In this section: |
WebFOCUS security can be configured to integrate with software service vendors, such as IBM Tivoli® Access Manager and Computer Associates (CA) SiteMinder®. In addition, authentication methodologies, such as Basic Authentication, Integrated Windows Authentication (IWA), and Kerberos, can also be configured with WebFOCUS security. When WebFOCUS security is configured in this manner, the RESTful web service request to authenticate WebFOCUS is not required. For more information, see Authenticating WebFOCUS Sign-On Requests.
Depending on the type of authentication methodology being used, the appropriate authentication requirement must be sent in the HTTP header within the RESTful web service request.
However, when working in environments that support Single Sign-On authentication, an IBIRS_action=signOn request must be included in the initial sign-in transaction to enable WebFOCUS to support the use of CSRF tokens, as shown in the following example:
var IBIRS_action = "signOn";
var IBIRS_userName = "user_id";var IBIRS_password = " ";where:
Is the ID of the user as recorded in the single sign-on provider.
A session identifier named JSESSION ID and a session identifier named WF-SESSION ID, by default, are also returned to the user within two separate cookies, and are included in the header of the response message to the signOn request, as shown in the following example.
Set-Cookie: JSESSIONID=0000v6lbcwkcbjsF-XoA1s3IAHe:-1; Path=/ Set-Cookie: WF_SESSIONID=359691336102577500; Path=/
These cookies identify the user to the server, and to prevent errors, they must be included in the HTTP header of all subsequent RESTful web service request messages delivered from that user during the session.
After receiving a response for the first RESTful web service request, the client application must parse the response header to retrieve the cookies and send them to subsequent RESTful web service requests. The reason for this is to reuse the session in the application server.
The following example shows how to create a signOn request in a single sign on environment.
<!DOCTYPE html> <html> <head> <title></title> <meta charset="utf-8" /> <script type="text/javascript" src="http://code. jquery.com/jquery-3.1.0.js"> </script> <script type='text/javascript' src="http://cdnjs.cloudflare.com/ajax/libs/ jquery-ajaxtransport-xdomainrequest/1.0.1/jquery.xdomainrequest.min.js"></ script> <script type="text/javascript"> var csrf_name; var csrf_value; var frameToBeWorkedOn = "#AjaxPlaceHolder"; var contentType = "application/x-www-form-urlencoded; charset=utf-8"; >
//Security tab, turn off all authentication schemes except for
//Preauthentication
//Use SM_USER and keep all the defaults **** Make sure to START the Modify
//Headers add-in or the header variable is not sent
// $(document).ready(function (IBIRS_action, IBIRS_userName,
IBIRS_password) {
$(document).ready(function (IBIRS_action, IBIRS_userName) {
if (window.XDomainRequest)
contentType = "text/plain";
var webMethod = "http://as8200.ibi.com:8080/ibi_apps/rs";
var IBIRS_action = "signOn";
var IBIRS_userName = "rest";
var IBIRS_password = "";
var parameters = 'IBIRS_action=' + IBIRS_action +
'&IBIRS_userName=' +
IBIRS_userName + '&IBIRS_password=' + IBIRS_password;
var parameters = 'IBIRS_action=' + IBIRS_action +
'&IBIRS_userName='
+ IBIRS_userName;
$.ajax({
type: "POST",
url: webMethod,
data: parameters,
dataType: "xml",
xhrFields: {
withCredentials: true
},
crossDomain: true,
contentType: contentType,
success: xmlParser,
error:function(jqXHR,textStatus,errorThrown)
{
alert("You can not send Cross Domain AJAX requests: " +
errorThrown);
}
})
});
function xmlParser(xml) {
$(xml).find("entry").each(function () {
if ($(this).attr("key") == "IBI_CSRF_Token_Name") {
csrf_name = $(this).attr("value");
}
if ($(this).attr("key") == "IBI_CSRF_Token_Value") {
csrf_value = $(this).attr("value");
}
});
runReport();
}When working with SiteMinder, the SMSESSION cookie must be passed in the RESTful web service request header in addition to the cookies containing the JSESSION ID and WF_SESSION ID.
The SMSESSION cookie must be passed in the RESTful web service request header.
