[FNS-33] Security Settings for FusionAnalytics E-Mail Reports

When viewing FusionAnalytics reports which have been delivered via email, you may see a request to log in to your FusionAnalytics Data Services server.

This happens because the images which comprise part of the reports are served directly from the FADS system itself.

If you are seeing a request to log in, you have not obtained a cookie for the FADS server on the address from where images are being served.

There are three solutions to this problem.

Log in.

When the login dialog appears, log in as a FADS user who is able to view the images.

Adjust the security settings of the application

You can set your FADS application not to require authentication to view images.

Warning: If you disable this protection, anyone will be able to view these report images, regardless of whether they are a valid FADS user or not.

1. Navigate on your server to FusionAnalyticsServerwebappsfadsWEB-INFclassesApplicationsYOUR_APP_NAME and open application.xml with a text editor. This editor must be capable of reading and writing UTF-8 Unix files. Windows Notepad is not able to do this – we recommend Notepad++.
2. In this file, locate the ApplicationWebServer block and carefully remove the Path whose path attribute is /_Persistent.
   
   
   
   You should be left with:

       <ApplicationWebServer>
          <PathRules>
             <Path path="/configuration">
                <Protected/>
             </Path>
          </PathRules>
       </ApplicationWebServer>
   

   
   

3. Restart the application by logging in to the Data Services webapp (usually located on port 8400), and restarting the data service itself using the Restart button.

Caveat: If the application is upgraded or reinstalled, this procedure must be repeated.

Change the domain name used to serve image links

The problem can also be solved by changing the host name used to serve image links. If you ordinarily log in to the FusionAnalytics Data Service webapp using – for example – http://fred.foo.com:8400/, then you should already have an authentication cookie for this domain. If the system has several aliases, images may be being served from a different domain name and the login dialog will appear. If this is the case, the domain name used in links can be changed:

1. Log in to the Data Services webapp (usually located on port 8400). Open the System section and click on the Server Settings entry.
2. Under the settings HTTP Server Host and HTTPS Server Host, change the value to the domain name you usually use.
3. Click Update Server Settings
   • This will cause generated links to use the new domain name, for which you already have an authentication cookie, and the login dialog should no longer appear.