Hi Jordan,

As of now, OnCommand Report does not have complete support for HTTPS. http access is required for the product to function.Disabling http will impact reporting connection.Only administration console has https support. We are looking at adding complete support for https in the upcoming releases.

Thanks,

Yuvraj

Thank you for the response Yuvraj.   Specifically, I'd like to ensure that my "Report Viewers" authenticate and view reports over a secured (HTTPS) connection.   You said "Disabling httpwill impact reporting connection" - does this mean my "Report Viewers" only have the ability to view reports over HTTP?

Thanks again for the response. 

Jordan

Excellent.  That is what I needed to know.   HTTPS support would be great as company policies require HTTPS for various operations and types of data.   That being said, there probably are some reports we can make available to all internal users without authentication.   Typically, we prefer to keep things as secure as possible (require authentication and keep everything encrypted) so we don't have any concerns.

Thanks again for the response.  Please keep the OnCommand Insight Report community informed with regard to the future HTTPS enhancements.  

so, if we are authenticating with ldap for report viewing, that is sent unencrypted? 

Great question.   Im guessing the Web Browser -> Insight Web Server traffic would be unencrypted, inluding your username and password since they dont support https.   However, I'm not sure if the Insight Server is Secure LDAP capable or not.  I've never played around with it.    Im just speculating.  Also, this is a pretty old thread so there may be updates to OnCommand Insight Report that address HTTPS and Secure LDAP.

It just seemed odd that you would turn on intergration with LDAP for ease of managing users, (specifically for logging into reporting functionality) and then not encrypt the authentication traffic for those users....Not so concerned about the report data but authentication. 

Agreed.  If anything, the login credentials should be secured.   I personally hope they encrypt everything - login credentials and report data - so I can just tell our Security team that everything is using HTTPS.