Blog http://forums.visokio.com/categories/blog/feed.rss Mon, 30 Oct 17 11:29:05 -0400 Blog en-CA New: Connectors-iGeolise Travel Time (2.9+) http://forums.visokio.com/discussion/2458/new-connectors-igeolise-travel-time-2.9- Tue, 28 Jan 2014 11:29:53 -0500 richard 2458@/discussions
  • Time Maps

    Create isochrone shapes showing the area around an origin which can be reached in a given time period and using a specified mode of transport.


    image

  • Routing

    Retrieve directions for your journeys. Configurable options include the start or arrival date/time and a mode of transport,


    image

  • Rank Points

    Upload a collection of origin and destination points along with a mode of transport and maximum journey time. Travel Time will return only the destinations which can be reached in the given time period along with the distance and time taken to reach the location.


    image



The DataManager block contains a link to iGeolise Travel Time's sign up page where you can create an account.


Please let us know if you encounter any problems or have any questions.]]>
Automatically reloading upon receiving an authentication failed response http://forums.visokio.com/discussion/3165/automatically-reloading-upon-receiving-an-authentication-failed-response Tue, 16 Aug 2016 13:14:00 -0400 steve 3165@/discussions
You can enable this by ticking "Reload on AJAX auth fail" in the Omniscope Web server configuration dialog.

Alternatively, edit the server's config.xml file:
<mobilewebserver ... reloadOnAjaxAuthFail="true" ...>

Available in tonight's build - 2.9 Plus b1833 and later.
]]>
Create custom groups in Omniscope http://forums.visokio.com/discussion/3144/create-custom-groups-in-omniscope Wed, 22 Jun 2016 11:34:27 -0400 paola 3144@/discussions In Omniscope, each cell can contain multiple values, that can be independently queried, grouped, used for calculation or visualised. The feature is called tokenisation and you can select it in different locations:
• Data Manager>Field organiser>Field options
• Data Manager > Tokenise block, see video http://tc.visokio.com/videos/?name=DataManagerTokeniseDetokenise&title=Tokenise+%26amp%3B+de-tokenise&lang=gb
• Data>Manage fields > Field options >tokenised
• Data Explorer > Table view> right-click on the Field name >field options > tokenised

Here are few ideas how to visualise a similar scenario. Probably the best way to visualise multi-group belonging is the Venn view, which can be connected to other views to create an interactive story… Network view can also be useful - see the attached iok file.

image

Network view is showing double- hierarchy:
image]]>
Connectors: Facebook Atlas transition from Microsoft platform http://forums.visokio.com/discussion/2900/connectors-facebook-atlas-transition-from-microsoft-platform Wed, 01 Apr 2015 07:38:54 -0400 tjbate 2900@/discussions
We understand this will be temporary until the Facebook version of the API is fully enabled. Please post here to let us know who you are and what you have been told by Facebook Atlas to do by way of workaround.]]>
Deployment: Rendering HTML5 browser versions inside your own iFrames (2.9 Plus) http://forums.visokio.com/discussion/2980/deployment-rendering-html5-browser-versions-inside-your-own-iframes-2.9-plus Wed, 29 Jul 2015 06:47:59 -0400 antonio 2980@/discussions
The option "Allow render in any iframe" is by default unticked, that means Omniscope will only allow the current site/domain to frame the content.
This is the case you have a web server serving your web page at e.g. yourserver.com and you embed Omniscope Mobile into an iframe provided that Omniscope is on the same domain (e.g. yourserver.com/myfile.iok) .

If for instance your webserver is yourserver.com and you want to embed Omniscope Mobile running on a different server (e.g. omniscope.me/myfile.iok), than you will need to tick the "Allow render in any iframe" option to allow cross domain embedding of the Mobile app.

Find the options in the "Permissions" section in the Omniscope Web Server settings.
image

N.B. the option "Allow client to display embed option" should be set accordingly to the "Allow render in any iframe".
]]>
Remote URL-hosted IOKs in Mobile Server (2.9 Plus) http://forums.visokio.com/discussion/3040/remote-url-hosted-ioks-in-mobile-server-2.9-plus Tue, 24 Nov 2015 12:18:04 -0500 steve 3040@/discussions
To enable this feature, open the Server UI and configure "Omniscope Web Server > Config > Advanced > Remote URL pattern". The remote URL to the desired IOK file itself is specified as an encoded element within the URL visited externally in the browser. This is best explained by example; see below.

