WebFocus security and admin 8201 (page 166-168) provides details on how to configure WebFocus client to enable pre-authentication with Web Access Management System.
rejected cmrpip000068 u=srvadmin (password failure)
The security document doesn't specify what kind of security provider should be used for SSO integration. In this case, we enable the default PTH (internal) which accepts trusted WebFocus client. The user srvadmin is registered under this security provider.
Kindly advise.This message has been edited. Last edited by: FP Mod Chuck,
Windows Server 2016
I have SSO and
On RS :
- Primary Security Providers is LDAP
- Secondary Security Providers is PTH
On Client :
- Authentication_Type and External_Group_type as WFRS
- User_Group_Membership_ExtAuthN and User_Group_Membership_PreAuthN as EXTERNAL
- WFRS_Group_Provider as blank
- WFRS_Service_User is PTH\srvadmin
Maybe this can help
WF versions : Prod 8.2.04M gen 33, Dev 8.2.04M gen 33, OS : Windows, DB : MSSQL, Outputs : HTML, Excel, PDF
In Focus since 2007
8201's security setup/layout has changed.
Looks very different now.
The Security model and concepts in WF 8.2 are the same as in WF 8.1. It’s only the Security GUI interface (and parameter names) in WebFOCUS Administration Console that has changed in WF 8201.
For WF 8201 the description of pre-authentication with Web Access Management System (used by member ‘yehf’) is provided in the WF Security document starting on p. 175:
WebFOCUS Administration and Security
The process of configuring pre-authentication is described starting from p. 156 in the same document.
The process of pre-authentication is done before WebFOCUS is accessed, so they should not be using WF Internal Security Provider PTH for pre-authentication. They should be using an External Security Provider, such as LDAP.
The settings provided by ‘MartinY’ above are for External Authentication against LDAP.
Hope this helps.
Thank you for participating in the Focal Point Forum!
Focal Point Moderator
WebFOCUS 8x - BI Portal, Developer Studio, App Studio, Excel, PDF, Active Formats and HTML5
It doesn't matter, you just have to make the connection to the server trusted, and set the server to allow trusted.
When you use pre-auth and are expecting a HTTP Header, that header must exist for every interaction to the WFC and not just the login. I'm a little confused how you can manage this by using JS. Can you explain in more detail?
"There is no limit to what you can achieve ... if you don’t care who gets the credit." Roger Abbott
There is no SSO server setup in dev environment. So we have to find way to test out pre-auth approach. In the end, we use the chrome plugin Modify Header Value (HTTP Headers) to set the HTTP header value and then send requests to WebFocus.
Windows Server 2016
|Powered by Social Strata|