Administering and Securing the Environment
The new WebFOCUS Client repository and authorization
security model uses an implementation of Role-Based Access Control
(RBAC) to enforce security across all resources in the repository.
The flexibility of the new model enables an administrator to implement
security at a granular level for every resource in the WebFOCUS
Resource Analyzer and Resource Governor help Information Systems
(IS) organizations analyze and control end user data access, as
well as provide site-specific control options.
WebFOCUS Client Repository and Authorization Security
Release 8.1 Version 05M_SP3
IBI_Deferred_Custom_Description Setting. Administrators
can use the new IBI_Deferred_Custom_Description setting to control
the display of the Deferred Report Description option in a new page
or within the Autoprompt page when users submit a new deferred report
request. When False, this option does not appear, and the title
of the report being submitted to run deferred is assigned to the
deferred report description automatically. When True, users are
prompted to optionally customize the description for the deferred
report when the Properties of the report (FEX) does not have the
Use Title for Deferred Report Description option selected. The Use
Title for Deferred Report Description property allows the user to
suppress the Deferred Report Description option for specific reports
and use the title value of the report for the deferred report description.
For more information, see the Deferred Reporting Settings topic
in the Release 8.1 Version 05 Security and Administration Content.
IBI_Deferred_Notify_Submitted Setting. Administrators
can use this new setting to control the display of the Deferred
Report Notification and eliminate the confirmation that the request
to run a deferred report has been successfully submitted. Click
True, to display the notification whenever a user runs a deferred
report. Click False, to suppress the display of this notification
to free users who run a large number of reports from having to close
the notification for each report run deferred, speeding the process
and requiring less effort. For more information, see the Deferred
Reporting Settings topic in the Release 8.1 Version 05 Security
and Administration Content.
IBI_Deferred_Ticket_Delete_Confirm Setting. Administrators
can use the new IBI_Deferred_Ticket_Delete_Confirm setting to control
the display of the Are you sure you want to delete Deferred report
entry? confirmation message when users delete a deferred report
from the Deferred Report Status list. When True, the default setting,
users are prompted to confirm their decision to delete their selected deferred
report. When False, the deferred report is deleted automatically,
and users do not receive the Are you sure you want to delete
Deferred report entry message. For more information, see the
Deferred Reporting Settings topic in the Release 8.1 Version 05
Security and Administration Content.
Release 8.1 Version 05M
Responses to Invalid Session Requests Issued Through the WebFOCUS RESTful Web Service API. By
default, when using RESTful Web Services with CAS or SAML, pre-authentication
attempts to access protected resources from a user who has not yet
signed in to CAS or SAML will redirect the request to the CAS or
SAML sign-in pages, an undesirable response. To change this response
to an HTTP 401 (Unauthorized) status code and allow the application
to initiate the authentication, you must configure a setting within
the securitysettings.xml file to disable anonymous access, and create
an HTTP request header within the RESTful application to indicate an
HTTP 401 response instead of a redirect.
- Within the securitysettings.xml
file, which is located in the config directory of the WebFOCUS Client
installation, set anonymousAuthEnabled=false.
- Within the RESTful application, create the HTTP request header, disallowSignInRedirect=true.
Support for Form-Based Authentication Within Pre-authentication. Security
zones configured for pre-authentication, based on Java Container
Security, Central Authentication Service (CAS), OpenID, and SAML
2.0, can also accommodate form-based authentication for individual
Release 8.1 Version 05
The IBI_Push_Image setting in the Advanced Settings category of
the Administration Console specifies whether to upload images that
are stored in the repository, to the Reporting Server for embedding
in reports and HTML pages. The default value is False.
Run User Audit Option. The Run User Audit option, which
is located in the License Management window of the WebFOCUS Administration
Console, evaluates the repository license usage for Managed Reporting,
InfoAssist, and Data Visualization. It produces a License Analysis
report with information on the total number of licenses by license
type, the number of licenses in use by license type, and an analysis
of license assignment by Group and by User.
You can also run the
User Audit utility (license_audit.bat) from your local WebFOCUS
installation directory, which is available in the following location:
you run this program, the License Analysis report (auditUserCounts.htm)
is created in the same directory.
New ZIP All Button Captures Traces. The new ZIP All button
appears when you select the All Clients, Client Connection, MR
Deferred Ticket, Cleanup Utility,
or WF Servlet pages from the Traces folder
of the Diagnostics menu on the Administration Console. This button
saves copies of all trace files on display into a single zip file.
Release 8.1 Version 03
SAML for Single Sign On Support. WebFOCUS
offers single sign on support for SAML 2.0 as a candidate for release
Centralized Validation of Product Variables. WebFOCUS
provides enhanced protection against SQL injection and cross-site
scripting attacks by using a centralized filter to validate all
product variables by URI. When a request fails the validation test,
the request is not validated and a generic error message is displayed
to the user. Blocked requests are logged for administrator review
and violations are aggregated into a list that can be used to develop
Parameter Prompting Behavior. The
IBIMR_promptingUnset setting enables or disables parameter prompting
for Managed Reporting procedures (FEXes) when IBIMR_prompting is
set to XMLPROMPT or XMLRUN, and the Prompt for Parameters setting
is unchecked in the FEX Properties dialog box.
Confirmation Message When Moving Folders. You
can set the IBI_Move_Confirmation_Message parameter to specify whether
WebFOCUS will request confirmation when a user moves a folder using
a drag-and-drop operation. The default value is False.
IBI_XFrameOptions Setting. The
IBI_XFrameOptions setting in the Filters category of the Administration
Console prevents your content from being embedded in other sites,
as a security measure against clickjacking attacks.
IBI_Message_Detail Setting. The
IBI_Message_Detail setting in the Security category of the Administration
Console determines when users receive detailed or simplified error
messages. The detailed message appears in the event.log for administrator
Updating Application Settings on the Command Line. You
can update any WebFOCUS Application Setting with the updateWebconfig.bat
utility (for Windows) or the updateWebconfig.sh utility (for UNIX).
These command line utilities modify the ibi\WebFOCUS81\config\webconfig.xml
file and automatically encrypt any passwords you update.