Focal Point Banner


As of December 1, 2020, Focal Point is retired and repurposed as a reference repository. We value the wealth of knowledge that's been shared here over the years. You'll continue to have access to this treasure trove of knowledge, for search purposes only.

Join the TIBCO Community
TIBCO Community is a collaborative space for users to share knowledge and support one another in making the best use of TIBCO products and services. There are several TIBCO WebFOCUS resources in the community.

  • From the Home page, select Predict: WebFOCUS to view articles, questions, and trending articles.
  • Select Products from the top navigation bar, scroll, and then select the TIBCO WebFOCUS product page to view product overview, articles, and discussions.
  • Request access to the private WebFOCUS User Group (login required) to network with fellow members.

Former myibi community members should have received an email on 8/3/22 to activate their user accounts to join the community. Check your Spam folder for the email. Please get in touch with us at community@tibco.com for further assistance. Reference the community FAQ to learn more about the community.


Focal Point    Focal Point Forums  Hop To Forum Categories  WebFOCUS/FOCUS Forum on Focal Point     [SOLVED] Need help passing MR credentials to reporting server

Read-Only Read-Only Topic
Go
Search
Notify
Tools
[SOLVED] Need help passing MR credentials to reporting server
 Login/Join
 
Silver Member
posted
I am testing 767 on a windows 2003 server(s) using LDAP on both reporting and web server. I'm trying to find a way to eliminate the additional log-in the reporting server is asking for. When the user logs into MRE they are prompted for their MR credentials and then when they execute a procedure they are prompted again. I think I'm getting warm by looking into the WF_COOKIE but the documentation is lacking. Is there a way to pass my MR credentials behind the scenes to the reporting server instead of it asking for them?

Currently, I'm running 7.14 and the reporting server (on unix mainframe) is setup as PTH. We were able to get away with this because developers using dev studio couldn't see the data servers. In 767 they can regardless of me removing their data server access via the MR administration way.

So, I turned on the security, but now I get an extra prompt.

Thanks,

This message has been edited. Last edited by: Kerry,


wf 767 running on w2k3 srvr
 
Posts: 46 | Registered: September 22, 2006Report This Post
Expert
posted Hide Post
I'm no security expert, but I suspect you need to tweak some security setting somewhere...

Meanwhile, here's how I work with MRE and reporting server logins.

Along with other stuff, the following is in my site profile (C:\ibi\client53\wfc\etc\site.wfs, accessible from WF Administration Console > Configuration > Custom Settings):

<IFDEF> WORPUSER
  <SENDVAR>
  UID=&WORPUSER
  UPASS=&WORPPASS
  IBIC_user=&WORPUSER
  <ENDSENDVAR>
<ELSE>
  <IFDEF> IBIMR_user
    <SENDVAR>
      UID=&IBIMR_user
      IBIC_user=&IBIMR_user
      WORPUSER=&IBIMR_user
      IBIMR_user=&IBIMR_user
      UPASS=&IBIMR_pass
    <ENDSENDVAR>
  <ELSE>
    <SENDVAR>
      UID=UNKNOWN
      IBIC_user=UNKNOWN
      UPASS=UNKNOWN
    <ENDSENDVAR>
  <ENDIF>
<ENDIF>

This means:

If the user logged in via B.I. Dashboard:
pass the Dashboard User Id and Password to WebFOCUS variables &UID and &UPASS,
copy the Dashboard User ID to the reporting server User Id (IBIC_user)
else
If the user logged in via MRE:
pass the MRE User Id and Password to WebFOCUS variables &UID and &UPASS,
pass the MRE User Id to WebFOCUS variable &IBIMR_user
copy the MRE User ID to the reporting server User Id (&IBIC_user)
copy the MRE User ID to the Dashboard User Id (&WORPUSER)
else
set the WebFOCUS variables &UID and &UPASS to "UNKNOWN"
set the reporting server User Id to "UNKNOWN"

I inherited some of these settings and am not sure if they're all required. Also, we only have MRE security so I'm not sure of the ramifications of that. You may have to add the following to pass the MRE password to the reporting server:

IBIC_pass=&IBIMR_pass

I've only chimed in because no one else has since last Thursday and I apologize if none of this helps.


Francis


Give me code, or give me retirement. In FOCUS since 1991

Production: WF 7.7.05M, Dev Studio, BID, MRE, WebSphere, DB2 / Test: WF 8.1.05M, App Studio, BI Portal, Report Caster, jQuery, HighCharts, Apache Tomcat, MS SQL Server
 
Posts: 10577 | Location: Toronto, Ontario, Canada | Registered: April 27, 2005Report This Post
Silver Member
posted Hide Post
Thanks Francis,
But no dice. It is close because now when I'm challenged by the reporting server it has my user ID already in the text box. It's the IBIC_pass that seems to not be responding to: IBIC_pass=&IBIMR_pass

In the meantime I hacked up some of the mr_login.htm files to pass the credentials to both the reporting server and the web server. This works but I have to do it for the BID login as well. Not to mention IBI suggests to stay with the jsp pages for added security. I'm trying to adjust those now.