Download

This is currently in a 2.9 Plus hotfix, and will be integrated into the main 2.9 Plus build pending external testing. Download here:
http://www.visokio.com/download/?branch=beta-rc&feature=Plus/Hotfix_ServerUrlBasedLoading

Those with pre-alpha access can get the 3.0 variant hotfix here:
http://forums.visokio.com/discussion/3041/private-remote-url-hosted-ioks-in-mobile-server-3.0-variant/p1

Example


Remote IOK example URL

For example, let's say your IOK file is hosted on a document management server. Let's pretend this IOK download URL from our demo server is as such. (It doesn't matter the technology, as long as the URL is accessible without restriction to the Mobile Server process, server-side, and results in an IOK file as a binary stream):

https://omniscope.me/Bond+prices.iok?download

Remote URL Pattern option value

This option must be set (i.e. non-empty) to enable this feature. The option itself defines what remote URLs are valid. (Mobile Server will make server-side HTTP requests to URLs specified in incoming HTTP requests, and if exposing this to the outside world, you'll want to make sure Mobile Server can't be maliciously instructed to make REST API query requests on your internal systems.)

This option is a regular expression which must match against the remote IOK URL (after it has been decoded from the external URL "PARAM"), e.g.:

https\:\/\/omniscope\.me\/.*

External URL visited in browser

Assuming your Mobile Server's main page is "http://yourserver/", the external URL would be "http://yourserver/PARAM/" where PARAM is the URL-encoded remote URL. Use http://meyerweb.com/eric/tools/dencoder/ to encode a URL by hand.

http://yourserver/https%3A%2F%2Fomniscope.me%2FBond%2Bprices.iok%3Fdownload/

This is what the end-user would see, unless you are using a reverse proxy to hide the URL or provide custom integration and security.


A note about security


Server permissions that take effect depend on the default folder configuration in the server, and if you are using folder.xml files in the sharing folder, these also take effect. You can in fact use "http://yourserver/path/in/sharing/folder/PARAM/" to load an external URL but apply the folder permissions from "WEBROOT/path/in/folder/folder.xml" where WEBROOT is the configured sharing folder.

If your server is exposed externally, be warned. Any URL which matches the regular expression will result in Mobile Server executing a server-side HTTP "GET" request to that URL. Use this only with a carefully restricted regular expression, or on private servers, or servers that are secured with HTTPS and mandatory user authentication.


Headless server configuration


If editing a headless server's config.xml, "Remote URL pattern" is found here:
<schedulerConfig> ...
<mobileWebServerConfig>
<mobilewebserver ... remoteUrlPattern="https\:\/\/omniscope\.me\/.*" ... >
]]>
Omniscope Server - configuration file upload - download (2.9 Plus) http://forums.visokio.com/discussion/2949/omniscope-server-configuration-file-upload-download-2.9-plus Thu, 04 Jun 2015 09:19:59 -0400 antonio 2949@/discussions You can then use Omniscope (free viewer too) to edit the config.xml file.

Go to the Admin Web App main page and click on "Server Configuration"
image

Then you can
1) Download the current server configuration file (config.xml)
2) Edit it locally with your Omniscope app (feature available in "Settings > Server > Edit server configuration" menu).
3) Upload the edited/new config.xml . The Server will apply the new settings and restart its services (e.g. Scheduler, Mobile Web Server).
image

Once uploaded correctly, the UI will show a confirmation message.
N.B. if you change server global settings like log folder, log level, you will need to restart the Omniscope Server app.
image]]>
Web Server: HTTPS and URL Redirection http://forums.visokio.com/discussion/2422/web-server-https-and-url-redirection Fri, 06 Dec 2013 10:42:51 -0500 antonio 2422@/discussions
These two different redirection rules are applied in the following order:
  1. URL Redirection: redirects incoming client requests to a different host/context
    This technique allows you to make a web address/context available under more than one URL address.
    It can be used for URL shortening, to prevent broken links, to allow multiple domain names to refer to a single Omniscope Mobile. (more info here)

