Configuring Encryption in the WebFOCUS Client

How to:

You can use the Administration Console to enable alternate encryption providers, configure external security tokens, encrypt WebFOCUS configuration files, and encrypt the trusted connection between the WebFOCUS Client and the WebFOCUS Server.

Note: If you are using an encryption key greater than 128 bits, the JVM used by your product installation must be using an unlimited strength Java Cryptography Extension (JCE) Jurisdiction Policy File. For more information, see the Oracle documentation at:

 

http://www.oracle.com/technetwork/java/javase/downloads/jce-6-download-429243.html

Procedure: How to Enable an Alternate AES Encryption Provider

You can use the Administration Console to enable an alternate AES encryption provider and to specify an internal or external key.

  1. Sign in as an administrator, and open the Administration Console.
  2. Under the Application Settings folder, click Encryption.
  3. Click the appropriate encryption provider in the Provider (IBI_ENCRYPTION_PROVIDER) list, as shown in the following table. If a key file is not listed, an internal key file will be used.

    Encryption Algorithm

    Option

    AES 128 Encryption with Internal Key

    ibi.webfoc.wfsecurity.encryption.wireaes.

    WFWireAES128

    AES 128 Encryption with External Key

    ibi.webfoc.wfsecurity.encryption.wireaes.

    WFWireAES128KeyFile

    AES 192 Encryption with Internal Key

    ibi.webfoc.wfsecurity.encryption.wireaes.

    WFWireAES192

    AES 192 Encryption with External Key

    ibi.webfoc.wfsecurity.encryption.wireaes.

    WFWireAES192KeyFile

    AES 256 Encryption with Internal Key

    ibi.webfoc.wfsecurity.encryption.wireaes.

    WFWireAES256

    AES 256 Encryption with External Key

    ibi.webfoc.wfsecurity.encryption.wireaes.

    WFWireAES256KeyFile

    If you are using an internal key, proceed to step 7. If you are using an external key, proceed to step 4. If you are using a security token, proceed to step 6.

  4. Create the key file and save it as a plain text file.

    For more information on hexadecimal keys, see Key File Format.

    If you are using a security token to enable trusted communication between the WebFOCUS Client and other software, proceed to step 5. Otherwise, proceed to step 7.

  5. If you are using a security token to enable trusted communication between the WebFOCUS Client and another application, enter the value of the token in the Token Key (IBI_WF_TOKEN_KEY) setting and click Save.
  6. Specify the value of the security token in the other application.

    Consult the appropriate documentation for the other application you are using for more information on configuring the security token.

  7. In the Administration Console, click the Security tab, and under the Security folder, click Advanced.
  8. Enter one or more of the following server account credentials:
    • IBI_WFRS_Service_Pass
    • IBI_Anonymous_WFRS_Pass
    • IBI_Admin_Pass
    • IBI_Magnify_Repos_DB_Password
  9. Restart the Application server.

    The startup process automatically encrypts all new passwords in the configuration files.

Procedure: How to Encrypt the Trusted Connection Between the WebFOCUS Client and the WebFOCUS Server

You can use the Administration Console to encrypt the trusted connection between the WebFOCUS Client and the WebFOCUS Server. For more information about configuring the trusted connection, see How to Configure the WebFOCUS Client to Make a Trusted Connection to the WebFOCUS Reporting Server.

  1. Sign in as an administrator, and open the Administration Console.
  2. On the Configuration tab, expand the Reporting Servers folder and then expand the Server Connections folder.
  3. Select the desired Server node.

    The Client Configuration page appears.

  4. Expand the Advanced node.
  5. Click one of the following Encryption list options, and then click Save.
    • 0. Off.
    • cipher(x)[-mode]

      where:

      cipher

      Is the encryption algorithm used, such as AES128 or AES256.

      x

      Optionally defines an RSA key length of 1024 bits. If unspecified, the default value used is 512 bits.

      mode

      Optionally, specifies the mode of operation, Electronic Code Book (ECB) or Cipher Block Chaining (CBC). If unspecified, the default value used is ECB.

  6. Click Save.
  7. When you receive the Saved Successfully message, click OK.
  8. Specify the value of the security token in the other application.

    Consult the appropriate documentation for the other application you are using for more information on configuring the security token.

  9. Re-enter one or more of the following server account credentials in the configuration file:
    • IBI_WFRS_Service_Pass
    • IBI_Anonymous_WFRS_Pass
    • IBI_Admin_Pass
    • IBI_Magnify_Repos_DB_Password
  10. Restart the Application server.

    The startup process automatically encrypts all new passwords in the configuration files.