Jump to content
The ibi Community has moved to a new platform: Please Sign In and choose Forgot Password to continue

Good morning, I have a large maintain application in 7.7.03....


Deana Goeken

Recommended Posts

Good morning,

I have a large maintain application in 7.7.03. At this time, we are currently windows user accounts which is a tedious task. In an effort to standardize the login process with other applications, I am trying to figure out how to use OAuth to authenticate the WebFOCUS users. I have read that starting with 7.7.06, the server can be configured to use Cross-Site Request Forgery (CSRF). Is there a way to securely accomplish this functionality in 7.7.03

Thank you,

Deana

Link to comment
Share on other sites

Hi Deana

Im not sure what branch youre using in Wyoming - probably San Jose

This is likely a job for Professional Service from IBI (now Tibco). They can write up a Custom Servlet Filter for you to let you use Open ID work with WebFOCUS for authentication.

Youll probably get the same answer from techsupport, but you might go ahead and reach out to your branch to ask if they have any ideas.

Toby

Link to comment
Share on other sites

I just had a random thought too Deana - What about setting up Active Directory to use oauth

OpenID Connect authentication with Azure Active Directory | Microsoft Docs

Maybe this would be simpler since it sounds like youre already using AD to authenticate people.

If you can get hold of IBI consultants, they could help you navigate the problem.

Link to comment
Share on other sites

Toby,

I will check into a Custom Servlet Filter. We are actually using windows user accounts and not active directory for authentication. Which is a major reason we want to switch to OAuth . Years ago, Chuck tried to help me configure the WebFOCUS server to use active directory, but we could not get it to work correctly. (I suspect it was due to some firewall rule, but am only guessing.) Most of the users are internal, so ad should work for them.

Thank you for your suggestions.

Link to comment
Share on other sites

Hey Deana

Just another idea - I dont know what you use for your Web Server If you secure your Web Server via HTTPS that uses OAuth to Authenticate, you may not really have to have an HTTPS connection between your Web Server and your Application Server. I know several of our customers do it this way.

The feeling is that once you get past the Web Server, youre on an internal network and the communication there does not have to be encrypted.

The advantage of this is that you get to put the work on the people who set up Web Servers for you. Ask them to enable HTTPS on your webserver. Then when the web server redirects to Tomcat (or websphere or whatever), then you dont have to do anything as the WF admin since the call to Tomcat will be using HTTP just like before.

I think Id start that way - first, put the work on your web server people to install a certificate and enable HTTPs. Even if you want to go on and get tomcat to use HTTPS, youll need that certificate anyway.

What OS, Web Server and App Server do you use

Link to comment
Share on other sites

Toby,

This sounds like it would work well. Our WebFOCUS app already uses HTTPs. I am fairly confident the OAuth server is also using HTTPs.

For the WebFOCUS app the OS is Server 2008 R2. WebFOCUS is 7.7.03. As I have been working solely with this 1 WebFOCUS app for the past 10 or 11 years, I dont know any information about the other app server at this time. I am going to reach out to my server staff.

Thank you for the suggestion.

Link to comment
Share on other sites

Youre welcome Deana - I think I got my wires crossed on this thread. I started answering an SSL related thread that maybe I invented in my head!

Sorry about that. 2008 R2 is getting long in the tooth. Ive got a couple of those boxes running 8105m here that we are upgrading to windows 2019 servers running 8207. If you decide to go down that road, there are several of us generally doing the same thing.

If its Windows and its old, Ill bet youre using Tomcat as your Web Application Server (not to be confused with a Web Server) and IIS as your Web Server. So WebFOCUS runs on Tomcat, and people reach it by going through IIS (which then points them off to Tomcat, which points them to run WebFOCUS).

Good luck with the OAuth authentication!

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
  • Create New...