    Host redirection
    For instance, the following configuration allows to redirect the client, that was navigating to "alpha.omniscope.me", to the different "https://omniscope.me" host.
    image
    e.g. it redirects from "http://alpha.omniscope.me/folder/file.iok" to "https://omniscope.me/folder/file.iok"

    Context redirection
    Another example is to redirect requests to a particular context (e.g. link to a particular IOK file)
    Say that your server is serving at "http://server.domain" and you want to redirect "http://server.domain/dashboard" to the full link "http://server.domain/MyDefinitelyBeautifulDashboard.iok". The following configuration allow you to do so.
    image
    e.g. it redirects from "http://server.domain/dashboard" to "http://server.domain/MyDefinitelyBeautifulDashboard.iok"

    Host and context redirection
    This example combines host and context redirection.
    Say that you server is serving at "http://alpha.omniscope.me" and you want to redirect the "/demo" context to a different host "https://demoserver/" and different context "/MyBeautifulDashboard.iok". Then use the following configuration
    image
    It will redirect from "http://alpha.omniscope.me/demo" to "https://demoserver/MyBeautifulDashboard.iok".

    To redirect all incoming requests to a particular context regardless your server host/virtualhost name, then leave the VirtualHosts field empty.

    N.B. by specifying the Redirect from field you define which context has to be redirected.
    If you leave it blank then the URL redirection will be applied on all the incoming requests. In this case it is better if you perform redirection to a different host by specifying a full URL in the Redirect to field (e.g. "https://differentHost/pathTo/file.iok")
    Be aware that misconfiguration may create redirect loop error.

  2. Redirect HTTP to HTTPS: redirects all incoming HTTP requests to HTTPS.
    If the HTTPS protocol is enabled, this option will configure your server to serve the content only through the HTTPS secured channel.
]]>
Versions: March 2015 minor updates to 2.9 Plus http://forums.visokio.com/discussion/2897/versions-march-2015-minor-updates-to-2.9-plus Sun, 29 Mar 2015 05:04:27 -0400 steve 2897@/discussions
http://www.visokio.com/download/plus?branch=special&feature=Plus/Hotfix_March2015MiscFixes


Tab selection when printing and creating PDFs (Omniscope Mobile)


In the print/PDF dialog in Omniscope Mobile (from the 3-dots application menu), you can now select which tabs to print, with shortcuts to select All or Current. Note that it is much faster to print/PDF only a single tab.
image


BOM support for UTF data files such as CSV


This was added to provide fast data export from Omniscope Mobile (via cloud icon image) while supporting Excel integration and international characters/accents.
image
image

Native XLSX file export is several times slower than CSV, which for files of many 100,000s of records becomes quite a hindrance. However without BOM support, CSV export cannot support international characters in a way that is compatible with Excel (UTF-8 files without BOM open in Excel as ASCII and show international characters garbled).

The BOM (byte order mark) is an optional sequence of 2 or 3 characters which are never found in normal text and which, if present, signal that the rest of the file is in a UTF character encoding (supporting an enormous range of characters, accents and symbols from most countries and regions).

When exporting to text-based files such as CSV, if you choose UTF-8 or UTF-16 encoding, Omniscope now writes the BOM to the start of the file. On double-clicking a CSV with Excel installed, Excel will detect this and open it displaying international characters correctly. Note that Omniscope Mobile always uses UTF-8 encoding (irrespective of the server's operating system defaults) when exporting view data using the cloud icon (image).

Similarly, when importing from text-based files such as CSV, Omniscope now detects the BOM which is optionally present at the start of UTF-8 and UTF-16 encoded text. If found, Omniscope now forces UTF encoding and overrides whatever encoding was configured, then skips the BOM and reads the file correctly. This makes the safe assumption that the BOM sequence is a reliable indicator of encoding.

We've also added an app-wide setting allowing you to disable these two UTF-8 BOM changes (import and export effects), should there be unexpected problems with 3rd party CSV producers/consumers:
Settings > Advanced > Data sources > Support UTF BOM (byte order marks)"


Support for "Show no records watermark" option (Omniscope Mobile)


image
If you have disabled the "No records" or "Empty" watermark text (using Settings > Advanced tab settings > Show no records watermark), Omniscope Mobile now honours this setting.


