As of December 1, 2020, Focal Point is retired and repurposed as a reference repository. We value the wealth of knowledge that's been shared here over the years. You'll continue to have access to this treasure trove of knowledge, for search purposes only.
Join the TIBCO Community TIBCO Community is a collaborative space for users to share knowledge and support one another in making the best use of TIBCO products and services. There are several TIBCO WebFOCUS resources in the community.
From the Home page, select Predict: WebFOCUS to view articles, questions, and trending articles.
Select Products from the top navigation bar, scroll, and then select the TIBCO WebFOCUS product page to view product overview, articles, and discussions.
Request access to the private WebFOCUS User Group (login required) to network with fellow members.
Former myibi community members should have received an email on 8/3/22 to activate their user accounts to join the community. Check your Spam folder for the email. Please get in touch with us at community@tibco.com for further assistance. Reference the community FAQ to learn more about the community.
Hello, I am new to Managed Reporting (MR) and Dashboard (DB).
I am trying to configure MR and Dashboard to publish various views.
One thing is not clear to me is 'How can I make sure that only authenticated and authorized users access the reports we publish over dashboard'. I have configured LDAP (external) for Authentication MR for authorization
With this, if click on any reports under 'Standard reports' within Domains in dashboard, I get a new IE window and report is displayed. My problem starts from here is that, if I can copy the URL then even though I logoff from dashboard I can still see the report buy pasting the copied URL in a new browser.
Even if not on new window (I mean if we show the report without opening a new windows) still I can use mouse right click and see the HTTP URL address from the 'Property'.
With this we breach both authentication and authorization configured.
I hope my problem is understood and request some one to help me on this.
I guess there must be some setting not to show the full path in URL or we should not be able to see the report after logoff.
Thanks in advance, Prashanth (PS: We use webfous 7.6.8 on Windows server, Apache Tomcat is configured as both WWW and applicaiton server)This message has been edited. Last edited by: Prashantha,
Prashanth - Managed reporting keeps track of your session by sending a cookie to your browser. It appears that after you logoff, this cookie still persists. So, even after closing the browser and re-opening, pasting the URL sends the cookie to the MR server, since the browser still has it, and since the session is still alive, executes the request. To prove this, clear your browser history, then try pasting the URL again. It will not work. Keep in mind that the cookie is on your computer, so even if you send the URL to a co-worker, they will not be able to run it (unless they have an active session & coookie to WF with rights to that fex). Also, cookies are generally not shared across browsers. I have IE8 and firefox. If I log into IE8, and paste the URL into firefox, it won't go. Finally, cookies and sessions expire. I don't know off hand what the default is for MR, but I bet that if you keep a URL you ran today, go home for the weekend, and try it monday (without logging on), it'd *likely* tell you you need to log in.
At last I found the setting to overcome this issue. This is to do with browser cache. I changed the setting from PRIVATE to No-CACHE of 'CACHE_CONTROL' settings.
Below is from WebFOCUS security manula. FYI
CACHE_CONTROL An HTTP Header field that is used to specify how a browser should handle the caching of data in a request. Possible values are:
PRIVATE - The data in the response message is intended for only one user and should not be cached by a shared cache. This is the default value.
NO-CACHE - Browser caching is disabled. No files will be created on disk in the Temporary Internet Folder of the user.