x

When a request is issued from the WebFOCUS Client to the WebFOCUS Reporting Server, and an invalid credentials message is sent back to the WebFOCUS Client, the WebFOCUS Client responds with a WF_SIGNON page that prompts for the user ID (IBIC_user) and password (IBIC_pass) for the server that issued the message. The server is specified as a hidden field on the sign-on page (IBIC_server=node) and results in a qualified set of credentials being stored in the WebFOCUS security cookie.

You can use the WF_AUTOSIGNON setting to disable dynamic prompting for server credentials. In this case, when no credentials are specified at request time or in cgivars.wfs, the WebFOCUS Client sends back a message. Additionally, if you set WF_AUTOSIGNON to PREPROMPT, the WebFOCUS Client displays a WF_SIGNON page before attempting to connect to the WebFOCUS Reporting Server for the first time.

The WF_AUTOSIGNON setting is available in the Configuration section of the WebFOCUS Administration Console under General settings. For more information about the WF_AUTOSIGNON setting, see General Settings in cgivars.wfs.

x

If you are protecting WebFOCUS with custom security, you may be able to access it from Developer Studio by using a custom logon template. Logon templates are developed by an administrator and describe certain behavior specific to the custom security solution.

For information about creating and using custom logon templates, see Developer Studio Custom Logon Templates.

x

Integrated Web server security uses the Web server environment variable REMOTE_USER, which stores the value of the authenticated logon ID of the user. This variable is populated only if Web server authentication is enabled (it will be empty if Anonymous access is in effect).

Trusted (Already Verified Processing) requires that the WebFOCUS Client send only the user ID, along with a flag indicating that authentication has already taken place. It also requires the Reporting Server to be configured for operating system security.

With the following settings in the WebFOCUS Client odin.cfg file, an already authenticated Web server user ID is used to connect to the WebFOCUS Reporting Server, and no password is required.

SECURITY=TRUSTED
TRUST_ID_SRC=REMOTE_USER

To access these settings, go to the WebFOCUS Administration Console, select Reporting Servers, select Remote Services, select the desired Node in the Remote Services panel, then click Modify. In the Remote Services Modify Settings panel, select Trusted in the SECURITY drop-down list and two additional options are displayed. In the field next to the WebFOCUS script variable, which is selected by default, type REMOTE_USER.

Note:

• For details about integrating WebFOCUS security with Web server authentication, see Configuring Trusted Authentication.
• Trusted is not supported inbound to a WebFOCUS Reporting Server on Windows. However, Trusted is supported between a Windows WebFOCUS Client and any other supported WebFOCUS Reporting Server platform.
• The WebFOCUS Reporting Server configuration keyword trust_nt is not supported by the WebFOCUS Client.

x

A self-service application is not managed by Managed Reporting and therefore, does not use the Managed Reporting sign-on page and processing. However, you can ensure that users are authenticated by means of a sign-on page. In addition, when a request is sent to the Reporting Server but the credentials are invalid, a message is sent back to the WebFOCUS Client. If the WF_AUTOSIGNON setting is enabled, the WebFOCUS Client automatically responds with a WF_SIGNON page that prompts for the credentials of the user. This automatic logon prompting for Reporting Server credentials is described in Default Automatic WebFOCUS Reporting Server Logon Prompt.

You can configure the WF_AUTOSIGNON setting in the WebFOCUS Administration Console.

The WebFOCUS Client allows a user to set security credentials once, after which all subsequent requests from the WebFOCUS Client to any WebFOCUS Reporting Server are automatically supplied with those credentials. The user ID and password are usually provided by the user on a Web page that uses an HTML <form> tag. When the form is submitted with the hidden variable IBIWF_action set to "WF_SIGNON", the WebFOCUS Client encrypts the sign-on information and, using its built-in connector, transmits the information to a WebFOCUS Reporting Server for authentication.

You may customize the following sample sign-on page, wfsignon.html, to suit your application needs.

<form action="/ibi_apps/WFServlet" method="POST">
user ID :
<input type=text name="IBIC_user" value="">
PassWord :
<input type=password name="IBIC_pass" value="">
<input type=submit name="submit" value="Submit">
<input type=reset name="reset" value="Reset">
<input type=hidden name="IBIWF_action" value="WF_SIGNON">
</form>

If the logon information is authenticated successfully by the WebFOCUS Reporting Server, the WebFOCUS Client stores the encrypted information in a non-persistent browser cookie and redirects the user to the URL specified by the WF_SIGNON_MESSAGE variable. You can use this sample sign-on page (wfsignon.html) as is, enhance and modify this page to suit your application needs, or elect to bypass this page completely. For example, you can use the WebFOCUS exit or set the user ID and password in a .wfs file.