Focal Point Banner


As of December 1, 2020, Focal Point is retired and repurposed as a reference repository. We value the wealth of knowledge that's been shared here over the years. You'll continue to have access to this treasure trove of knowledge, for search purposes only.

Join the TIBCO Community
TIBCO Community is a collaborative space for users to share knowledge and support one another in making the best use of TIBCO products and services. There are several TIBCO WebFOCUS resources in the community.

  • From the Home page, select Predict: WebFOCUS to view articles, questions, and trending articles.
  • Select Products from the top navigation bar, scroll, and then select the TIBCO WebFOCUS product page to view product overview, articles, and discussions.
  • Request access to the private WebFOCUS User Group (login required) to network with fellow members.

Former myibi community members should have received an email on 8/3/22 to activate their user accounts to join the community. Check your Spam folder for the email. Please get in touch with us at community@tibco.com for further assistance. Reference the community FAQ to learn more about the community.


Focal Point    Focal Point Forums  Hop To Forum Categories  WebFOCUS/FOCUS Forum on Focal Point     How to Bypass OPSYS Security for Public Users

Read-Only Read-Only Topic
Go
Search
Notify
Tools
How to Bypass OPSYS Security for Public Users
 Login/Join
 
KentO
Gold member
posted
We use OPSYS security and require userids and passwords for users that update files. But for users that can only inquire, we want to not require passwords.

I thought from reading other forum discussions that I could do this by adding an universal user (example: customer customer) to the URL in the .htm that the user is routed to. So I added IBIC_user="customer" IBIC_pass="customer" to the URL, but the OPSYS sign on is still required. Is it possible to bypass the security sign on in this way? If so, can someone include sample code since I don't know JAVA very well.

Thanks, Kent


Windows2003 Server, WebFOCUS 7.7.02 Developers Studio and MRE
 
Posts: 63 | Location: Ft. Wayne, IN | Registered: February 20, 2007Report This Post
GinnyJakes
Expert
posted Hide Post
One way to do it is to populate IBI_REPORT_USER and IBI_REPORT_PASS in the profile of the Reporting Servers/Remote Services server you are using, EDASERVE for example, with some sort of application id.

The problem with that is that anyone can get in. You would have to restrict the permissions of this id severely and still force your update users to logon. You could make them using another client node without the stored userid, i.e populate all the pages with the IBIC_server value for this special node forcing them to log in.


Ginny
---------------------------------
Prod: WF 7.7.01 Dev: WF 7.6.9-11
Admin, MRE,self-service; adapters: Teradata, DB2, Oracle, SQL Server, Essbase, ESRI, FlexEnable, Google
 
Posts: 2723 | Location: Ann Arbor, MI | Registered: April 05, 2006Report This Post
Darin Lee
Virtuoso
posted Hide Post
Another method is to set up a separate instance of the server (same physical box, same installation, different port) with very restricted access to tables, etc. which DOES have the user/id in the server profile. (You could also just turn security off on that server, but I would highly recommend AGAINST that.) Opens too many other security holes. Then any requests by that public user could use IBIC_server=alternateservername. I think there is a "Configure additional servers" option on the installation menu that does this.

In essence, there is no real "BYPASS" to OPSYS security. Either you authenticate somehow or you don't. Just depends how seamless you want it to appear to the users.


Regards,

Darin


In FOCUS since 1991
WF Server: 7.7.04 on Linux and Z/OS, ReportCaster, Self-Service, MRE, Java, Flex
Data: DB2/UDB, Adabas, SQL Server Output: HTML,PDF,EXL2K/07, PS, AHTML, Flex
WF Client: 77 on Linux w/Tomcat
 
Posts: 2298 | Location: Salt Lake City, Utah | Registered: February 02, 2007Report This Post
GinnyJakes
Expert
posted Hide Post
Darin, that requires a license. Creating another client node pointing to the same server does not.


Ginny
---------------------------------
Prod: WF 7.7.01 Dev: WF 7.6.9-11
Admin, MRE,self-service; adapters: Teradata, DB2, Oracle, SQL Server, Essbase, ESRI, FlexEnable, Google
 
Posts: 2723 | Location: Ann Arbor, MI | Registered: April 05, 2006Report This Post
Darin Lee
Virtuoso
posted Hide Post
Always the licensing issue which I forgot to mention because we don't license it that way. Ours is one box, one license. Thanks for bringing that up, though, as I'm frequently one to remind users of licensing requirements.

Ginny's suggestion would be a way around that problem.


Regards,

Darin


In FOCUS since 1991
WF Server: 7.7.04 on Linux and Z/OS, ReportCaster, Self-Service, MRE, Java, Flex
Data: DB2/UDB, Adabas, SQL Server Output: HTML,PDF,EXL2K/07, PS, AHTML, Flex
WF Client: 77 on Linux w/Tomcat
 
Posts: 2298 | Location: Salt Lake City, Utah | Registered: February 02, 2007Report This Post
KentO
Gold member
posted Hide Post
JinnyJakes,
I am getting lost in the "WebFOCUS Security and Administration" manual trying to set up the new node where I can populate IBI_REPORT_USER and IBI_REPORT_PASS. I belive I need to set up a new NODE in ODIN.CFG with the same PORT number as the database client.
What other .CFGs do I need to make changes to? Any other details you can give will help since I have not had to make many table changes in the two years we have been on WebFocus.
Thanks, Kent


Windows2003 Server, WebFOCUS 7.7.02 Developers Studio and MRE
 
Posts: 63 | Location: Ft. Wayne, IN | Registered: February 20, 2007Report This Post
GinnyJakes
Expert
posted Hide Post
You don't need to set up a new node in the reporting server. You just need to set up a a remote client in the WebFOCUS Client console.

Its URL is: http://your_web_server/ibi_apps/console/webfocusconsole.jsp

You log onto that, click on Reporting Servers, then click on Remote Services.

In the right-hand panel, click the new button at the bottom. You then give the node a different name than EDASERVE but point it to the same reporting server as EDASERVE.

Once that is created, you can click the profile button for your new node and make the appropriate changes.

Each one of these nodes will have a profile in the /WebFOCUS/ibi/webfocus76n/client/wfc/etc directory. You can encrypt these profiles from the client console tool.

Or you can make EDASERVE your public node and update the user and pass for that one and create another, WFSECURE for example, that has no entries for the user and pass.

Let me know if that is not clear. You don't have to read the security manual to do this.

Let me know if you have more questions.


Ginny
---------------------------------
Prod: WF 7.7.01 Dev: WF 7.6.9-11
Admin, MRE,self-service; adapters: Teradata, DB2, Oracle, SQL Server, Essbase, ESRI, FlexEnable, Google
 
Posts: 2723 | Location: Ann Arbor, MI | Registered: April 05, 2006Report This Post
StuBouyer
Guru
posted Hide Post
One option to consider is to pass a value or cookie that identifies whether the user is an "inquirer" or not. Then in the edasprof or a profile set IBIC_user and IBIC_pass to your default - customer.customer in your example.

Note that you will need to create the user "customer" on the OS for OPSYS to work.

Cheers

Stu


WebFOCUS 8.2.03 (8.2.06 in testing)
 
Posts: 253 | Location: Melbourne, Australia | Registered: February 07, 2007Report This Post
  Powered by Social Strata  

Read-Only Read-Only Topic

Focal Point    Focal Point Forums  Hop To Forum Categories  WebFOCUS/FOCUS Forum on Focal Point     How to Bypass OPSYS Security for Public Users

Copyright © 1996-2020 Information Builders