Request:
GET http://host:port/ibi_apps/rs?IBIRS_action=TEST HTTP/1.1 Host: host:port User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:20.0) Gecko/20100101 Firefox/20.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cookie: SMSESSION=9XYcYZnboGIIfMhEeeZJ8qSQY8Q86jN/WYZ/tco/xYuXM0hNVSi4VI0kDKLq/C0 RHARUYd/J6og1b5w1M+I2alSoUJz8m28cUj13Pt221ubduHvaAmEAWHh86lQhUmLc/yae552m YoURSzhZ2LexeE+7KgeK8fFVtBjX12DXHPBvv8vpkas8ONeYnaqJbS4Td4jbT0A0Lf92k2K5H 87CDNgr+lT6iWAVEWo972+eSd7t+/iD3MDaadal7CnT1nUk1BYBTQxHNK8tg3eHUxy61Lqc7M K/xmcf+f27S4acueluk2UAeGLG9b+qkmQ8qZ9fZ/equ5tpUL3LZlRWsq9Zf/XXgYM/zUq6f29 mJ01lsi9XU/KIO3TyPMiBT+gj3bGsK3H5Zw8KuqCJafSuqG9IzohJFtNuOokCp6Qrm2DtGXhn fiuYKmwMdO06acFh6kVNHMsNEeiTZ6Uo2spccoHJ8I1MA9F7WkF1/yvdghftdYcD6dKIGYFO7 biKfPhAy/rjtjD23HP138V5jmMTz3A0LeLvjnlsGbxNoTKg/PVf3NPM1o5lsltTwvKYLZbx87 WOtlpOVhiAslwre/2UW7kHHIpeX1N3VP4E3ZmYDCXuxX+aJDwGEUzzAbi9uxu/aVDRMRSJY5R LgqW8dyugcfBagJ94+n8WvC8tsG7nnlVDEewQNbay7w3lrWp0SYVd227KjfdSt1N9eTs08vKD sneKjseScHZV0hCL62lzh1JwAaJg3FJNMpnIGG6MmrJ66RC4AhMaKWJgY1pOLi4l4V3nelJ29 YfnKE7PAvyY9jfn7iZO8vWT5EunMYPrNgsMH+dZ6atK5xx5lSCO76uYtEis1wScoCQvgV6kZi RLyLwPv03kWeINwAkyM3QdmqAWEutR4L7NyTL4bThU5nXuScRCrQ1+EiqOxPKCBh Connection: keep-alive
Response:
HTTP/1.1 200 OK
Date: Mon, 06 May 2013 13:38:07 GMT
Server: Apache/2.0.58 (Unix) mod_ssl/2.0.58 OpenSSL/0.9.8e-fips-rhel5
Set-Cookie: SMSESSION=jNJi3BSlZavfl0YRdpNd50mdUsBGBaoaD8DCoIqG/EnvCE2/VqlM3wAcPFr25I0
JZHmLoewUFMrz60pSwkycBklMQLDWv2LkQVa/lESzr9PqzONyiSwXDPHWa5MXdgpmsH58b2aA
f3x11pKZ/EX3D6VDPaIrRmnZE4LY7GK5YD5+wr/hVDBVWKmVlphbefCjDvlanfUCZmau8gdlN
6Csxv52ULat8QBoRmXYh+iDxDpCPqDM4Nc8z3TiVeHhsRyE+7xsAoY+22+E2VkjJ8EDv/hCdL
ar9VS+nBtPALuN/Otze1C/ZRDi9X90yL3++ecsrpLW+ioqRznh7cO43URUNqoPz9M3Ea8uDJO
RSdeQ9QeoAZ8x+4y9jPEMDVdBSJqE7EZlm6d6BMaDPDAUPPP+BYMwx/EHSzM6rbpH+NJT6GOG
M9gkvLhH31BjiBJZf2VvDPsgzHzIONT1xDJgGcyLTiXAt8m17ufvphnJZbpFtMi0WKfHMl6Rz
TwZ+9KvPW2ToeM35zhFXU2gFXE/31gj9sq7MKmihdXe1D022Rd0j7ti99PZg8Q08wsVaHh4P8
8/ITTy/DrTFqMhdu97YUEW7bAHLKK6OPZtpDWCqix3T9/+ZA6MICdSuWRzX1bD2sXQs/zIsga
e/K2RHkNTSMA0bKzR+cFUsDzooM5yWApAXvYe/WsB59jOQYrEIdG4//f1Q7MT7F8DnTnVDjWs
j9JlgLvewdiJWVgP+knPnaiR9oZ1GseqCjAuCbbxFcpVhKprrx/urqNzwkm9Yz0xKCd8jvXA8
1rT0yiN+jarm/nHfyjJLYt1fBOuhXploQn7TR7ZixA4n57R897LzbmZK6CsyreFJ11UbiyqSb
