Focal Point Banner


As of December 1, 2020, Focal Point is retired and repurposed as a reference repository. We value the wealth of knowledge that's been shared here over the years. You'll continue to have access to this treasure trove of knowledge, for search purposes only.

Join the TIBCO Community
TIBCO Community is a collaborative space for users to share knowledge and support one another in making the best use of TIBCO products and services. There are several TIBCO WebFOCUS resources in the community.

  • From the Home page, select Predict: WebFOCUS to view articles, questions, and trending articles.
  • Select Products from the top navigation bar, scroll, and then select the TIBCO WebFOCUS product page to view product overview, articles, and discussions.
  • Request access to the private WebFOCUS User Group (login required) to network with fellow members.

Former myibi community members should have received an email on 8/3/22 to activate their user accounts to join the community. Check your Spam folder for the email. Please get in touch with us at community@tibco.com for further assistance. Reference the community FAQ to learn more about the community.


Focal Point    Focal Point Forums  Hop To Forum Categories  WebFOCUS/FOCUS Forum on Focal Point     [SOLVED] SingleSignOn - REMOTE_USER not populated

Read-Only Read-Only Topic
Go
Search
Notify
Tools
[SOLVED] SingleSignOn - REMOTE_USER not populated
 Login/Join
 
Member
posted
Hi,

I'm trying to get the SingleSignOn for the Dashboard running, but my REMOTE_USER variable is not beeing populated. I read the manual and other guides several times, but something is going wrong on my configuration.

I'm using a Windows Server 2003 with WebFOCUS 7.6.4 with Tomcat and no IIS installied.


1
I configured the custom settings in the MR Administration Console like:

IBIMR_domain(pass)
MR_FULL_FEXNAME(pass)
MR_ITEM_HANDLE(pass)
MR_CHANGE_PASS(protect)
IBIMR_user (pass)
WORP_USER(pass)
REMOTE_USER(pass)

2
I configured the MR security settings for authentification like:
User Web Server REMOTE_USER variable + Include Windows domain

3
Tomcat server.xml file
< !-- Define an AJP 1.3 Connector on port 8009 -->
Connector port="8009" enableLookups="false" request.tomcatAuthentication="false" tomcatAuthentication="false" redirectPort="8443" protocol="AJP/1.3"

When I try to open the dashboard I get an error message like the following:

Error Number 19104
Description invalid User-ID or Password.
ibi.webfoc.wfmre.mrutil.WFMRError: invalid User-ID or Password

(I searched for this Error Number, but i only found another Description to that error, that does not match with mine.)


But this becomes understandable, when i trace the MR Realm Driver while dashboard login:

**********************************D:/ibi/WebFOCUS76/logs\00103_mrrealm_090217_094421.trace
----------------------------------------------------------------
Logging started on [2009-02-17 09:44:21 CET]
WF Gen: 168 Date: Thursday, November 15, 2007 5:15:36 AM CET
MR Realm Driver Revision: 2.3.0 (7.6)
----------------------------------------------------------------
[2009-02-17 09:44:21 CET] {INFO} [WFMRX_MRSecurityDriver] authenticateUser: Trusted Mode Authentication for user 'null'
[2009-02-17 09:44:21 CET] {INFO} [WFMRX_MRSecurityDriver] findReposUserByID: User 'null' Not Found
[2009-02-17 09:44:21 CET] {INFO} [WFMRX_MRSecurityDriver] >authenticateUser: User null failed to authenticate

The HTTP Request Info in the diagnosticts tell me the following:

App Server: Apache Tomcat/5.5.25
REMOTE_USER: null
J2EE-Role: Unknown

HTTP-Header:
Header-Name Header-Wert
accept image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/xaml+xml, application/vnd.ms-xpsdocument, application/x-ms-xbap, application/x-ms-application, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*
accept-language de
ua-cpu x86
accept-encoding gzip, deflate
user-agent Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; InfoPath.1)
host xxxyyy
connection Keep-Alive
cookie JSESSIONID=516D23295DF31DB3A0A793D907F06DDA; IBIWF_language=de; wcSessionID=8E07671DA0E11D3F1514063BB993ECF582907E58397875A27C4F96BD7EF4E2BD; WFC_COOKIE=137e9fb318a19cd5513a1f13eef6c6413cd5f5883be2e9b5886c4e7378081d42bb9d87b835ef3f2ab66eced41e6144d78ba138814d56c0edd5093169a01a19c9381c


Is anyone able to make a suggestion for a solution?

