17-16 Publishing Reports to the Web with Oracle Reports Services running in Single Sign-On mode as long as the Reports Server and the requested report are not registered in Oracle Portal. Other Requirements: ■ The property Reports Server must be set explicitly for all report objects in the Oracle Forms Services module. ■ If a Reports Server other than the default is being used, that server must be started using Oracle Enterprise Manager. ■ The system variable REPORTS_PATH must be modified in the file ORACLE_ INSTANCEconfigreportsbinreports.sh to reference the path of the reports to be run. ■ The first time Reports Server is started, it creates a configuration file called rwserver.conf located in the ORACLE_ INSTANCE\config\ReportsServerComponent\server_name directory. ■ The default status of Reports Server is secure. To change the Reports Server status to non-secure, modify ORACLE_ INSTANCE\config\ReportsServerComponent\server_ name\rwserver.conf by commenting out the security tag and removing securityId from the job tags. ■ After making these modifications, the Reports Server must be stopped and restarted using Oracle Enterprise Manager. ■ If Oracle Forms Services is configured to run in Single Sign-On mode, then report requests are sent with the authid provided, based on the Single Sign-On user login. ■ Protected reports and Reports Servers can be registered in Oracle Portal. Table 17–2 lists the possible FormsReports combinations and expected results: 17.6.1 What’s New In This Release? As discussed above, a large number of applications use Oracle Reports in a non-secure mode with Oracle Forms Services. In this mode, the end user need not provide an AUTHID to run a report from Oracle Forms Services; the URL command needs to include only JOBID and the Reports Server name. If unauthorized or malicious users discover the job ID, they can view the job output using GETJOBID through rwservlet to obtain job output that belongs to another user. Prior to 11g Release 1 Table 17–2 Outcome of Forms Reports Integration when Forms is running in SSO Mode or Non-SSO Mode Report Type Registered, Secure Reports Server runs only registered reports Registered, Secure Reports Server runs any reports Non-Secure Reports Server Reports with public access report generated report generated report generated Reports with specific user access report generated report generated report generated Reports with no specific user access report not generated report not generated report generated Non-registered reports report not generated report not generated report generated Configuring and Administering OracleAS Single Sign-On 17-17 11.1.1, Oracle Reports generated sequential job IDs, making it easy to predict the job ID. With 11g Release 1 11.1.1, Oracle Reports allows the users to generate random and non-sequential job IDs to make it impossible to predict the job ID for a particular job. For more information, see Section 18.8.2, Generating Random and Non-Sequential Job IDs . Additionally, 11g Release 1 11.1.1 provides support for database authentication using proxy users: ■ Additional security through control of Oracle Forms Services connections based on users and roles. ■ Scalability, through reuse of a single database connection.