Focal Point Banner


As of December 1, 2020, Focal Point is retired and repurposed as a reference repository. We value the wealth of knowledge that's been shared here over the years. You'll continue to have access to this treasure trove of knowledge, for search purposes only.

Join the TIBCO Community
TIBCO Community is a collaborative space for users to share knowledge and support one another in making the best use of TIBCO products and services. There are several TIBCO WebFOCUS resources in the community.

  • From the Home page, select Predict: WebFOCUS to view articles, questions, and trending articles.
  • Select Products from the top navigation bar, scroll, and then select the TIBCO WebFOCUS product page to view product overview, articles, and discussions.
  • Request access to the private WebFOCUS User Group (login required) to network with fellow members.

Former myibi community members should have received an email on 8/3/22 to activate their user accounts to join the community. Check your Spam folder for the email. Please get in touch with us at community@tibco.com for further assistance. Reference the community FAQ to learn more about the community.


Focal Point    Focal Point Forums  Hop To Forum Categories  WebFOCUS/FOCUS Forum on Focal Point     [CASE OPENED] Security Issue with Tomcat and IIS connector

Read-Only Read-Only Topic
Go
Search
Notify
Tools
[CASE OPENED] Security Issue with Tomcat and IIS connector
 Login/Join
 
iBeny
Gold member
posted
Hi All,


I have a situation here and have raised a case with IBI as well and not getting much help. Migrated 8008 to 8105 using a clone of the repository(Updated portals and Favourites to make it work with the new version)

I have installed WebFOCUS Client on XXXX10 and WebFOCUS Server on XXXX02.

Where Tomcat and IIS is using JAKARTA ISAPI redirector and WebFOCUS Security is Mapped to External Groups.

The installation was done using a admin service account svc_webfocus_dev, Single sign on is set up.

Now the environment is working correctly for all the defined users in the AD groups, except the 'SVC_WEBFOCUS_DEV'.

When i go to http://XXXX10/ the IIS screen pops up.
When i go to http://XXXX10:8080 , the tomcat screen pops up
When i go to https://XXXX10/ibi_apps it gives me 500 internal server error.

this happens just for the svc_webfocus_dev (Also [part of MRAdmin].

If i check the WebFOCUS logs, the request doesn't even go to webfocus server.

Any ideas on where should i look are welcome.

This message has been edited. Last edited by: FP Mod Chuck,


Webfocus 8105,8808,7703,7611, EXL2K,HTML,PDF,COMT,AHTML Info Assist+ , Reportcaster
 
Posts: 64 | Location: Toronto, Ontario | Registered: May 15, 2014Report This Post
FP Mod Chuck
Virtuoso
posted Hide Post
iBeny

Look at the Tomcat logs.. \ibi\Tomcat\logs


Thank you for using Focal Point!

Chuck Wolff - Focal Point Moderator
WebFOCUS 7x and 8x, Windows, Linux All output Formats
 
Posts: 2127 | Location: Customer Support | Registered: April 12, 2005Report This Post
iBeny
Gold member
posted Hide Post
Tomcat Logs do not provide much information and simply show that svc_webfocus_Dev tried to login and but gave 500 error:

10.34.102.69 - XXXXXX\svc_webfocus_dev [01/May/2019:16:17:53 -0400] "GET /ibi_apps/ HTTP/1.1" 500 411


Webfocus 8105,8808,7703,7611, EXL2K,HTML,PDF,COMT,AHTML Info Assist+ , Reportcaster
 
Posts: 64 | Location: Toronto, Ontario | Registered: May 15, 2014Report This Post
FP Mod Chuck
Virtuoso
posted Hide Post
iBeny

I wasn't sure if you looked at the WebFOCUS client Event.log from the Client Administration console


Thank you for using Focal Point!

Chuck Wolff - Focal Point Moderator
WebFOCUS 7x and 8x, Windows, Linux All output Formats
 
Posts: 2127 | Location: Customer Support | Registered: April 12, 2005Report This Post
jnc
Gold member
posted Hide Post
IBeny,

My comments may not specifically help, but.....

1. Is svc_webfocus_Dev a real AD userid? (if no, then that is the problem. trusted user id's have to be real userid's)

2. If you want to work around the issue, then you can configure that user id as a super user.

3. You looked at a http log. If you are getting a http 500, then there will be a log file with more details. The tomcat logs are log4j redirected to the event.log. So, look at the event.log first to find why http 500. If it doesn't make the event.log, then the tomcat logs will have http 500 details somewhere. You don't throw http 500 errors with no logging.

Use a string search tool (agent ransack) and search ALL the logs for the string srv_webfocus_Dev. You will find http 500 details.


WebFocus 7x, 8x, Win / Linux, any output format
 
Posts: 70 | Location: reading, pa | Registered: April 07, 2007Report This Post
Les J
Gold member
posted Hide Post
That's a pretty steep price for that book. I would think any online help would just be as useful.


WebFOCUS 8

Windows, All Outputs
 
Posts: 55 | Location: Phoenix | Registered: March 01, 2018Report This Post
iBeny
Gold member
posted Hide Post
@jnc , SVC_WEBFOCUS_DEV is an actual AD user mapped to external group which is further mapped to MRAdmin WF Security group.
Also, if by super user you mean IBIMR_ADMIN user, then yes, this is the admin id for that back door entry as well.

Tech Support, Did ask for the event.log and other logs associated with the tomcat, Didn't give me anything heplful yet.

I have grepwin for such string search tools will look for the references in the Tomcat Logs folder.


Webfocus 8105,8808,7703,7611, EXL2K,HTML,PDF,COMT,AHTML Info Assist+ , Reportcaster
 
Posts: 64 | Location: Toronto, Ontario | Registered: May 15, 2014Report This Post
  Powered by Social Strata  

Read-Only Read-Only Topic

Focal Point    Focal Point Forums  Hop To Forum Categories  WebFOCUS/FOCUS Forum on Focal Point     [CASE OPENED] Security Issue with Tomcat and IIS connector

Copyright © 1996-2020 Information Builders