This message has been edited. Last edited by: Kerry,


-----
WebFOCUS 7.6.4 on Windows Server 2003 with Oracle DB / MS SQL Server
 
Posts: 21 | Location: Essen, Germany | Registered: January 30, 2009Report This Post
<JG>
posted
First thing I would do is check your browser security settings.
It needs to be set to Automatic logon with current username and password
 
Report This Post
Virtuoso
posted Hide Post
If you are using Tomcat with no IIS, then changing AJP is meaningless, as you will be connecting to the HTTP connector.

How is Tomcat suppose to know who you are?


"There is no limit to what you can achieve ... if you don’t care who gets the credit." Roger Abbott
 
Posts: 1102 | Location: Toronto, Ontario | Registered: May 26, 2004Report This Post
Member
posted Hide Post
@JG
I checked this browser settings, although the security and administration manual tells, that the browser should be configured to "Automatic logon only in Intranet zone".

@dhagen
What configuration do I have to set to get the REMOTE_USER populated without IIS?


-----
WebFOCUS 7.6.4 on Windows Server 2003 with Oracle DB / MS SQL Server
 
Posts: 21 | Location: Essen, Germany | Registered: January 30, 2009Report This Post
Guru
posted Hide Post
Jean,

Are you planning to grab the windows logon id?

Sayed


WF 8.x and 7.7.x Win/UNIX/AS400, MRE/Portal/Self-Service, IIS/Tomcat, WebSphere, IWA, Realmdriver, Active Directory, Oracle, SQLServer, DB2, MySQL, JD Edwards, E-BIZ, SAP BW, R/3, ECC, ESSBASE
 
Posts: 285 | Location: Texas | Registered: June 27, 2006Report This Post
Member
posted Hide Post
Maybe I did not understand the single sign on authentification process correctly, but I think it is becoming a bit clearer now.

The Web Server populates the REMOTE_USER variable and Tomcat is able to read that variable and pass it to the MRE. I don't use IIS as Web Server, so Tomcat receives an empty REMOTE_USER variable. Is that correct so far?

If I don't use a Web Server that sets the REMOTE_USER variable, is it possible to get the SingleSignOn working with Tomcat? Or do I need to install a Web Server and there is no way around it?


-----
WebFOCUS 7.6.4 on Windows Server 2003 with Oracle DB / MS SQL Server
 
Posts: 21 | Location: Essen, Germany | Registered: January 30, 2009Report This Post
Virtuoso
posted Hide Post
To get the Remote_User without IIS you would have to configure Tomcat to use Active Directory as an authentication point. This would not be trusted, and therefore, your users would be then prompted for credentials.

To get true SSO with Tomcat standalone, read TM4647 (Configuring Single Sign-on to the WebFOCUS Reporting Server Using Kerberos). It can be a bit of a ride to configure, but it should allow you to do what you are looking for.


"There is no limit to what you can achieve ... if you don’t care who gets the credit." Roger Abbott
 
Posts: 1102 | Location: Toronto, Ontario | Registered: May 26, 2004Report This Post
<JG>
posted
Sorry I should have asked the obvious question first.

If it's Tomcat standalone then you need to configure and deploy a servlet like jcifs,
this is open source and quite easy to do.

However depending on your security implementations you may need to go to a servlet such as
Jespa this is foc for a max 25 users but $400 for unlimited users. (pea nuts).

The browser settings you have are fine if the webserver is on the intranet,
however if you have external users they must use the Internet logon.
 
Report This Post
Member
posted Hide Post
As I see the easiest way to get the SSO working is to use the IIS. Alternatively we can implement JCIFS for ntlm authentification for tomcat standalone or use the kerberos protocol.

I think we will install the WebFOCUS with IIS in the future and try the solution with the JCIFS also.

Thank you for your help.


-----
WebFOCUS 7.6.4 on Windows Server 2003 with Oracle DB / MS SQL Server
 
Posts: 21 | Location: Essen, Germany | Registered: January 30, 2009Report This Post
  Powered by Social Strata  

Read-Only Read-Only Topic

Focal Point    Focal Point Forums  Hop To Forum Categories  WebFOCUS/FOCUS Forum on Focal Point     [SOLVED] SingleSignOn - REMOTE_USER not populated

Copyright © 1996-2020 Information Builders