Focal Point Banner


As of December 1, 2020, Focal Point is retired and repurposed as a reference repository. We value the wealth of knowledge that's been shared here over the years. You'll continue to have access to this treasure trove of knowledge, for search purposes only.

Join the TIBCO Community
TIBCO Community is a collaborative space for users to share knowledge and support one another in making the best use of TIBCO products and services. There are several TIBCO WebFOCUS resources in the community.

  • From the Home page, select Predict: WebFOCUS to view articles, questions, and trending articles.
  • Select Products from the top navigation bar, scroll, and then select the TIBCO WebFOCUS product page to view product overview, articles, and discussions.
  • Request access to the private WebFOCUS User Group (login required) to network with fellow members.

Former myibi community members should have received an email on 8/3/22 to activate their user accounts to join the community. Check your Spam folder for the email. Please get in touch with us at community@tibco.com for further assistance. Reference the community FAQ to learn more about the community.


Focal Point    Focal Point Forums  Hop To Forum Categories  WebFOCUS/FOCUS Forum on Focal Point     [CLOSED] Single Signon in IIS with Tomcat environment

Read-Only Read-Only Topic
Go
Search
Notify
Tools
[CLOSED] Single Signon in IIS with Tomcat environment
 Login/Join
 
Platinum Member
posted
We are trying to implement single signon for our MRE environment. We have IIS connecting to Tomcat using Jakarta Connector.

Do we need to have Kerberos or NTLM or anyother method to have single signon?

If not, how can I achieve the Single Signon in our architecture? I have done all the configurations according to document but when try to access the BI Portal, it shows "Unexpected error". We couldn't able to find any error.

Opened a case with IBI and they mentioned nothing to do on WebFocus side. I am not fully buying that.

Any thoughts.

This message has been edited. Last edited by: FP Mod Chuck,


8.2.06
Windows, All Formats
 
Posts: 184 | Registered: December 27, 2013Report This Post
Virtuoso
posted Hide Post
WFDevConsultant

Which version are you doing this with?


Thank you for using Focal Point!

Chuck Wolff - Focal Point Moderator
WebFOCUS 7x and 8x, Windows, Linux All output Formats
 
Posts: 2127 | Location: Customer Support | Registered: April 12, 2005Report This Post
Platinum Member
posted Hide Post
WebFocus 8105M


8.2.06
Windows, All Formats
 
Posts: 184 | Registered: December 27, 2013Report This Post
Virtuoso
posted Hide Post
WFDevConsultant

There are a lot of moving parts to this an hopefully I can consolidate the steps for you. First of all you do not need Kerberos or NTLM

In the security and administration manual it does list everything you need to do but there are a lot of conditions to consider.

First of all you need to make sure that your reporting server is set up to use LDAP as the primary access and PTH as the secondary access and test to make sure you have that working.

Make sure you add a LDAP user ID as WebFOCUS administrator in the Security Center.

Next you need to edit the \ibi\WebFOCUS81\config\securitysettings.xml file with a text editor. In the filterPreference section of the file, set anonymousAuthEnabled to false,
formAuthEnabled to false, and j2eePreAuthFilterEnabled to true. Then save that.

Edit the \ibi\tomcat\conf\server.xml file to look like the following for the AJP Connector

< !-- Define an AJP 1.3 Connector on port 8009 -->
<Connector port="8009" protocol="AJP/1.3"
tomcatAuthentication="false" redirectPort="8443" />

On the WebFOCUS client side in the administration console you need to make sure that the Reporting Server / Remote Services / EDASERVE entry has security set to Trusted.

Under Configuration / Security set the following parameters
IBI_Authentication_Type = WFRS, IBI_Update_User_Info = True, IBI_User_Group_Membership_ExtAuthN = EXTERNAL, IBI_User_Group_Membership_PreAuthN = EXTERNAL, IBI_External_Group_Type = WFRS, Have a valid LDAP user ID that is a Reporting Server administrator and Password in the IBI_WFRS_Service_User and IBI_WFRS_Service_Pass and last but not least set up a super user by completing the IBI_Admin_Name and IBI_Admin_Pass entries. This ID should not be an LDAP ID but one just used as the super user for WebFOCUS.

From the IIS Administration console under the Default Web Site / IIS Authentication change the Anonymous Authentication from Enabled to Disabled and Windows Authentication from Disabled to Enabled.

Restart the IIS World Wide Web Publishing Service and Restart the Apache Tomcat Service

Hopefully this will get you on your way...

This message has been edited. Last edited by: FP Mod Chuck,


Thank you for using Focal Point!

Chuck Wolff - Focal Point Moderator
WebFOCUS 7x and 8x, Windows, Linux All output Formats
 
Posts: 2127 | Location: Customer Support | Registered: April 12, 2005Report This Post
Platinum Member
posted Hide Post
I have followed all those steps but no luck.

When I try to do, http://localhost/ibi_apps - it shows "Website cannot be display" error.


8.2.06
Windows, All Formats
 
Posts: 184 | Registered: December 27, 2013Report This Post
Virtuoso
posted Hide Post
WFDevConsultant

Sorry to hear that, I just wanted to make sure you had what I did to make it work on my system. I guess you need to keep after techsupport. Have you tried fiddler2 to trace how far it gets?


Thank you for using Focal Point!

Chuck Wolff - Focal Point Moderator
WebFOCUS 7x and 8x, Windows, Linux All output Formats
 
Posts: 2127 | Location: Customer Support | Registered: April 12, 2005Report This Post
  Powered by Social Strata  

Read-Only Read-Only Topic

Focal Point    Focal Point Forums  Hop To Forum Categories  WebFOCUS/FOCUS Forum on Focal Point     [CLOSED] Single Signon in IIS with Tomcat environment

Copyright © 1996-2020 Information Builders