As of December 1, 2020, Focal Point is retired and repurposed as a reference repository. We value the wealth of knowledge that's been shared here over the years. You'll continue to have access to this treasure trove of knowledge, for search purposes only.
Join the TIBCO Community TIBCO Community is a collaborative space for users to share knowledge and support one another in making the best use of TIBCO products and services. There are several TIBCO WebFOCUS resources in the community.
From the Home page, select Predict: WebFOCUS to view articles, questions, and trending articles.
Select Products from the top navigation bar, scroll, and then select the TIBCO WebFOCUS product page to view product overview, articles, and discussions.
Request access to the private WebFOCUS User Group (login required) to network with fellow members.
Former myibi community members should have received an email on 8/3/22 to activate their user accounts to join the community. Check your Spam folder for the email. Please get in touch with us at community@tibco.com for further assistance. Reference the community FAQ to learn more about the community.
I am interested in the answer. During the next summit (june 12- june 16) there are some classes (labs) that will explain how this could work. I am intended to follow those sessions. I hope they also will provide me with some interesting documentation.
Frank
prod: WF 7.6.10 platform Windows, databases: msSQL2000, msSQL2005, RMS, Oracle, Sybase,IE7 test: WF 7.6.10 on the same platform and databases,IE7
Posts: 2387 | Location: Amsterdam, the Netherlands | Registered: December 03, 2006
Before you start integrating AD with the WebFOCUS product, its good to have a high level understanding of the WebFOCUS security architecture.
A quick overview that can help with this is an article I wrote here:
Its about 6-8 pages of high level overview of the places in the WebFOCUS product where security is implemented.
With that in mind, there are a number of different ways to integrate with AD.
If you're looking for your user's to be prompted for credentials by WebFOCUS once, then I recommend: Managed Reporting Authentication -> WFRS Reporting Server Security -> LDAP (Against AD)
If you're looking for your user's to never be prompted for credentials besides the logon to their computer, I recommend: IWA enabled on IIS web server Managed Reporting Security -> TRUSTED (REMOTE_USER) Reporting Server Security -> LDAP (Against AD) with TRUST_EXT set to Y to allow a trusted connection (LDAP_AD_ONLY must also be set to N).
With the Reporting Server node within the WebFOCUS Admin Console configured for Trusted security passing the WebFOCUS Variable WF_REMOTE_USER.
If you plan on using database level security based on each user's userid using SQL Server, etc, and you don't want your users to be prompted for credentials at all, I recommend setting up Kerberos according to TM4647.
All of the options outlined above outline authentication options, and don't touch the topic of authorization.
Reporting Server authorization can be controlled by the LDAP group, or with group profiles.
Managed Reporting authorization can reside in AD, but I don't recommend it due to its complexity to maintain. Typically putting the authorization data in a DBMS is much easier to maintain and is the way to go.
WebFOCUS 8.0 is going to have quite a few changes that should allow for greater integration with AD.
Originally posted by FrankDutch: I am interested in the answer. During the next summit (june 12- june 16) there are some classes (labs) that will explain how this could work. I am intended to follow those sessions. I hope they also will provide me with some interesting documentation.
Frank, I think those sessions you are referencing are the ones I'm teaching.
I've got a lab on using Tomcat Security with Active Directory (Sunday at 2pm).
A presentation on LDAP, AD & The WebFOCUS Product (Tuesday 1:30PM).
And a lab on using Web Services with the WebFOCUS product (Tuesday at 2:45pm) . In that lab I'll be pulling users and groups from AD, and inserting them into MR using a FEX, web services adapter, and the MR web services. A co-presenter, Gerry Snyder, will then be scheduling one of those FEXes in ReportCaster using web services.
If you're looking at using out-of-the-box functionality to go against AD, the presentation Tuesday at 1:30pm is probably what you most want to see. You might find the two labs interesting as well, but they're more side-topics for special situations.