In this section: |
This section describes the enhancements to the WebFOCUS Client Repository and authorization security.
WebFOCUS offers single sign on support for SAML 2.0. For more information about configuring SAML with CA SiteMinder or CA CloudMinder, see:
WebFOCUS provides enhanced protection against SQL injection and cross-site scripting attacks by using a centralized filter to validate all product variables by URI. When a request fails the validation test, the request is not validated and a generic error message is displayed to the user. Blocked requests are logged for administrator review and violations are aggregated into a list that can be used to develop new filters.
New setting to specify default parameter prompting behavior for Managed Reporting procedures when the Prompt for Parameters setting is unchecked and Managed Reporting Prompting is enabled by IBIMR_prompting.
Enables or disables parameter prompting for Managed Reporting procedures (FEXes) when IBIMR_prompting is set to XMLPROMPT or XMLRUN, and the Prompt for Parameters setting is unchecked in the FEX Properties dialog box. Possible values are:
Setting IBIMR_promptingUnset to OFF specifies not to prompt for parameters, enabling the configuration of the default behavior prior to Release 8.0 Version 07.
You can set the IBI_Move_Confirmation_Message parameter to specify whether WebFOCUS will request confirmation when a user moves a folder using a drag-and-drop operation. The default value is False.
For more information, see the WebFOCUS Security and Administration manual.
The IBI_XFrameOptions setting in the Filters category of the Administration Console prevents your content from being embedded in other sites, as a security measure against clickjacking attacks.
The IBI_Message_Detail setting in the Security category of the Administration Console determines when users receive detailed or simplified error messages. The detailed message appears in the event.log for administrator troubleshooting.
You can update any WebFOCUS Application Setting with the updateWebconfig.bat utility (for Windows) or the updateWebconfig.sh utility (for UNIX). These command line utilities modify the ibi\WebFOCUS81\config\webconfig.xml file and automatically encrypt any passwords you update.
WebFOCUS |