WebFOCUS Client Security

WebFOCUS Client Security Variables

The following variables are generally set on a sign-on page and are used to send a request to a WebFOCUS Reporting Server:

IBIC_server - WebFOCUS Reporting Server node.
IBIC_user - WebFOCUS Reporting Server user ID.
IBIC_pass - WebFOCUS Reporting Server user password.

These variables override any default settings that were established for accessing a WebFOCUS Reporting Server. To establish default values for accessing a WebFOCUS Reporting Server, you can set the values of the following variables:

IBI_REPORT_SERVER - Default WebFOCUS Reporting Server. This setting is used only when a server (IBIC_server) is not supplied.
IBI_REPORT_USER - Default WebFOCUS Reporting Server user ID. This setting is used only when a user ID (IBIC_user) is not supplied.
IBI_REPORT_PASS - Default WebFOCUS Reporting Server password. This setting is used only when a user password (IBIC_pass) is not supplied.

You can set these variables globally for all WebFOCUS Reporting Servers in the WebFOCUS Administration Console in the Configuration, Reporting Server panel, and in the Configuration, Custom Settings panel. You can also set these variables for a specific WebFOCUS Reporting Server in the node profile of that server. For more information, see WebFOCUS Reporting Server Settings.

Web Server Variables for Core Processing

Web servers support HTTP variables, which are passed between the Web server and the Web browser in the HTTP request/response header. These variables typically define the environment of the Web browser. For example, HTTP_USER_AGENT defines which browser manufacturer and version of the browser is being used.

HTTP variables can be passed to WebFOCUS and used in script file processing. Some HTTP header variables are standard, and some are created and used by specific third-party products.

The CGI implementation of the WebFOCUS Client automatically has access to every HTTP header variable, whether standard or not.

The Servlet implementation of the WebFOCUS Client automatically has access to all standard HTTP header variables. If it needs access to a non-standard variable, you must copy that variable to the WebFOCUS variable table. Methods for copying variables are supplied in the WebFOCUS Servlet plug-in. For more information about these methods, see Copying WebFOCUS Variables Using the WebFOCUS Servlet Plug-in.

For a list of standard HTTP header variables that can be used in script processing, see HTTP Header Variables Available for Script Processing.

WebFOCUS Cookies for Core Processing

Reference:

WebFOCUS Cookies and Parameters

The HTTP_COOKIE variable passes information from the browser to the Web server. The WF_SIGNON action updates HTTP_COOKIE to include an array of security information, called WF_COOKIE. WF_COOKIE contains your encrypted credentials for your server(s).

WF_COOKIE is encrypted, has an expiration of end-of-session, and is not written to a cookie file on the computer. For increased security, you can use an alternate encryption routine. For more information on encrypting cookies, see WebFOCUS Encryption.

You can also specify the expiration time in the WF_COOKIE_EXPIRATION parameter in the cgivars.wfs file (see Changing WebFOCUS Client Settings in the WebFOCUS Administration Console).

If you include any custom variables on your logon page, these variables are stored in the WF_USER cookie and are passed to the WebFOCUS Reporting Server with every request.

If users want to change or override an existing set of cookie credentials, all they have to do is resubmit the logon page. This overrides the current values with the values specified in the new request.

Note: You can add the IBI_COOKIE_DOMAIN, IBI_COOKIE_PATH, and IBI_COOKIE_SECURE settings in site.wfs to control the behavior of a WebFOCUS cookie. For more information, see Cookie Settings in cgivars.wfs.

Top of page

Reference: WebFOCUS Cookies and Parameters

Cookie	Parameters/Descriptions
IBIWF_language	Language in which your WebFOCUS environment is running.
JSESSIONID	J2EE HTTP session that is used by Dashboard and the WebFOCUS Servlet to track the session of the user on the application server.
WF_AMPERFILE	Used with the IBIF_persistentamp feature to maintain global amper variables.
WF_COOKIE	WebFOCUS security cookie. Contains the following information for any number of servers: IBIC_server - WebFOCUS Reporting Server node. If the value of IBIC_server is not supplied on the sign-on request, the credentials supplied will be applied to all servers. IBIC_user - WebFOCUS Reporting Server user ID. IBIC_pass - WebFOCUS Reporting Server user password.
WFC_COOKIE	WebFOCUS Client security cookie. Used by the WebFOCUS Administration Console and by Developer Studio. It can optionally be used by WebFOCUS. It contains the Reporting Server node, user ID, and password for the Console session.
WF_SESSIONID	Used to validate a WebFOCUS session and control cookie expiration.
WF_USER	Includes any optional (custom) variables other than those listed for WF_COOKIE that are found on the sign-on request. Note: These custom variables are automatically passed to the WebFOCUS Reporting Server with each request. You can encrypt WF_USER using the ENCRYPT_WF_USER setting in the WebFOCUS Administration Console. For more information, see Configuring WebFOCUS Startup Parameters.