Excessive rounding in Bar/line value labels (Omniscope Mobile)


The optional value labels at the top of bars, showing the numeric measure values, were often formatted with excessive truncation/rounding/abbreviation. This would lead to a series of bars with (e.g.) "9" showing, despite it being clearly visible that they were different heights and actually somewhere between 8.5 to 9.5.
image

This has now been fixed, and the configured accuracy of the measure field will be used providing there is enough space above the bar.
image

This bug was most apparent with "flipped" (bars going sideways) Bar views. However, after this fix, if you have configured "Thin bars" there may still be not enough room to show sufficient accuracy; you should change your bar widths using Bar view toolbar > Layout > Medium bars to resolve.]]>
Scheduler: Concurrent task execution (2.9 Plus) http://forums.visokio.com/discussion/2867/scheduler-concurrent-task-execution-2.9-plus Wed, 11 Mar 2015 05:15:19 -0400 steve 2867@/discussions http://forums.visokio.com/discussion/851/idea-scheduler-running-2-jobs-at-one-time/p1

For those who use the Scheduler to manage automated refresh and publishing tasks, you can now configure the server to process multiple tasks in parallel.

image

This has now been integrated into the 2.9 Plus version, from build 1615 onwards, available now:
http://www.visokio.com/download/plus

Once installed, start Omniscope Server, and open Scheduler > Config > Advanced. The new "Concurrency" setting is empty by default, which is the same as the previous behaviour of only executing tasks in series. Enter "2" or higher to allow parallel execution. Then stop and start the Scheduler service for it to take effect.

Check the "service_scheduler_log.txt" file, typically at http://your_server_ip:48080/logs/scheduler, to verify it has taken effect. Log messages will be preceded by "#0", "#1", ... to show which parallel worker is processing a task.

You should not set this value too high. Unless you have lots of low-CPU high-I/O tasks, on a 4-core server, it be very unlikely to help setting it higher than 4, and would probably degrade performance.

In any event, there must be enough memory in the server to process any tasks likely to overlap execution. If not, and you cannot increase server memory, reduce the concurrency number or rearrange the schedule.

We've also made some small refinements to the Scheduler UI, such as ability to "Add > Duplicate selected" on a list item (such as a task), and grouping of advanced options.

Please comment here with any test feedback.]]>
Export: Re-branding data exports from browser views http://forums.visokio.com/discussion/2482/export-re-branding-data-exports-from-browser-views Fri, 28 Feb 2014 08:06:48 -0500 richard 2482@/discussions
Attached is an example using the 'Bond Prices' demo file and a basic XLSX file as a template. Any exports generated from this IOK file will now be output as an XLSX using the same styling etc.

To use this example, unzip 'mobile.zip' and place it within your 'mobile' directory of the Omniscope Mobile Server deployment. (Note: You will need to enable exports for this to work - see links below).

  • Go to this post for instructions on how to enable exporting.
  • Go to this post for instructions on how to configure branding.


Setting up branded exports

To configure your own branded exports:
  1. Move your XLSX file into the 'branding.internal/mobile/app' folder related to the relevant IOK.
  2. Copy the 'export_view.xml' file to the same location.
  3. Edit the contents of the XML file using the instructions below.
  4. Run your IOK file using Omniscope Mobile Server and click the export button on any view.


Configuring the XML

<exportview templateFile="my_template.xlsx" worksheet="Data" column="2" row="5" includeHeaders="true" />

templateFile
Points to your XLSX file which must be inside the same 'branding.internal/mobile/app' folder.

worksheet
Name of the worksheet which will contain your export.

column/row
Column/row position where the data export will start.

includeHeaders
Whether or not to include a header row of field names.

]]>
Web Server: New "mask version" option in Web Server config menu (2.9 Plus) http://forums.visokio.com/discussion/2847/web-server-new-mask-version-option-in-web-server-config-menu-2.9-plus Tue, 17 Feb 2015 08:32:27 -0500 steve 2847@/discussions
Omniscope Web Server > Config > Permissions > Mask version

This will encode the version identifier where displayed to end users on the web (such as in the page title and the About box) in a form that masks the intricacies of the Visokio build+branch+versioning system.]]>
Branding: Re-branding HTML5 web browser versions http://forums.visokio.com/discussion/2399/branding-re-branding-html5-web-browser-versions Wed, 06 Nov 2013 13:07:21 -0500 antonio 2399@/discussions Introduction
Starting from 2.9 b795 we have extended the re-branding options to include Omniscope view versions deployed to browsers as HTML5/JS

In order to able to brand Omniscope you need:
1) Ensure getStatic="true”:

To do this, it is recommended you modify the folder.xml file and change the anonymous user permissions to allow all users to benefit from the UI customisation:
...
<anonymous>
<permissions listDirectory="false" downloadFile="false" viewInMobile="false" fileManagement="false" getStatic="true" viewServerState="false" />
</anonymous>
...


