WebFOCUS Infrastructure and Security
The following are upgrade considerations
and product changes for WebFOCUS security:
In WebFOCUS Release 8.1, the tcnative-1.dll
for Tomcat is disabled due to reported problems with ipv6 support.
new setting determines parameter prompting behavior for Managed
Enables or disables parameter prompting for
Managed Reporting procedures (FEXes) when IBIMR_prompting is set
to XMLPROMPT or XMLRUN, and the Prompt for Parameters setting is
unchecked in the FEX Properties dialog box. Possible values are:
XMLRUN. Prompts for parameters (amper variables) that
do not have a value. This is the default value.
OFF. Turns off parameter prompting.
Setting IBIMR_promptingUnset to
OFF specifies not to prompt for parameters, enabling the configuration
of the default behavior prior to Release 8.0 Version 07.
- In Kerberos authentication,
Kerberos appends the Windows domain of the user to the user ID passed
to WebFOCUS, in the format user ID@domain.com.
WebFOCUS 8.0 leaves the domain information intact when completing
the sign-in process. By default, WebFOCUS 8.1 strips the domain
from the value, leaving just the user ID. The user ID is then used
to complete the sign-in process. For more information, see the Authentication
and Authorization chapter in the WebFOCUS Security
and Administration manual.
- As of Release 8.1
Version 05, when using RESTful Web Services with CAS or SAML, pre-authentication
attempts to access protected resources from a user who has not yet signed
into CAS or SAML will redirect the request to the CAS or SAML sign
in pages, an undesirable response. To change this response to an
HTTP 401 (Unauthorized) status code and allow the application to
initiate the authentication, you must configure a setting within
the securitysettings.xml file to disable anonymous access, and create
an HTTP request header to indicate an HTTP 401 response instead
of a redirect.
- Within the securitysettings.xml
file, which is located in the config directory of the WebFOCUS Client
installation, set anonymousAuthEnabled=false.
- Within the RESTful
application, create the HTTP request header, disallowSignInRedirect=true.