In this section:
This section describes the enhancements to the WebFOCUS Client Repository and authorization security.
Administrators can use the new IBI_Deferred_Custom_Description setting to control the display of the Deferred Report Description option in a new page or within the Autoprompt page when users submit a new deferred report request.
When False, the default setting, the title of the report being submitted to run deferred is assigned to the deferred report description automatically, and the Deferred Report Description prompt does not appear. When True, users are prompted to optionally customize the description of the deferred report, which defaults to the title of the report being run deferred.
Note: When the Custom Deferred Report Descriptions setting is True, users can select the Use Title for Deferred Report Description reports (FEX) property to specify to use the title value of the report for the deferred description. This allows the user to suppress the Deferred Report Description option for specific reports. This property is available in the Properties option for a report (FEX).
To view the IBI_Deferred_Custom_Description setting, from the BI Portal Menu bar, click Administration, and then click Administration Console. Expand the Configuration node and then, under the Application Settings folder, click Deferred Reporting.
For more information about the IBI_Deferred_Custom_Description setting, see the Deferred Reporting Settings topic in the WebFOCUS Security and Administration manual. For more information about the Use Title for Deferred Report Description setting, see the Folder and Item Properties topic in the Business Intelligence Portal manual.
Administrators can use the new IBI_Deferred_Notify_Submitted setting to control the display of the Deferred Report Notification and eliminate the confirmation that the request to run a deferred report has been successfully submitted. When True, the default setting, whenever a user runs a deferred report, a notification appears prompting the user that the report has been submitted and providing a link directly to the Deferred Report Status interface that shows the status of the deferred report. When False, no notification appears after a user submits a deferred report.
The ability to suppress the Deferred Report Notification enables an Administrator to free users who run a large number of reports from having to close the notification for each report run deferred, speeding the process and requiring less effort.
To view the IBI_Deferred_Notify_Submitted setting, from the BI Portal Menu bar, click Administration, and then click Administration Console. Expand the Configuration node, and then, under the Application Settings folder, click Deferred Reporting.
For more information, see the Deferred Reporting Settings topic in the WebFOCUS Security and Administration manual.
Administrators can use the new IBI_Deferred_Ticket_Delete_Confirm setting to control the display of a confirmation message when a user deletes a deferred report from the Deferred Report Status list.
When True, the default setting, users are prompted to confirm their decision to delete their selected deferred report. When False, the deferred report is deleted automatically, and users do not receive the Are you sure you want to delete Deferred report entry? message.
To view the IBI_Deferred_Ticket_Delete_Confirm setting, from the BI Portal Menu bar, click Administration, and then click Administration Console. Expand the Configuration node, and then, under the Application Settings folder, click Deferred Reporting.
For more information about the IBI_Deferred_Ticket_Delete_Confirm setting, see the Deferred Reporting Settings topic in the WebFOCUS Security and Administration manual.
By default, when using RESTful Web Services with CAS or SAML, pre-authentication attempts to access protected resources from a user who has not yet signed in to CAS or SAML will redirect the request to the CAS or SAML sign-in pages, an undesirable response.
To change this response to an HTTP 401 (Unauthorized) status code message and allow the application to initiate the authentication, you must configure a setting within the securitysettings.xml file to disable anonymous access, and create an HTTP request header to indicate an HTTP 401 response instead of a redirect.
As of Release 8.1 Version 05M, WebFOCUS security zones configured for pre-authentication, based on Java Container Security, Central Authentication Service (CAS), OpenID, and SAML 2.0, can also accommodate form-based authentication for individual resources. To enable the configuration to support pre-authentication, you must set the formAuthEnabled property to True.
The IBI_Push_Image setting in the Advanced Settings category of the Administration Console specifies whether to upload images that are stored in the repository, to the Reporting Server for embedding in reports and HTML pages. The default value is False.
The Run User Audit option, which is located in the License Management window of the WebFOCUS Administration Console, evaluates the repository license usage for Managed Reporting, InfoAssist, and Data Visualization. It produces a License Analysis report with information on the total number of licenses by license type, the number of licenses in use by license type, and an analysis of license assignment by Group and by User, as shown in the following image.
You can also run the User Audit utility (license_audit.bat) from your local WebFOCUS installation directory, which is available in the following location:
When you run this program, the License Analysis report (auditUserCounts.htm) is created in the same directory.
As of Release 8.1 Version 05, the ZIP All button appears when you select the All Clients, Client Connection, MR Deferred Ticket, Cleanup Utility, or WF Servlet pages from the Traces folder of the Diagnostics menu on the Administration Console. This button saves copies of all trace files on display into a single zip file, as shown in the following image.
WebFOCUS offers single sign on support for SAML 2.0. For more information about configuring SAML with CA SiteMinder or CA CloudMinder, see:
WebFOCUS provides enhanced protection against SQL injection and cross-site scripting attacks by using a centralized filter to validate all product variables by URI. When a request fails the validation test, the request is not validated and a generic error message is displayed to the user. Blocked requests are logged for administrator review and violations are aggregated into a list that can be used to develop new filters.
New setting to specify default parameter prompting behavior for Managed Reporting procedures when the Prompt for Parameters setting is unchecked and Managed Reporting Prompting is enabled by IBIMR_prompting.
Enables or disables parameter prompting for Managed Reporting procedures (FEXes) when IBIMR_prompting is set to XMLPROMPT or XMLRUN, and the Prompt for Parameters setting is unchecked in the FEX Properties dialog box. Possible values are:
Setting IBIMR_promptingUnset to OFF specifies not to prompt for parameters, enabling the configuration of the default behavior prior to Release 8.0 Version 07.
You can set the IBI_Move_Confirmation_Message parameter to specify whether WebFOCUS will request confirmation when a user moves a folder using a drag-and-drop operation. The default value is False.
For more information, see the WebFOCUS Security and Administration manual.
The IBI_XFrameOptions setting in the Filters category of the Administration Console prevents your content from being embedded in other sites, as a security measure against clickjacking attacks.
The IBI_Message_Detail setting in the Security category of the Administration Console determines when users receive detailed or simplified error messages. The detailed message appears in the event.log for administrator troubleshooting.
You can update any WebFOCUS Application Setting with the updateWebconfig.bat utility (for Windows) or the updateWebconfig.sh utility (for UNIX). These command line utilities modify the ibi\WebFOCUS81\config\webconfig.xml file and automatically encrypt any passwords you update.