2) Have a “branding.internal\mobile” folder (see attached example folder) in the directory you want to customise under the Mobile sharing folder. Alternative, have a “branding” folder in the Omniscope installation directory.

The branding has been split into three different areas, “Admin, Server and App” where resources for each of these areas is stored inside of “branding.internal” folder.

The description below refers to the main "Mobile sharing folder" as the root folder.

Admin web server



You can customise various resources and htmls files relating to the Admin server, by placing a “branding.internal\mobile\admin” folder in the root folder.

You can then override or replace the existing files with your own custom logo or add text to the appropriate html files.

Note, placing the folder in sub-directory won't work - branding can only be done from the root folder.

Mobile web server



You can customise various resources and htmls files relating to the Mobile web server, by placing a “branding.internal\mobile\server” folder in the root mobile sharing root folder, or even in a sub-folder within mobile sharing folder to show different branding on a per-customer basis.

For example, if you have three different clients, then you can place “branding.internal\server” folder in each of the client’s directory and configure them to have their own logo etc.

App



Just like Mobile web server you can override on a per-folder basis the app-splash and favicon shown for the IOK file is loading. In order to customise app specific resources, you need create “branding.internal\mobile\app” folder in the appropriate directory containing the file.


Omniscope (Desktop/Mobile sharing)



Omniscope will look for branding\app folder in the installation branding folder (branding folder of Omniscope application itself) for the resources.


Further information



Omniscope Mobile looks for branding resources in a hierarchical way and falling back to installation branding folder.

For example, to find the favicon to load when loading the IOK file in Mobile web server. Omniscope Mobile will search for favicon.ico file in the following order:

  1. Looks for branding.internal\app in the folder that contains the IOK that it is loading.
  2. If found, uses that, otherwise, goes into parent folder and does the same as 1. It does this all the way up to the mobile sharing folder. Note, if the folder that Omniscope is using to display the resource is protected, then the user will be prompted to enter authentication details.
  3. If it can’t find it the resource in the mobile sharing folder, it will check installed branding folder (branding folder “branding” installed in the Omniscope installation directory). No authentication is required to access resources from installed branding.
  4. If it can’t find the file, it will check if the file is bundled with Omniscope, otherwise throws a File not found error.
  5. Note: This allows you to have a possibly a generic branding inside some folder, which all sub-folders will inherit. One only needs to customise or place specific resources they want to override in the sub-folders.
]]>
Content View: Creating a custom view using a JS library http://forums.visokio.com/discussion/2679/content-view-creating-a-custom-view-using-a-js-library Mon, 11 Aug 2014 08:58:55 -0400 steve 2679@/discussions
Try online
Download IOK

We use the example from http://www.datatables.net/examples/data_sources/js_array.html and use server-side JS preprocessing to inject dynamic data into the data array declarations in the client-side JS. Open in Omniscope Desktop and edit the Content View source to see how this works.]]>
Installation: Public-facing Omniscope (Mobile) Server setup http://forums.visokio.com/discussion/2676/installation-public-facing-omniscope-mobile-server-setup Fri, 08 Aug 2014 05:05:32 -0400 steve 2676@/discussions
  • Omniscope - a native desktop app that opens and explores IOK files (the free Viewer). When activated, enables analysing and editing your own data, configuring and authoring IOKs, and also DataManager for importing, transforming and exporting data.
  • Omniscope Server - a native desktop app or background server process comprising the Scheduler (for automating IOK updates and publishing) and Mobile Server, a production grade http server for a web-based Omniscope Viewer.

  • Providing you have a Server Edition license you can host a public Omniscope server like ours: https://omniscope.me
    Note that Server Edition licenses are sold by number of concurrent web users supported, an individual user being a browser instance on either a desktop or mobile device.

