WebFOCUS Infrastructure and Security
The following are upgrade considerations
and product changes for WebFOCUS security:
In WebFOCUS Release 8.1, the tcnative-1.dll
for Tomcat is disabled due to reported problems with ipv6 support.
new setting determines parameter prompting behavior for Managed
Enables or disables parameter prompting for
Managed Reporting procedures (FEXes) when IBIMR_prompting is set
to XMLPROMPT or XMLRUN, and the Prompt for Parameters setting is
unchecked in the FEX Properties dialog box. Possible values are:
XMLRUN. Prompts for parameters (amper variables) that
do not have a value. This is the default value.
OFF. Turns off parameter prompting.
Setting IBIMR_promptingUnset to
OFF specifies not to prompt for parameters, enabling the configuration
of the default behavior prior to Release 8.0 Version 07.
- In Kerberos authentication,
Kerberos appends the Windows domain of the user to the user ID passed
to WebFOCUS, in the format user ID@domain.com.
WebFOCUS 8.0 leaves the domain information intact when completing
the sign-in process. By default, WebFOCUS 8.1 strips the domain
from the value, leaving just the user ID. The user ID is then used
to complete the sign-in process. For more information, see the Authentication
and Authorization chapter in the WebFOCUS Security
and Administration manual.
- As of Release 8.1
Version 05, when using RESTful Web Services with CAS or SAML, pre-authentication
attempts to access protected resources from a user who has not yet signed
into CAS or SAML will redirect the request to the CAS or SAML sign
in pages, an undesirable response. To change this response to an
HTTP 401 (Unauthorized) status code and allow the application to
initiate the authentication, you must configure a setting within
the securitysettings.xml file to disable anonymous access, and create
an HTTP request header to indicate an HTTP 401 response instead
of a redirect.
- Within the securitysettings.xml
file, which is located in the config directory of the WebFOCUS Client
installation, set anonymousAuthEnabled=false.
- Within the RESTful
application, create the HTTP request header, disallowSignInRedirect=true.
WebFOCUS Release 8.1 Version 05M, the IBI_CM_Preserve_Source_Info
setting, located on the Change Management settings page of the Application
Console Configuration tab, is True, by default. As a result, the
date, time, and user ID values assigned to the Created On, Created
By, Last Modified On, Last Modified By, Last Accessed On, and Last
Accessed By fields when an item is added to an export scenario are
preserved during the import, and are assigned to the corresponding
fields in the Properties dialog boxes of those items after the import
is complete. Before this change, the date and time of the change
management import itself and the ID of the user who ran it were
assigned to these fields for each item imported through the Change Management
utility, overriding the original values.
This default value is
the recommended value for this setting. However, if your organization
does not wish to retain the original values assigned to the Created
On, Created By, Last Modified On, Last Modified By, Last Accessed
On, and Last Accessed By fields of items imported using the Change
Management utility, change this value to False after the upgrade