but after performing all the configuration steps, we manage to test WebFocus portal login using Javascript and adding custom http headers.


When you use pre-auth and are expecting a HTTP Header, that header must exist for every interaction to the WFC and not just the login. I'm a little confused how you can manage this by using JS. Can you explain in more detail?


"There is no limit to what you can achieve ... if you don’t care who gets the credit." Roger Abbott
 
Posts: 1100 | Location: Toronto, Ontario | Registered: May 26, 2004Reply With QuoteReport This Post
Member
posted Hide Post
quote:
quote:

but after performing all the configuration steps, we manage to test WebFocus portal login using Javascript and adding custom http headers.


When you use pre-auth and are expecting a HTTP Header, that header must exist for every interaction to the WFC and not just the login. I'm a little confused how you can manage this by using JS. Can you explain in more detail?



There is no SSO server setup in dev environment. So we have to find way to test out pre-auth approach. In the end, we use the chrome plugin Modify Header Value (HTTP Headers) to set the HTTP header value and then send requests to WebFocus.


WebFOCUS 8.2
Windows Server 2016
PDF, Excel
 
Posts: 11 | Registered: June 08, 2017Reply With QuoteReport This Post
  Powered by Social Strata  
 

Focal Point    Focal Point Forums  Hop To Forum Categories  WebFOCUS/FOCUS Forum on Focal Point     [CLOSED] Unable to access WebFOCUS portal using pre-authentication

Copyright © 1996-2018 Information Builders, leaders in enterprise business intelligence.