x

There may be several ways to achieve the same objective. Consider, for example, the requirement of authenticating Managed Reporting sign-ons to the Active Directory:

• You can configure Managed Reporting to do this, which is relatively straightforward to configure.
• You may also be able to configure the Web server to authenticate users to Active Directory, in which case you can configure Managed Reporting to trust that authentication has already taken place. A trusted configuration is especially useful when other applications are also available on the Web server and you want to offer users a single sign-on capability for all of them.
• Another possibility is for Managed Reporting to pass the Active Directory credentials of the user to a Windows-based WebFOCUS Reporting Server, configured with security enabled, for authentication. With this alternative, the Reporting Server agent process runs in the security context of the authenticated user. This solution is useful if access to file system resources needs to be protected or if access to SQL Server data needs to be protected by Windows security.

x

It is not uncommon for a company to implement different security models in development, test, and production environments. For example, in a production environment the WebFOCUS Reporting Server is typically configured to use a single service account to access data on behalf of authenticated users. This enables reporting system users to request reports generated from data stored in a relational DBMS that does not have individual logon IDs for each of them. In the development environment, just the opposite is sometimes true. Developers have DBMS logon IDs, and it is critical that they be used to control access to development data that may be sensitive.

Because of these different needs, you may find that having the Reporting Server authenticate Managed Reporting sign-ons for the development environment makes sense, while trusted authentication makes sense in production. The Reporting Server can process user profiles that contain personalized DBMS connection and search path information, enabling it to control which data each developer has access to. In the production environment, compliance with corporate security initiatives, such as Netegrity SiteMinder or an LDAP server, may be the primary goal, making the trusted authentication option more useful. In most cases, the test and production environments should share the same security model.

Customers may need to prototype one or more configuration scenarios before arriving at the optimal solution. Information Builders can also supplement these efforts with architecture and security expertise, which is especially critical during the planning phase of a WebFOCUS implementation.

x

1. Access the WebFOCUS Welcome page (http://hostname:port/ibi_apps/, where hostname is the domain name of the machine on which the WebFOCUS Client is installed, and port is the port on which it listens) and click the Managed Reporting Administration link.
2. Log on to Managed Reporting as an administrator (the default administrator ID is admin with no password).
3. Select the Users tab and then click New User. The New User window opens.
4. Enter the following information into the New User form.
   • User ID. Type the ID that you use to authenticate to the external source.
   • User Name. Type your name as you would like to see it displayed in user lists throughout the product. A good convention is Last name, First name.
   • Password/Confirm Password. Leave this field blank because you will be configuring external authentication.

     Note: Once you configure external authentication, these fields will be disabled in the Managed Reporting Administration interface.

   • Email. An email address is required for users assigned ReportCaster Library privileges.
   • Role. Select the MR Administrator role from the drop-down list.
   • Privileges. Select all privileges for yourself. You must have the ReportCaster administrator privilege in order to be able to assign ReportCaster privileges to others.
   • Groups. Select the Default and Public groups for yourself. While a Managed Reporting administrator has access to all report Domains regardless of group membership, certain Report Library features are based on groups. A Managed Reporting administrator without groups cannot access these library features.

   The following image shows a new Managed Reporting administrator account with the user ID jt01234.

   

   For more information about the Managed Reporting Administration interface, see the WebFOCUS Managed Reporting Administrator's Manual.

5. Click the Save icon to create the account and then click Logoff.

x

This procedure should only be followed when you configure the external option for Managed Reporting authentication. If you are configuring the trusted option, skip this procedure.

1. Access the WebFOCUS Welcome page (http://hostname:port/ibi_apps/, where hostname is the host name of the machine on which the WebFOCUS Client is installed, and port is the port on which it listens) and click the Business Intelligence Dashboard View Builder link.
2. Log on as an administrator (the default administrator ID is admin with no password).
3. From the View Builder, click the Public User link.
4. Type the user ID and/or password for the Dashboard service account in the form and click Save.

   

5. Click Done and then Logoff.

   Once you define a password for the Dashboard service account and/or change the default user ID, the user ID and password you provided are encrypted and stored in the WebFOCUS/worp/conf/worp_mre.mpd file. If this file does not exist, Dashboard reverts to its default behavior, which is that the User ID is public with no password.

   If you changed the service account from public to another ID (such as ibibidsvc) in Step 4, continue with Step 6 to create this account in Managed Reporting. If you did not change it, skip the remainder of this procedure.

