• No results found

Securing WebFOCUS A Primer. Bob Hoffman Information Builders

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Securing WebFOCUS A Primer. Bob Hoffman Information Builders"

Copied!
27
0
0

Loading.... (view fulltext now)

Download now ( 27 Page )

Full text

(1)

Bob Hoffman

Information Builders

Securing WebFOCUS – A Primer

(2)

Agenda

Gain an understanding of the WebFOCUS Architecture

Where can security be implemented?

Review the internal WebFOCUS repository and

resource templates.

Review securing the communications layer.

Review how to integrate WebFOCUS with external

security provider.

(3)

Discuss Security

What should we think about in regards to security?

Encrypting the transport protocol.

Prevent an attacker from being able to “sniff” the

network to obtain data, passwords…

Authentication

Make sure that the user is who they say they are!

Authorization

Make sure that the authenticated users can only

do what they are permitted to do.

(4)

WebFOCUS Architecture

A basic WebFOCUS report request

4

Web Server

Users

Data Source

The Reporting Server does any additional calculations, joins… and

formats it into the desired output (HTML, EXCEL, PDF…) The report is

then passed back to WebFOCUS.

(Once the report is returned to WebFOCUS, the “agent” on the Reporting Server is released, making

its resources available to subsequent requests)

WebFOCUS delivers the report to the user.

WebFOCUS interprets the request that the user made,

and requests the Reporting Server to execute the report.

The Reporting Server reviews the request, and determines how and where to retrieve the

data. It requests the data of the data source.

The data source processes the data request, and returns the smallest data

set possible to the Reporting Server. User requests a

report from WebFOCUS.

(5)

WebFOCUS 8 Repository

WebFOCUS Managed Reporting has a built in

repository that manages all of the WebFOCUS

content, as well as controls who has access to that

content.

This can be used on it’s own, or in conjunction with

external security providers.

(6)

WebFOCUS 8 Repository

6

The WebFOCUS Repository contains all the WebFOCUS content: Folders, Reports, Report Objects, HTML pages,

Portals and Schedules.

(7)

WebFOCUS 8 Repository

7

In the repository you can also manage WebFOCUS users and

groups.

(8)

WebFOCUS 8 Repository

8

On every object in the content tree, users and/or groups can be

mapped to specific rules. This allows for greater control for administrators to delegate who can do what with every

object in the repository. However, this can also become

(9)

Resource Templates are there to make managing security

easier.

They allow you to easily create a content folder, portal,

groups and associated rules.

Each template creates several sub-groups that have

appropriate rules already applied to the content folder and

portal.

Administrator, Developer, Advanced User, and Basic

User.

All you need to do is add users to the appropriate group

to give them the desired access to WebFOCUS content.

Out of the box we provide an Enterprise Template, as well

as several SaaS Templates.

WebFOCUS also allows you to customize these templates, or

create your own.

9

Resource Templates

(10)

Resource Templates

Built-in Resource Templates

(11)

Resource Templates

Built-in Resource Templates

11

Enterprise Group Administrators Can

Create new users (WF puts them into the parent group)

Edit properties of users in their parent group

They can see all users and add anyone to their sub-groups

SaaS Group Administrators

Cannot create new users

(12)

Resource Templates

Consider Your User Role Requirements

(13)

Discuss Security

What should we think about in regards to security?

Encrypting the transport protocol.

Prevent an attacker from being able to “sniff” the

network to obtain data, passwords…

Authentication

Make sure that the user is who they say they are!

Authorization

Make sure that the authenticated users can only

do what they are permitted to do.

(14)

14

Web Server

WebFOCUS Security

Where can the transport layer be encrypted?

Users

Data Source

Communications between the user and WebFOCUS can

be encrypted.

Communications between

WebFOCUS and the Reporting Server can be encrypted.

Depending on the RDBMS, communications

between the Reporting Server and a RDBMS can

be encrypted.

HTTPS TSL Native

(15)

Discuss Security

What should we think about in regards to security?

Encrypting the transport protocol.

Prevent an attacker from being able to “sniff” the

network to obtain data, passwords…

Authentication

Make sure that the user is who they say they are!

Authorization

Make sure that the authenticated users can only

do what they are permitted to do.

(16)

WebFOCUS Security

Where can authentication be done?

16 Web Server Users Data Source WebFOCUS can authenticate externally to LDAP, AD, an RDBMS or to tables in a data source.