    Hardware needed

    To experiment, or for smaller files, a reasonable desktop or laptop will do. We support Windows, Mac and common server-class Linux distributions. You can simply run the Server app from your start menu shortcut, after activating.

    For a production-grade system, you'd want it always-on, with a UPS, hardware redundancy, etc., probably hosted in a datacenter or IaaS cloud like Amazon EC2.

    Install configuration

    You'd also ideally want to install Omniscope to run as a service, i.e. in the background on startup, without a user desktop session logged in.

    Once you have the Server app open, you'll see the links to the default sharing folder and serving web address in the Omniscope Server window. Drop some IOKs in the sharing folder and start browsing locally.

    To make it publicly available:
    1. Configure security options as needed
    2. Enable port forwarding on your external network firewall
    3. Buy a domain name
    4. Configure the domain to point to your firewall's external IP address
    5. If using user logins, you should also buy an SSL certificate and configure HTTPS only access.

    You now have a public server available at http://www.your-domain-name.com/

    For more details see http://forums.visokio.com/discussion/2610/announcing-omniscope-2.9-beta/p1]]>
    Export: Download PDF/Print from browser versions (2.9+) http://forums.visokio.com/discussion/2618/export-download-pdfprint-from-browser-versions-2.9- Fri, 27 Jun 2014 13:29:47 -0400 antonio 2618@/discussions
    From the app top-right "3 dots" menu, by selecting
    • Download as PDF, the server will generate and send to client a PDF file containing all the IOK file tabs captured as high quality images page by page.
    • Print..., the server will generate a printable HTML report, made of all IOK file tabs high-quality images, that will automatically prompt the end-user native browser print dialog.


    Users can select which aspect-ratio to use to generate the PDF or the printable HTML report
    When prompted,
    image

    • Ticking Use current browser size will generate a report that follows exactly the same app proportions (e.g. views, filters) as seen by the user in their browser.
    • Unticking the option will produce a A4 friendly landscape format report, in which the app proportion will be adapted to the A4 ratio.


    For instance, iPad users may want to download a PDF that looks exactly the way they are experiencing Server-hosted Omniscope IOK files from inside their iPad browsers by using the Use current browser size option and the result will be something similar to the attached PDF.

    N.B. If you run Omniscope Server on Linux server OS and you print a report you may encounter errors / visual glitches, so please follow this troubleshooting post]]>
    Security: Locking Mobile in Viewer-only mode (Version 3.0) http://forums.visokio.com/discussion/2583/security-locking-mobile-in-viewer-only-mode-version-3.0 Mon, 09 Jun 2014 07:01:56 -0400 mustafa 2583@/discussions

    Features always available


    • Ability to filter individual devices.
    • Ability to change the tab.
    • Ability to do selection.
    • Ability to use Map view controls.
    • Ability to use Data titles (if shown) to change i.e. Split by in Bar view.


    Features disabled in Viewer mode


    • Ability to show/hide filters.
    • Ability to show/hide maximise button.
    • Ability to show/hide view menus.
    • Ability to edit tab layout (design mode) i.e. for adding/removing views.


    How to restrict to Viewer mode


    Viewer mode restrictions are applied when the "File management" permission is disabled in the Mobile Web server config.

    In this screen, anonymous access is configured to allow file management and thus "configuration" mode:

    image
    ]]>
    Security: Mobile Web Server user permissions http://forums.visokio.com/discussion/2388/security-mobile-web-server-user-permissions Mon, 28 Oct 2013 15:04:16 -0400 antonio 2388@/discussions
    To enable this feature, just create a folder.xml configuration file and put it into your sharing folder (or subfolder).
    You can start by using the folder.xml.default file, present into the mobile sharing folder, as template.

    Remember, the settings present into the folder.xml file will override the default anonymous/folder permissions, and the default users credentials and permissions. As a note for system administrators, folder.xml works like Apache .htaccess file.