6. Go to the WebFOCUS Welcome page (http://hostname:port/ibi_apps/, where hostname is the host name of the machine on which the WebFOCUS Client is installed, and port is the port on which it listens) and click the Managed Reporting Administration link.
7. Log on to Managed Reporting as an administrator (the default administrator ID is admin with no password).
8. Select the Users tab and then click New User. The New User window opens.
9. Enter the following information on the New User form:
   • User ID. Type the ID created in the external source (for example, ibibidsvc).
   • User Name. Type the name you would like to see displayed (for example, Dashboard Service Account) in user lists throughout the product.
   • Password/Confirm Password. Leave this field blank because you will be configuring external authentication.

     Note: Once you configure external authentication, these fields will be disabled in the Managed Reporting Administration interface.

   • Role. Select the User role from the drop-down list.
   • Privileges. Leave the default values. The Enable accessibility features, Save entered values, and Library privileges are not supported with Dashboard public views.
   • Groups. Select the Public group.

   The following image shows a Dashboard service account with the user ID ibibidsvc.

   

10. Click the Save icon to create the account and then click Logoff.

x

1. Go to the WebFOCUS Welcome page (http://hostname:port/ibi_apps/, where hostname is the host name of the machine on which the WebFOCUS Client is installed, and port is the port on which it listens) and click the ReportCaster link.
2. Log on to ReportCaster.
3. Click ReportCaster Server Configuration.

   The ReportCaster Server Configuration tool opens, displaying the General tab.

4. From the General tab, expand the Security folder and select the Authentication Plug-in setting.
5. Select Trusted MR Sign-On from the drop-down list.

   If you did not install ReportCaster and WebFOCUS on one machine, or if you are installing WebFOCUS on z/OS, you must manually configure the trusted key file(s) for ReportCaster. For more information, see Trusted Sign-on Processing.

6. Generally, you can skip this step. However, if you deleted or disabled logon rights for the built-in Managed Reporting administrator account admin, you must do the following:
   1. Expand the User Info folder and select the Administrator setting.
   2. Click the button and type the Managed Reporting administrator account (for example, ibircsvc).

      You do not have to specify the password for this ID because you configured MR Trusted Sign-on in Step 4. You must create this account in Managed Reporting as described in Steps 11 through 15.

   3. Log on to the WebFOCUS Administration Console. Click Configuration and then Managed Reporting. Set the IBIMR_RC_SVCUSER parameter to the user ID you specified in Step b (for example, ibircsvc). Save your changes.

      If you are configuring external authentication, proceed to Step 9.

7. For Trusted authentication only: If you want the ability to access the ReportCaster tools from the Web without first going through Managed Reporting, you must configure the Caster Remote Authenticated setting. Depending on your configuration, select one of the following values:
   • Yes if the user identity will be found in the REMOTE_USER environment variable. Select this option if your Web server is configured for Basic or Integrated Windows authentication.
   • HTTP Header if the user identity will be found in an HTTP header variable. Type the name of the header in the Header Name field when selecting this option.

   Note: This setting has no effect on the Managed Reporting, Dashboard, or Developer Studio interfaces, which always present the user ID to ReportCaster in the Managed Reporting cookie.

8. For Trusted authentication only: If your Web server is configured for Basic authentication, specify an ID and password for connecting to the Web server as follows:
   1. Select the MR Info tab.
   2. Select the HTTP User setting.
   3. Click the button to open a dialog box in which you will type the user ID and password that ReportCaster will use to connect with the Web server when it needs Managed Reporting information.
9. Click the Save icon or choose Save from the Action menu.
10. Restart your ReportCaster Distribution Server and reload ReportCaster Web application.

    If you changed the default value admin in Step 6, continue with Step 11. Otherwise, proceed to either Configuring Trusted Authentication or Configuring External Authentication.

11. Go to the WebFOCUS Welcome page (http://hostname:port/ibi_apps/, where hostname is the host name of the machine on which the WebFOCUS Client is installed, and port is the port on which it listens) and click the Managed Reporting Administration link.
12. Log on to Managed Reporting as an administrator (the default administrator ID is admin with no password).
13. Select the Users tab and then click New User. The New User window opens.
14. Enter the following information on the New User form:
    • User ID. Type the ID you specified in Step 6 (for example, ibircsvc).
    • User Name. Type the name you would like to see displayed (for example, ReportCaster Service Account) in user lists throughout the product.
    • Password/Confirm Password. Leave this blank because you will be configuring trusted or external authentication.
    • Role. Select the MR Administrator role from the drop-down list.
    • Privileges. Leave the default values.
    • Groups. Select the Default and Public groups.
15. Click the Save icon to create the account and then click Logoff.