Community

Subscribe
Highlighted
Accepted Solution

Restrict OnCommand Insight Report Access to HTTPS

Hello,

Is there a way to restrict OnCommand Insight Report access to HTTPS?   Out of the box, both HTTP and HTTPS access are enabled.   I'd like to disable HTTP access to the Administration Console and the reports.

Thanks,

Jordan

Re: Restrict OnCommand Insight Report Access to HTTPS

Hi Jordan,

As of now, OnCommand Report does not have complete support for HTTPS. http access is required for the product to function.Disabling http will impact reporting connection.Only administration console has https support. We are looking at adding complete support for https in the upcoming releases.

Thanks,

Yuvraj

Re: Restrict OnCommand Insight Report Access to HTTPS

Thank you for the response Yuvraj.   Specifically, I'd like to ensure that my "Report Viewers" authenticate and view reports over a secured (HTTPS) connection.   You said "Disabling httpwill impact reporting connection" - does this mean my "Report Viewers" only have the ability to view reports over HTTP?

Thanks again for the response. 

Jordan

Re: Restrict OnCommand Insight Report Access to HTTPS

Currently, report viewers will only have the ability to view reports over HTTP. We will look at adding complete support for https in the upcoming releases.

Re: Restrict OnCommand Insight Report Access to HTTPS

Excellent.  That is what I needed to know.   HTTPS support would be great as company policies require HTTPS for various operations and types of data.   That being said, there probably are some reports we can make available to all internal users without authentication.   Typically, we prefer to keep things as secure as possible (require authentication and keep everything encrypted) so we don't have any concerns.

Thanks again for the response.  Please keep the OnCommand Insight Report community informed with regard to the future HTTPS enhancements.  

Re: Restrict OnCommand Insight Report Access to HTTPS

so, if we are authenticating with ldap for report viewing, that is sent unencrypted? 

Re: Restrict OnCommand Insight Report Access to HTTPS

Great question.   Im guessing the Web Browser -> Insight Web Server traffic would be unencrypted, inluding your username and password since they dont support https.   However, I'm not sure if the Insight Server is Secure LDAP capable or not.  I've never played around with it.    Im just speculating.  Also, this is a pretty old thread so there may be updates to OnCommand Insight Report that address HTTPS and Secure LDAP.

Re: Restrict OnCommand Insight Report Access to HTTPS

It just seemed odd that you would turn on intergration with LDAP for ease of managing users, (specifically for logging into reporting functionality) and then not encrypt the authentication traffic for those users....Not so concerned about the report data but authentication. 

Re: Restrict OnCommand Insight Report Access to HTTPS

Agreed.  If anything, the login credentials should be secured.   I personally hope they encrypt everything - login credentials and report data - so I can just tell our Security team that everything is using HTTPS.