    Here follows the main aspects you have to knowledge to properly configure the folder.xml file:

    Permissions


    These are permissions you can set on a folder or per user basis:
    • listDirectory : allow users to list existing files and subfolders
    • downloadFile : allow users to download the IOK files
    • viewInMobile : allow users to launch the Omniscope Mobile app for the existing IOK files
    • fileManagement : allow users to upload IOK files, rename and delete resources, create new folders in the folder
    • getStatic : allow users to get/access static resources from the folder, and to customise default styles (e.g. logo, icons, css files)
    • viewServerState : allow users to view the server state through a monitoring page

    N.B. A missing permission in the configuration is equivalent to deny

    User Credentials


    To specify user credentials is required you specify:
    • username : in clear text
    • password : hash encrypted string using MD5 algorythm. As reference you can use this link to generate the hash.


    folder.xml file structure


    • Anonymous section
      The <anonymous> element describes the unauthenticated permissions, and is also used as default values for per-user permissions.
      Unauthenticated public access will be given these permissions. Any false/missing permissions will require authentication.
    • Users section
      The <user> element describes the credentials and the permissions per user, and is made by the following elements/attributes:
      • Enabled : whether or not the user is enabled.
      • Credentials : the user username and password
      • Permissions: the user permissions that will override the anonymous ones



    folder.xml example


    <?xml version="1.0" encoding="UTF-8"?>
    <mobilefolder>
    <anonymous>
    <permissions listDirectory="true" downloadFile="false" viewInMobile="true" fileManagement="false" getStatic="false" viewServerState="false"/>
    </anonymous>
    <users>
    <user enabled="true">
    <credentials>
    <credentials username="antonio" password="9aeb94180027a7081352cba05e6a3782" />
    </credentials>
    <permissions>
    <permissions listDirectory="true" downloadFile="true" viewInMobile="true" fileManagement="true" getStatic="true" viewServerState="true" />
    </permissions>
    </user>
    <user enabled="true">
    <credentials>
    <credentials username="guest" password="4aeb93180027a708186hy4505e6a6465" />
    </credentials>
    <permissions>
    <permissions listDirectory="true" viewInMobile="true" getStatic="true" />
    </permissions>
    </user>
    </users>
    </mobilefolder>


    Common use cases:


    • Anonymous access not allowed, Admin user full permissions, Guest users browse and play IOK files
      <?xml version="1.0" encoding="UTF-8"?>
      <mobilefolder>
      <anonymous>
      <permissions listDirectory="false" downloadFile="false" viewInMobile="false" fileManagement="false" getStatic="false" viewServerState="false"/>
      </anonymous>
      <users>
      <user enabled="true">
      <credentials>
      <credentials username="admin" password="9aeb94180027a7081352cba05e6a3782" />
      </credentials>
      <permissions>
      <permissions listDirectory="true" downloadFile="true" viewInMobile="true" fileManagement="true" getStatic="true" viewServerState="true" />
      </permissions>
      </user>
      <user enabled="true">
      <credentials>
      <credentials username="guest" password="4aeb93180027a708186hy4505e6a6465" />
      </credentials>
      <permissions>
      <permissions listDirectory="true" viewInMobile="true" getStatic="true" />
      </permissions>
      </user>
      </users>
      </mobilefolder>

    • Anonymous can browse folders, no Admin user, Guest users browse and play IOK files
      <?xml version="1.0" encoding="UTF-8"?>
      <mobilefolder>
      <anonymous>
      <permissions listDirectory="true" getStatic="true" />
      </anonymous>
      <users>
      <user enabled="true">
      <credentials>
      <credentials username="guest" password="4aeb93180027a708186hy4505e6a6465" />
      </credentials>
      <permissions>
      <permissions listDirectory="true" viewInMobile="true" getStatic="true" />
      </permissions>
      </user>
      </users>
      </mobilefolder>


    ]]>
    Network View: Now available in browser versions http://forums.visokio.com/discussion/2575/network-view-now-available-in-browser-versions Thu, 29 May 2014 12:48:14 -0400 chris 2575@/discussions
    The Network view supports a subset of the functionality of the desktop equivalent, more specifically:

    • Both grouped and relational network types are supported.
    • Node size, shape and colour.
    • Line width and arrows.
    • Label font and background.
    • The "Circle" and "Best fit" layouts.

    We are planning to migrate other functionality, such as line labels and additional layout types, in the near future. We will update on this forum post once these features have been implemented.

