As of December 1, 2020, Focal Point is retired and repurposed as a reference repository. We value the wealth of knowledge that's been shared here over the years. You'll continue to have access to this treasure trove of knowledge, for search purposes only.
Join the TIBCO Community TIBCO Community is a collaborative space for users to share knowledge and support one another in making the best use of TIBCO products and services. There are several TIBCO WebFOCUS resources in the community.
From the Home page, select Predict: WebFOCUS to view articles, questions, and trending articles.
Select Products from the top navigation bar, scroll, and then select the TIBCO WebFOCUS product page to view product overview, articles, and discussions.
Request access to the private WebFOCUS User Group (login required) to network with fellow members.
Former myibi community members should have received an email on 8/3/22 to activate their user accounts to join the community. Check your Spam folder for the email. Please get in touch with us at community@tibco.com for further assistance. Reference the community FAQ to learn more about the community.
Hi We have a rather complicated preauthentication setup that Developer Studio doesn't support. Is it possible to configure a seperate security zone to be used in Developer Studio and to get access without preauth? I have tried a lot of things but mostly Developer Studio just gives me empty "Ok" boxes when trying to authenticate against the alternate zone. The alternate zones web UI is accessible from server:8080/ibi_apps/zone/signin and authentication works. What should the Web Component parameters be for accessing this alternative zone in Dev Studio? Maybe a custom authentication type for Developer Studio is neccessary? Second question would be if it is possible to add more than 1 security zone? I think the mobile and portlet zones are not fit for normal use.
Thank you in advance!
Webfocus and Developer Studio 8005 on Centos 6.4This message has been edited. Last edited by: <Kathryn Henning>,
Hi Precipice, I suggest you open case in Techsupport. I have used preauth + alternative security zone for Developer Studio, but for filtering we had IP-addresses (only developer computers). Maybe this is option for you.
Regards,
Release: WebFOCUS 8104, AppStudio: 8105 OS: Windows Output: HTML,Excel,Active Reports
Hi again. Filtered IP-s are OK and I know how to set them up. So what parameters did you use to connect to this alternative zone? Host name as servername/ibi_apps/zone and then just normal authentication ? Ill have to check yet if this isn't the fault of our technical setup, before submitting a case. In this setup tomcat is used behind apache (mod_jk).
You are using Apache to redirect for pre-auth? If so, as long as your local machine where Developer is, the IP is listed in the securitysetting-zone.xml, you should be able to go directly against Tomcat.
We do the same thing with Apache and Weblogic using SiteMinder. I have alternate zones setup to do config changes on each side of the cluster.
Hi Precipice, Yes as MattC pointed out. You should be OK with just IP-s listed in the securitysettings-zone.xml. After that all Developer should be directed to "formAuthEnabled" or what ever secondary authentication method you have. Regards,
Release: WebFOCUS 8104, AppStudio: 8105 OS: Windows Output: HTML,Excel,Active Reports
Ok, good to hear that it should work. Thinking now, forget about apache... tomcat on 8080 is directly accessed. So Developer Studio should use the alternative zone automatically when my IP is in the filterChainIPAddresses list and I dont have to use any different hostname, html alias or client path?
I can login like this when I have "anonymousAuthEnabled" value="true" and only the public folder is visible. But when anonymousAuth is false I get asked 2 times for credentials and then: Error -2147220983 - Unable to connect to the WebFOCUS environment. Also I cannot login though browser /ibi_apps, when my IP is in zone list. The signin page just reloads every time I enter credentials. Audit log says "admin signIn SUCCESS" tho.
Hi Precipice, Yes thats correct you do not need any different hostname/html alias etc. Well "anonymouseAuthEnable" should be false as you dont want anonymouse users into the system. So I did test in our Test enviorment (although its 8006 not 8005). Primary authentication: OpenID - throguh Google.com Secondary authentication: FormBased. Only thing I did in the securitysettings-zone is added my IP - and set following to true/false
Hi again So I wanted to see where this problem originates from and made a new install. All deafult settings WF Client 8006 - Webfocus, tomcat, derby, default ports. And I cant login in Developer Studio after configuring only securitysettings-zone.xml and adding my IP. "Unable to logon"