X40M0qx+HHJ3eV7D8t+Rbdn/5UdHzGFCi1S2ZHPkbe+gO9H1OwxNSmnwIDEUGjQUra7vmvZaU
5cUeAXFHvCUTKVC8l1vtdSd+eAaLau5THQllPylRSTQ0f/DwxU1Mon6EZTkRLLxR+2mvnpN6P
wj; path=/; domain=.ibi.com
X-XSS-protection: 0
Expires: Mon, 06 May 2013 13:43:07 GMT
Cache-Control: private
Set-Cookie: JSESSIONID=0000v6lbcwkcbjsF-XoA1s3IAHe:-1; Path=/
Set-Cookie: WF_SESSIONID=359691336102577500; Path=/
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=utf-8
Content-Language: en-USThe SiteMinder SMSESSION Cookie identifies the authenticated session. For more information, see:
For all subsequent requests, the SMSESSION cookie, as well as the session cookies retrieved in the initial RESTful web service request, must be passed in the RESTful web service request header, as shown in the following example.
GET http://host:port/ibi_apps/rs/ibfs/WFC/Repository?IBIRS_path=%2FWFC%2FRepository&IBIRS_action=get&IBIRS_args=__null HTTP/1.1
Host: host:port
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:20.0) Gecko/20100101 Firefox/20.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://host:port/ibi_apps/rs/ibfs?IBIRS_action=TEST
Cookie: SMSESSION=jNJi3BSlZavfl0YRdpNd50mdUsBGBaoaD8DCoIqG/EnvCE2/VqlM3wAcPFr25I0
JZHmLoewUFMrz60pSwkycBklMQLDWv2LkQVa/lESzr9PqzONyiSwXDPHWa5MXdgpmsH58b2aA
f3x11pKZ/EX3D6VDPaIrRmnZE4LY7GK5YD5+wr/hVDBVWKmVlphbefCjDvlanfUCZmau8gdlN
6Csxv52ULat8QBoRmXYh+iDxDpCPqDM4Nc8z3TiVeHhsRyE+7xsAoY+22+E2VkjJ8EDv/hCdL
ar9VS+nBtPALuN/Otze1C/ZRDi9X90yL3++ecsrpLW+ioqRznh7cO43URUNqoPz9M3Ea8uDJO
RSdeQ9QeoAZ8x+4y9jPEMDVdBSJqE7EZlm6d6BMaDPDAUPPP+BYMwx/EHSzM6rbpH+NJT6GOG
M9gkvLhH31BjiBJZf2VvDPsgzHzIONT1xDJgGcyLTiXAt8m17ufvphnJZbpFtMi0WKfHMl6Rz
TwZ+9KvPW2ToeM35zhFXU2gFXE/31gj9sq7MKmihdXe1D022Rd0j7ti99PZg8Q08wsVaHh4P8
8/ITTy/DrTFqMhdu97YUEW7bAHLKK6OPZtpDWCqix3T9/+ZA6MICdSuWRzX1bD2sXQs/zIsga
e/K2RHkNTSMA0bKzR+cFUsDzooM5yWApAXvYe/WsB59jOQYrEIdG4//f1Q7MT7F8DnTnVDjWs
j9JlgLvewdiJWVgP+knPnaiR9oZ1GseqCjAuCbbxFcpVhKprrx/urqNzwkm9Yz0xKCd8jvXA8
1rT0yiN+jarm/nHfyjJLYt1fBOuhXploQn7TR7ZixA4n57R897LzbmZK6CsyreFJ11UbiyqSb
X40M0qx+HHJ3eV7D8t+Rbdn/5UdHzGFCi1S2ZHPkbe+gO9H1OwxNSmnwIDEUGjQUra7vmvZaU
5cUeAXFHvCUTKVC8l1vtdSd+eAaLau5THQllPylRSTQ0f/DwxU1Mon6EZTkRLLxR+2mvnpN6P
wj;
JSESSIONID=0000v6lbcwkcbjsF-XoA1s3IAHe:-1;
WF_SESSIONID=359691336102577500
Connection: keep-alive| Information Builders |