Currently we have an application outside of Web Focus that users are allowed to go and update/edit/send data. Before they do this, we allow them to view reports generated by Web Focus. Currently they must sign on to 2 different apps.

What we are hoping to do is create a generic user name and password for viewing the WF reports within our tool. This would enable the users to feel that they work within one application. To get to the reports a URL would be passed to WF containing parameters and such.

The problem is mulitple sessions with the same user name and password is not possible. Is there any way around this or any suggestions available. I hear DHAGEN is a great security expert. Do you have an ideas?

Thanks to all!

quote:

The problem is mulitple sessions with the same user name and password is not possible.

Please elaborate.

I find that when logging into our dashboard when I had done it earlier and not logged out, it tells me:

Error Number 19208
Severity Error
Description Conflict occurred. is currently logged in to Dashboard
Possible causes This username is already signed on to Dashboard.

Actions A user may have only one session active at a time. Either find the existing session or login with a different username.
--------------------------------------------------------------------------------
Cancel Session And Login


And if we had a generic password for multiple users, everytime a user would log in, the other session would get this error:

Error Number 19402
Severity Error
Description Illegal request attempt.

Possible causes Your session has expired or been invalidated. Before attempting to execute any requests you must acquire a users session.

Actions Contact your administrator


Does that help or make sense?

Not being able to have multiple sessions is only valid for BID (Dashboard). This means that userid "a" can only be logged on to one secured BID envionment at one time. A secured BID environment is either a Group view or a personal view. You can have multiple users logged onto a public view at one time.

If your just trying to execute some reports, why not just put them on the web focus server and execute them directly?

You are trying to call these requests from another application. Is this other app a portal, a custom app ...?

As for the session "Cancel Session and Login", if you do that, then anyone that is currently logged in with the same UserID will be automatically disconnected. FYI: there are IBI documented ways of dealing with this prompt and forcing the cancel session and logon for you.

I realize that this sounds like I'm rambling .... sorry! So, to get back to the what I think the question is.

You can secure a web focus application (BID or self serve) from another 3rd party application. However, your going to have to get your hands a little dirty as this is not all that easy. Passing security credentials from one app to another and keeping the whole thing secure is more then just sending credentials as parms in a post method or encrypting a cookie or header. If you can provide some details, I might be able to suggest an approach. However, I would still stongly suggest that you open a help line ticket with New York help desk to see what the IBI security people might suggest.

Great! Thanks so much for your help, you have given me a few routes that I can take and will look into.

If the security parts become a problem, I will most definitely look into opening a ticket in with the NY help desk.

Thanks so much again!

It seems that WF supports being configured to a public OR a group view... not both. Can this be overcome?

FYI,

For Dashboard, it can be configured in different ways:
(1) both public view AND group view;
(2) either public view OR group view;
(3) none.

Can you please provide more specifics on what you are seeing or not seeing? That may help for better understanding of the question.

Hope it helps. Have a good weekend.

Cheers,

Kerry

Okay, I thought it was an either/or kind of thing. Well again, what I am trying to do is keep security a priority by integrating WF and an existing application written in Java and Java script. Within the Java app, we want to user to click on a button or link that says "View Report" or something and it would then head to WF and execute it within an existing frame inside the JAVA app.

Running this straight from the server would be good, but we don't want this WF report to somehow be bookmarked and have them run it later without being within the Java applications. So tracking and managing sessions is important.

Also passing parameters is important from one app to the other.

That's the gist of it. Thanks for your input.

Stacy

DHAGEN's suggestion seems to be the best - take the reports out of Dashboard and put then on the server. If the report is displayed in an iframe, you could disable right clicking within the iframe to prevent bookmarking the report and if the user bookmarks the page that the iframe is within, they won't get the report URL.

Just a thought - haven't tried it myself yet.

Thank you, that makes sense. How would I go about disabling right clicking within a frame. Is that JSP/Java or HTML driven? And if it's HTML, can that be disabled through WF or would it be in the Java application that holds the WF iframe?

This message has been edited. Last edited by: slfmr,

You can do it with JavaScript. Here's a link found via Googling "JavaScript disable right click"

http://www.dynamicdrive.com/dynamicindex9/noright.htm

THANKS!! I still have the one concern about WF accepting parameters. Is this an overcomable (is that a word?) problem?

Essentially I would need to check the session id for the other application and since the WF severs cannot see a cookie (which is how they are stored) then we would need to pass it as a parameter.. unless there are other options.

Thank you everyone for the feedback!

This message has been edited. Last edited by: slfmr,