WebFOCUS Newsletter November 2005 - The New WebFOCUS Security Guide Is Here!

In Steve Martin's movie "The Jerk," Navin R. Johnson broadcasts to the world, "The new phone book is here! The new phone book is here!" Of course we laugh at poor Navin who concludes that with this development: "Good things are gonna start happening to me now."

But good things are going to start happening to you if security is on your mind because the new WebFOCUS Security and Administration manual is here and there's plenty of good news to share. Download your copy from http://documentation.informationbuilders.com.

For starters, the procedure for configuring single sign-on between Managed Reporting and a Web server or WebFOCUS Reporting Server have been reduced by nearly 40 percent compared with WebFOCUS 5, while related documentation was cut from 101 pages to 40. These improvements were the result of a series of coordinated enhancements in WebFOCUS 7. The most dramatic improvements were achieved for single sign-on with Integrated Windows Authentication (IWA) where we went from 36 pages of documentation in Technical Memo 4525 to just two clicks in the WebFOCUS Console. Support for IWA is also available now in WebFOCUS 5.3.4 through a "hotfix." For more information see the IWA FAQ page at http://techsupport.informationbuilders.com/tech/wbf/wbf_faq_iwa.html.

It is especially important for those upgrading from WebFOCUS 5 who had previously configured support for Reporting Server or web server (including IWA) sign-on integration to read Chapter 7, Configuring Managed Reporting for Trusted and External Authentication. The steps to configure these scenarios have changed significantly, for example:

You should use the new login links on the Welcome page http://webserver/ibi_apps/ as opposed to the old login pages to access Managed Reporting and Dashboard. The new links call JSP pages that determine if the page should be bypassed (when the web server is performing authentication) or if the page should hide the Change Password button (if Managed Reporting is authenticating to LDAP, for example).

You no longer modify site.wfs manually because WebFOCUS maintains the appropriate script commands for single sign-on in the new mrsso.wfs file automatically.

You now set ReportCaster's authentication plug-in to MR Trusted Sign-on in each of these scenarios.

We've also published new documentation for how to integrate WebFOCUS with Netegrity SiteMinder and with IBM Tivoli WebSEAL. The latest information on how to integrate WebFOCUS with third-party single sign-on products is maintained at http://techsupport.informationbuilders.com/tech/wbf/wbf_faq_integration.html. If you use a reverse proxy to protect your WebFOCUS installation or if your Web and application servers are on different machines you should review Chapter 11, Configuring Advanced Deployment Options, in the security manual.

This chapter also provides insights into why self-signed or expired SSL certificates create problems for Dashboard and ReportCaster and how you can work around these issues. The following technical memos were also published recently and are available for download:

TM 4606: Protecting the WebFOCUS 7.1 Administration Console with Tomcat

TM 4607: Using Active Directory Application Mode (ADAM) for Managed Reporting Authorization

TM 4613: Creating Private Application Views With APPLOCK

So maybe I am being a little over-the-top, but I couldn't stop myself from announcing to the world the great news we've printed in the new phone book – I mean…the new WebFOCUS Security and Administration manual!