Reporting Authentication,Authorization and Security

Published on 04 Feb 2024

Reporting Authentication, Authorization and Security.

   

 

                                                                              

                                                                                      Reporting Authentication , Authorization and Security

                                                                                                              Author : Rajna Nannat

Touch Points

Architecture

Authentication , Authorization & Security

Data & Metadata Management

IWA Advantages and Disadvantages

 

                                                                                        Reporting Architecture - Security Checkpoints

                                                                 

                                                                             Authentication , Authorization and Security

  • When a User logs in via form he needs to be a Domain User since we use LDAP WFRS Connection and has to be Registered in Security Center to access the weblink.
  • When we change to Trusted the Explicit Authentication is handled by Webserver.
  • User No longer needs to provide Credentials.
  • This allows User to be logged in to application on page refresh when the authentication happens undercover.
  • For IWA SSO Both Client and Server has to be in Trusted mode.

When a User logs in via form he needs to be a Domain User + Registered in Security Center to access the weblink.

Security Center ROLE/GROUP/USER                                            

       

Security assignment passed from Client to Server

                                                                                            Implementation Steps

  • Enable IWA in IIS Server
  • Tomcat config file add >> <Connector Port=“8009” …..tomcatauthentication=“false”/>
  • Below Link turn off as below

    <property name="anonymousAuthEnabled" value="true"/> --false

    <property name="formAuthEnabled" value="true"/> -- FALSE

    <property name="basicAuthEnabled" value="false"/>--FALSE

    <property name="j2eePreAuthFilterEnabled" value="false"/>--TRUE

    <property name="customSignoutURLEnabled" value="false"/> --TRUE

  • Change the Reporting Server to Trusted in Admin Console with option Pass UserID/Groups

                                                                                    Advantages of Single Sign On

  • Allows user to have a feeling of stayed connected, removing the need to enter credentials on web session time out.
  • Removes any Access Denied error on items via URL calls.
  • Allows the LDAP Groups to work in synch with Security Center Privileges.
  • Allows Metadata Management and Data Governance.
  • Rest services can trigger schedules without need of id/pwd from bat script URL calls.
  • Allows to create Domain level profiles.

 

                                                                                              Thank You !

Icon
THANK YOU

You will receive an email with a download link. To access the link, please check your inbox or spam folder