Generally, Kerberos appends the Windows Domain of the user to the user ID passed to WebFOCUS, in the format userID@domain.com. As of Release 8.0 Version 09, by default, WebFOCUS strips the domain from the value, leaving just the user ID. The user ID is then used to complete the sign-in process. To append the domain, change the stripDomainSuffix setting to false in the kerberosPreference section of the securitysettings.xml file.

For more information, see the WebFOCUS Security and Administration manual.

As of Release 8.0 Version 09, you can set the IBI_Move_Confirmation_Message parameter to specify whether WebFOCUS will request confirmation when a user moves a folder using a drag-and-drop operation. The default value is False.

For more information, see the WebFOCUS Security and Administration manual.

To help organizations become productive more quickly, WebFOCUS includes resource templates. These templates create folders, portals, groups, roles, server application directories, and security rules to help enterprise and SaaS providers launch new departments or customers. You can also develop your own custom resource templates. For more information, see the Security and Administration manual.

Using security zones, you can authenticate users with different methods based on their network location. For more information, see the Authentication chapter in the Security and Administration manual.

Administrators can configure an option so users can bypass the sign in page. For more information, see the Authentication chapter in the Security and Administration manual.

Using the WebFOCUS Administration Console, you can configure a trusted connection to the Reporting Server, where the user ID and groups are passed in the connection protocol. The user ID and the first group passed are exposed in new protected server variables &FOCSECUSER and &FOCSECGROUP. This is easier to manage than previous security integration approaches that involved custom script logic in site.wfs and use of the GETUSER( ) and CNCTUSER( ) subroutines.

LDAP and Active Directory authentication and authorization are facilitated through the Reporting Server LDAP security provider. WebFOCUS is configured to authenticate and authorize users to the Reporting Server.

This provides the following additional benefits:

• Automatic configuration of LDAP provider parameters based on the type of directory detected.
• Test button to validate the configuration before restarting the server.
• Support for nested groups.
• Single provider configuration that supports both the WebFOCUS Client and Reporting Server.
• Improved performance when the Reporting Server trust_ext parameter is enabled. WebFOCUS 8 report requests, using a trusted connection, do not result in any Reporting Server LDAP connections.

WebFOCUS can authenticate and/or authorize users based on information maintained in an RDBMS. For more information, see

Custom authentication and authorization solutions can be developed using the Reporting Server custom security provider interface. The custom provider can access security information from any source accessible to one of the Reporting Server data adapters. For more information, see the Security chapter in the Server Administration for UNIX, Windows, OpenVMS, IBM i, and z/OS manual. You can also download a sample custom provider, and modify it to suit your needs from

WebFOCUS can be configured to authenticate users through an OpenID provider, including Google Accounts, Yahoo, and AOL. You can also use this feature to integrate WebFOCUS with an in-house OpenID service to provide users with a single sign-on experience.