Focal Point Banner


As of December 1, 2020, Focal Point is retired and repurposed as a reference repository. We value the wealth of knowledge that's been shared here over the years. You'll continue to have access to this treasure trove of knowledge, for search purposes only.

Join the TIBCO Community
TIBCO Community is a collaborative space for users to share knowledge and support one another in making the best use of TIBCO products and services. There are several TIBCO WebFOCUS resources in the community.

  • From the Home page, select Predict: WebFOCUS to view articles, questions, and trending articles.
  • Select Products from the top navigation bar, scroll, and then select the TIBCO WebFOCUS product page to view product overview, articles, and discussions.
  • Request access to the private WebFOCUS User Group (login required) to network with fellow members.

Former myibi community members should have received an email on 8/3/22 to activate their user accounts to join the community. Check your Spam folder for the email. Please get in touch with us at community@tibco.com for further assistance. Reference the community FAQ to learn more about the community.


Focal Point    Focal Point Forums  Hop To Forum Categories  WebFOCUS/FOCUS Forum on Focal Point     Public View Security in Dashboard

Read-Only Read-Only Topic
Go
Search
Notify
Tools
Public View Security in Dashboard
 Login/Join
 
Member
posted
I am looking for a way to secure a Public View in Dashboard. I have looked into using the existing security in Dashboard but it doesnt protect the public view at all. It would be nice if i could just have like an asp page that i could set to run before displaying any dashboard pages. Can anyone think of a solution? If you need more info just let me know. BTW We are running version 5 3 3.
 
Posts: 16 | Location: Portland | Registered: October 13, 2005Report This Post
Member
posted Hide Post
nobody has any information at all?
 
Posts: 16 | Location: Portland | Registered: October 13, 2005Report This Post
Virtuoso
posted Hide Post
MrT,

How secure are you looking for?
What security model do you have in place?
Is this for internal or external users?
Do you have a PKI or SSO environment you are trying to take advantage of?

I've got a few intallations with things like this, but I need something to go on to give you a proper recommendation.

Regards
 
Posts: 1102 | Location: Toronto, Ontario | Registered: May 26, 2004Report This Post
Member
posted Hide Post
Well first off, we have an oracle web app that is already doing authentication for us. We would like to just allow the users to access Dashboard if they have already been authenticated by the oracle web app. Otherwise toss them back to the sign on page. not sure what PKI is (Personal Key Identification? - just a wild guess).

So i guess we are just looking for it being as secure as the oracle web app security is. One issue we have is that the oracle web app is on a different web server than the Dashboard is on.

Let me know if you have any ideas or more questions.
 
Posts: 16 | Location: Portland | Registered: October 13, 2005Report This Post
Member
posted Hide Post
oops forgot to add that the dashboard is used for internal and external users.
 
Posts: 16 | Location: Portland | Registered: October 13, 2005Report This Post
Virtuoso
posted Hide Post
MrT,

Sorry for the delay, but I didn't want to lead you in a wrong direction.

First thing I would do, is contact your local IBI consulting staff. They have a lot of experience in dealing with different security engagements.

In the mean time (and knowing very little about your implementation), I feel the easiest way to do this is to write a WebFOCUS security plug-in. Building a plug-in is documented in the security manual from doc services. In the plug-in, you could re-authenticate the user against your oracle web app before displaying the public pages. Credentials can be passed to the webfocus app via encrypted http headers or cookies (or both).

If your intention is to use .asp, you might want to look into having your .Net app append a http header or cookie to the initial call to webfocus and the public pages. You can then check the content of the http header or cookie to determine if the user has be already authenticated by the web app. Using a header or cookie is not as secure as a plug-in, so you might want to consider encrypting the header or cookie using the webfocus.api from the .Net side, and de-crypt it at the webfocus side.

I realize that this doesn't directly answer your question, but experience has taught me that no two security implementations are the same. What worked on one site may not work on another. For this reason, I would suggest the IBI consulting route.

Regards
 
Posts: 1102 | Location: Toronto, Ontario | Registered: May 26, 2004Report This Post
<DocServices>
posted
Greetings,

You can view and/or download the WebFOCUS Security and Administration manual (version 7.1: DN4500704.0905 or version 5.3: DN4500599.1204) from the Technical Documentation Library.

If you have an InfoResponse ID, login on the Tech Support web site and then access the Library. By logging in first, you can download the PDF file and/or view the HTMLHelp version.

You can access the Technical Documentation Library via the following Web sites:



  • www.iwaysoftware.com
    (From the top navigation bar, click Services & Support. Then select Bookstore.)


Hope this helps.

Regards,
Jennifer
 
Report This Post
Member
posted Hide Post
dhagen,

Thanks for the suggestions. I have already talked to the ibi tech support people. I specifically asked them if it was possible to secure a public view and they said "no". Then later I asked if it was possible to allow or deny access to a public view using a plugin or cgi exit and they said "Maybe". So I am getting a bit frustrated. It seems like something that should be really simple. I dont see why they dont have a public password that protects the public view. Meh... anyway, now that I know it is possible to use a plug in I will have to look into that further. We may end up just using site minder to take care of it though. If you have any other suggestions or questions about our set up let me know.
 
Posts: 16 | Location: Portland | Registered: October 13, 2005Report This Post
Master
posted Hide Post
MrT,

What you want to do can be done. I have a customer here in Texas that uses the Public View of the dashboard. There Entire WebFOCUS environment is secured by the Central Authentication Server (CAS). To get to WebFOCUS you must first login to CAS. Then most of the users only have access to the public view of the dashboard because they are not defined in the UAS Repository. Depending on what variables the Oracle Application Server sets (HTTP Headers, Cookies, etc...). And if those variable are shared across the entire domain or if they can be passed to WebFOCUS. A Security Exit will more then likely be the way to go. PS the exit must be written in JAVA because the Dashboard requires the WebFOCUS Servlet and the Exit must be compatible with it. Please open a case with NY and try again with you local branch.

Hope this Info helps
 
Posts: 865 | Registered: May 24, 2004Report This Post
Virtuoso
posted Hide Post
MrT,

If you decide to use Siteminder, ask doc services for Tech Memo: 4539, DN4500608.0905. This is specifically for Siteminder for WebFOCUS versions 5.3 and 7.1. It will walk you through everything you need to do to implement.
 
Posts: 1102 | Location: Toronto, Ontario | Registered: May 26, 2004Report This Post
<DocServices>
posted
MrT,

dhagen's suggestion is a perfect guide to implementing Siteminder. You can view or download Technical Memo 4539: Netegrity SiteMinder Integration with WebFOCUS 7.1 from the Technical Documentation Library.

You can follow the steps for accessing the Library in my previous post in this string.

Regards,
Jennifer
 
Report This Post
Member
posted Hide Post
Thanks, I will look into those suggestions.
 
Posts: 16 | Location: Portland | Registered: October 13, 2005Report This Post
  Powered by Social Strata  

Read-Only Read-Only Topic

Focal Point    Focal Point Forums  Hop To Forum Categories  WebFOCUS/FOCUS Forum on Focal Point     Public View Security in Dashboard

Copyright © 1996-2020 Information Builders