All this work to try to keep local department developers out of the data servers in Dev studio only to find that is impossible. I'll post this to a new thread once I cool off.

Much thanks for looking into this.


wf 767 running on w2k3 srvr
 
Posts: 46 | Registered: September 22, 2006Report This Post
Expert
posted Hide Post
Shawn,

I don't know if this will help or if your reporting server is on Unix or not, but you could put a default server logon in the WebFOCUS client in the Remote Servers profile and then restrict access to Data Servers with group directory permissions by business unit. We have just a few MRE users and everyone else is Data Servers in different business units and that is how we organize stuff.

If you would like more detailed information, I'd be happy to share it.


Ginny
---------------------------------
Prod: WF 7.7.01 Dev: WF 7.6.9-11
Admin, MRE,self-service; adapters: Teradata, DB2, Oracle, SQL Server, Essbase, ESRI, FlexEnable, Google
 
Posts: 2723 | Location: Ann Arbor, MI | Registered: April 05, 2006Report This Post
Silver Member
posted Hide Post
Ginny - I was with you until "restrict access to Data Servers with group directory permissions". Is this Unix's flavor of active directory whereas you determine group A has access to ibi\apps\baseapp and group B has access to ibi\apps\ibisamp ?

In our shop we have about 100+ basic MRE users and 10 developers using dev studio. It's these developers which I want to remove their access to the data servers while in dev studio. However, if they don't have access to ibisamp (using active dir) then they couldn't run a standard report in MRE utilizing the CAR syn... correct?

If I'm off on any of the above points let me know.

Thanks


wf 767 running on w2k3 srvr
 
Posts: 46 | Registered: September 22, 2006Report This Post
Expert
posted Hide Post
Unix has 3 levels of permissions on a file/directory, owner, group, and world. Usually we give permissions of rw-rw-r so that world had read privileges and cannot write.

You are correct in that if you didn't give world read access to ibisamp, then they couldn't use CAR.

I think I've muddied the waters for you and for that I apologize but your signature noted Unix on z/OS.

I don't do active directory.


Ginny
---------------------------------
Prod: WF 7.7.01 Dev: WF 7.6.9-11
Admin, MRE,self-service; adapters: Teradata, DB2, Oracle, SQL Server, Essbase, ESRI, FlexEnable, Google
 
Posts: 2723 | Location: Ann Arbor, MI | Registered: April 05, 2006Report This Post
Platinum Member
posted Hide Post
Our reporting server is also running with security LDAP you can have the MRE authenticate against the reporting server by changing the MR security settings in the webfocus administrative console. There is information about the various options within the help on the console. We use external directory WFRS though you may want to use something else based on your web server security. What WFRS does is pass the credentials they logged on to the client (mre) with and authenticates them against the reporting server which is running in LDAP security mode.


Webfocus 8.0.7 on Windows
 
Posts: 176 | Location: Ohio | Registered: October 26, 2006Report This Post
Platinum Member
posted Hide Post
Does this help?


IBIMR_action EQ "MR_SIGNON"
httpsession=_ibpass
CopyWFVarToSessionVar(IBIMR_pass,httpsession)


IBIC_user=&IBIMR_user
wfvar=IBIC_pass
httpsession=_ibpass
CopySessionVarToWFVar(httpsession,wfvar)

IBIWF_language(pass)
IBIMR_fex(pass)
IBIMR_domain(pass)
MR_FULL_FEXNAME(pass)


D: WF 7.6.2 P. : WF 7.6.2 on W2003
------------------------------------------------------------------
I see myself as an intelligent, sensitive human, with the soul of a clown which forces me to blow it at the most important moments.

-Jim Morrison-

 
Posts: 206 | Registered: February 25, 2005Report This Post
Virtuoso
posted Hide Post
You should consider changing your MR Security settings to External Directory of WFRS. That way your MRE will authenticate directly to the reporting server and thus avoiding multiple logons.


"There is no limit to what you can achieve ... if you don’t care who gets the credit." Roger Abbott
 
Posts: 1102 | Location: Toronto, Ontario | Registered: May 26, 2004Report This Post
Silver Member
posted Hide Post
SOLVED!
using WFRS for MR security...

Thanks for all your help.


wf 767 running on w2k3 srvr
 
Posts: 46 | Registered: September 22, 2006Report This Post
  Powered by Social Strata  

Read-Only Read-Only Topic

Focal Point    Focal Point Forums  Hop To Forum Categories  WebFOCUS/FOCUS Forum on Focal Point     [SOLVED] Need help passing MR credentials to reporting server

Copyright © 1996-2020 Information Builders