Pre Internal External

user1 Administrators PM/BasicUsers WebFOCUS Managed Reporting can authenticate to it’s internal repository. Active Directory COR-WF-PM-CORE COR-WF-PM-SERVER Authentication can be

performed prior to WebFOCUS by the web server, a third party

web authenticator (WebSEAL, SiteMinder…) or a token handoff

(17)
(18)

Authentication

Configuring Pre Authentication using IIS/IWA

18

The user does not get

prompted for

credentials. The web

browser and IIS

(19)

Discuss Security

What should we think about in regards to security?

Encrypting the transport protocol.

Prevent an attacker from being able to “sniff” the

network to obtain data, passwords…

Authentication

Make sure that the user is who they say they are!

Authorization

Make sure that the authenticated users can only

do what they are permitted to do.

(20)

20

Web Server

Users

Data Source

WebFOCUS can “map” groups in it’s internal repository back to elements in LDAP, AD, or tables in

a data source. This allows integrated authorization to just

about any external source.

Internal External user1 Administrators PM/BasicUsers WebFOCUS Managed Reporting can authorize access to it’s internal repository. Active Directory COR-WF-PM-CORE COR-WF-PM-SERVER

WebFOCUS 8 Security

(21)

Authentication & Authorization to LDAP

Reporting Server LDAP Provider

Directory type is

automatically detected

Appropriate defaults are automatically filled in to simplify configuration

Test the provider

(22)

Reporting Server edaprint.log

Authentication & Authorization to LDAP

WebFOCUS Trusted Connection to the Reporting Server

Simple one-click setting

&FOCSECUSER &FOCSECGROUP

WebFOCUS

(23)

Administrator Maps the Value to a WebFOCUS Group

Resource Templates Can Configure the Mapping

Group DN or attribute

value is mapped to WF

group

Authentication & Authorization to LDAP

(24)

Authentication & Authorization

WebFOCUS External Authorization (to the RS)

WebFOCUS groups

can be mapped to

external groups

Accounts for these users are automatically

created when they first sign-in

User description and

email pulled from

external directory

(25)

WebFOCUS Data Security

Traditional Approach

Rules in the MFD or Central DBAFILE

Dynamic DBA

Leverages MFD Profile

Reads entitlements from file or Table

(26)

Security is a very broad topic, and it can be as simple, or

as complex as your requirements need it to be. This

presentation was merely a taste, and did not get into

many areas of security that we do support.

The WebFOCUS security manual, in addition to several

instructional videos, are available at

https://techsupport.informationbuilders.com

. These

contain everything that was reviewed, and much, much

more.

We have resources that can help you from our education

and professional services organization. If you need a hand,

please contact your account representative to point you in

the right direction.

26

Wrap up

(27)

Questions?

References

Download now ( PDF - 27 Page - 2.34 MB )

Related documents

Improving Audit Efficiency and Accuracy with ProSystem fx Knowledge Coach. Call PFX-9998 or visit CCHGroup.com

Automatic Content Flow — As soon as she entered the risk the first time, Knowledge Coach flowed the risk information to the summary audit program workpaper and all of the other

Relational Algebra. Basic Operations Algebra of Bags

quadruples (bar, beer, beer1, price) such that the bar sells both beers at this price... Schemas

Module 9

“ A discontinuity resulting from an arc, consisting of any localized remelted metal, heat- affected metal, or change in the surface profile of any metal object ”.. Cairo

Theme: "Recognition of qualifications and quality of LIS education: the Bologna process challenges in a changing world"

The ERASMUS institutional coordinator’s point of view on analysis concerning the courses accomplished by students from the Institute of Information and Library Science at the

Soft pneumatic devices for blood circulation improvement

 Analysis  and  simulation  of  dynamic   characteristics  of  flexible  pneumatic  actuator  FPA..  Lorenzelli,  Spice  model  of  lossy  piezoelectric

CHAPTER 20 INTRODUCTION. Building, Implementing, and Sustaining a Beginning Reading Improvement Model: Lessons Learned School by School

From the short list, we encour- age schools to (a) review scope and sequences; (b) conduct a discrepancy analysis with school-adopted expectations; (c) compare programs within the

Cambridge IGCSE BIOLOGY 0610/43. Paper 4 Theory (Extended) October/November hour 15 minutes. You must answer on the question paper.

(a) The population of yeast can be estimated by using a light microscope to view a small sample of yeast cells in a modified microscope slide.. There is a square chamber, with

The Continuing Crisis in Affordable Housing: Systemic Issues Requiring Systemic Solutions

See Ballard, supra note 100, at 212 (noting that private for profit entities have become more involved in affordable housing development as government has