Configuring Trusted Connections

How to:

Configure the WebFOCUS Client to Make a Trusted Connection to the TIBCO WebFOCUS Server
Configure the ReportCaster Distribution Server to Make a Trusted Connection to the TIBCO WebFOCUS Server
Configure the TIBCO WebFOCUS Server to Accept Trusted Connections

You can configure a trusted connection between the WebFOCUS Client and the WebFOCUS Server and between the ReportCaster Distribution Server and the WebFOCUS Server.

A trusted connection is the recommended approach and has multiple benefits:

For external authentication, a trusted connection efficiently connects to the WebFOCUS Server, and does not require additional authentication requests against the Authentication provider, which can decrease system performance.
For pre-authentication, a trusted connection prevents the WebFOCUS Server from prompting the user for credentials.

Note: You must enable the WebFOCUS Server to accept trusted connections. For more information, see How to Configure the TIBCO WebFOCUS Server to Accept Trusted Connections.

Procedure: How to Configure the WebFOCUS Client to Make a Trusted Connection to the TIBCO WebFOCUS Server

Sign in as an administrator, and open the Administration Console.
On the Configuration tab, expand the Reporting Servers folder, and then expand the Server Connections folder.

The list of existing WebFOCUS Server Connections appears in the tree.
Click the node of the WebFOCUS Server for which you must establish a trusted connection.

The Client Configuration page opens.
In the Security field, click Trusted. A trusted connection passes the WebFOCUS user ID to the WebFOCUS Server.
You can choose to include or omit user group information.
1. To include user group information, click Pass TIBCO WebFOCUS User ID and their Groups. This is the default. Proceed to step 7.
2. To omit user group information, click Custom. Continue with step 6.
The User ID and User’s Groups check boxes and associated options appear.
1. The User ID check box is automatically selected because user IDs must be passed to the WebFOCUS Server.
  - Do not change the TIBCO WebFOCUS script variable. It must be IBIMR_user.
  - Click HTTP Header Field if you wish to pass user IDs with this method instead of the script variable. Type the HTTP Header Field file name.
2. Clear the User’s Groups check box to prevent group information from being passed to the WebFOCUS Server. Leave the check box selected to pass user group information to the WebFOCUS Server.
  - Use the default WebFOCUS script variable IBIMR_memberof or type a different variable.
  - Select HTTP Header Field if you wish to pass user group information with this method instead of the script variable. Type the HTTP Header Field file name.
Click Save.

If you have ReportCaster, you may also want to configure the ReportCaster Distribution Server to make trusted connections to the WebFOCUS Server. Otherwise, you can proceed by configuring your specific type of pre-authentication or external authentication.

Procedure: How to Configure the ReportCaster Distribution Server to Make a Trusted Connection to the TIBCO WebFOCUS Server

If you use ReportCaster, you can configure the ReportCaster Distribution Server to make trusted connections to the WebFOCUS Server when running scheduled jobs.

Note: Currently, trusted connections from ReportCaster in WebFOCUS send the user IDs of the schedule owners to the WebFOCUS Server, but do not send WebFOCUS groups.

Sign in to WebFOCUS as an administrator, and open the ReportCaster Console.
In the Show group, click Configuration.
Expand the Data Servers folder and click the folder for the desired WebFOCUS Server.
Select Trusted from the Security Type list.
In the Manage Configuration group, click Save.
When you receive a message asking you to confirm your decision to make changes to the ReportCaster configuration, click OK.
When you receive a message reminding you to restart the Distribution Server and reload the ReportCaster Web Application to effect these changes, click OK.
On the Server browser interface ribbon, in the Manage Configuration group, click Restart.

Procedure: How to Configure the TIBCO WebFOCUS Server to Accept Trusted Connections

You can configure a security provider on the WebFOCUS Server to accept trusted connections. Each provider is configured separately. You can enable trusted connections for one provider and disable it for others.

Note: Trusted connections are not supported for the Windows Server OPSYS provider.

Open the Access Control page of the Server browser interface. If prompted, sign in with a valid Server Administrator User ID, Password. and select a Security Provider, if the Security Provider list appears on the Sign in page.
In the Access Control navigation pane, under Security Providers, right-click a security provider and then click Properties.

The Security Configuration page for that provider appears.
In the navigation pane, under the Security Providers folder, double-click a security provider.
Click y in the trust_ext list, and then click Save.

When you receive a message that the WebFOCUS Server is restarting, wait.
If the WebFOCUS Server Sign in page opens, type the Reporting Server Administrator User ID and Password and select a Security Provider, if the Security provider list appears, and then click Sign In.
When the Server browser interface home page opens, select Tools and Access Control.

A checkmark now appears in the Accepts Trusted column for the security provider.