    The screenshot below is a relational network showing the voting between countries at the Eurovision song contest 2014. Here we are filtering so that links are only shown where 8 or more points are being awarded. Popular countries, such as Austria and The Netherlands (who came 1st and 2nd respectively) are positioned nearer the center of the network.

    image
    The screenshot below shows a grouped network where an employee database is split by sex, location and age range. The size and colours of the nodes indicate the number of records, so for example we can see a large proportion of males are based in London (98 Males out of 646 total).

    image
    The Mobile Network view supports tiling and paning. Both of these features are not available in the desktop Network view. The screenshot below shows the Eurovision data described above paned by the number of points awarded, from 1 point to 12 points:

    image
    If you encounter any problems using the network view please let us know. In addition, if you have any comments or ideas for improving the Network view we would be keen to hear from you.]]>
    Security: Group Permissions http://forums.visokio.com/discussion/2572/security-group-permissions Tue, 27 May 2014 07:02:09 -0400 Veaceslav 2572@/discussions Mobile Web Server Authentication

    Group Permissions

    Mobile Server authentication has been redesigned to include LDAP/Active Directory (AD) authentication and Single-Sign-On (SPNEGO) mechanisms.

    Each server request goes through a security check first and if it is authorized, the request is processed and a proper response is sent back to the client.

    Authorization permissions may be added to anonymous users and authentication groups. Permissions cannot be added for each individual user. To make sure a user has specific permissions you need to create a group with those permissions and add the user to that group.

    Omniscope Mobile web server allows you to configure per folder authorization/permissioning configuration.

    To enable this feature, just create a folder.xml configuration file and put it into your sharing folder (or subfolder).
    You can start by using the folder.xml.default file, present into the mobile sharing folder, as template.

    Remember, the settings present into the folder.xml file will override the default anonymous/folder permissions, and the default authentication groups and permissions. As a note for system administrators, folder.xml works like Apache .htaccess file.

    Editing tip for folder.xml
    Instead of manually editing the folder.xml file we suggest you copy an existing folder.xml into the correct folder and then use Omniscope Mobile Web Server UI main toolbar (Settings > Edit folder.xml configuration...) to edit the folder.xml.

    Permissions

    Here follows the main aspects you have to knowledge to properly configure the folder.xml file.

    These are permissions you can set on a folder or per group basis:
    • listDirectory : allow users to list existing files and subfolders
    • downloadFile : allow users to download the IOK files
    • viewInMobile : allow users to launch the Omniscope Mobile app for the existing IOK files
    • fileManagement : allow users to upload IOK files, rename and delete resources, create new folders in the folder and save. Also used to control if mobile is in "Viewer" mode.
    • getStatic : allow users to get/access static resources from the folder, and to customise default styles (e.g. logo, icons, css files)
    • viewServerState : allow users to view the server state through a monitoring page
    • exportData : allow users to export a view's data as a CSV file.

    N.B. A missing permission in the configuration is equivalent to deny

    folder.xml file structure


    • Anonymous section
      The <anonymous> element describes the unauthenticated permissions, and is also used as default values for per-group permissions.
      Unauthenticated public access will be given these permissions. Any false/missing permissions will require authentication.
    • Groups section
      The <group> element describes the authentication group and its permissions, and is made by the following elements/attributes:
      • Enabled : whether or not the group is enabled. Disabled groups are not considered during authentication
        Note: If the enabled attribute is missing the group will be enabled by default. A group is disabled only if the enabled attribute is present and is set to false
      • Name: specifies the group name e.g. Data Analysts, Guests, Administrators, Employees, etc
      • Permissions: the group permissions that will override the anonymous ones
      • Mechanisms: a list of authentication mechanisms to be used when authenticating users for this group e.g. LDAP Query, List Of Users, SPNEGO (Single-Sign-On)
        • ListOfUsers: defining a list of users, e.g. :
          <listOfUsers>
          <users>
          <credentials username="test" password="098f6b627b4f6" />
          <credentials username="visokio" password="72261efef7c41" />
          </users>
          </listOfUsers>

          Credentials element has two attributes: username and password (the MD5 encrypted password).
          To generate password MD5s, visit this link

        • ldapQuery: LDAP Query mechanism enables Omniscope Server to query an LDAP/AD server to validate user credentials
          Attributes:
          • distinguishedName: LDAP group distinguished name E.g. CN=Users,DC=example,DC=com
          • url: A full URL pointing to your LDAP/AD server
            Example 1: 'LDAP://ldapserver.example.com:389'
            where LDAP is protocol name, ldapserver.example.com is the LDAP/AD server and 389 is the default port for LDAP protocol
            Example 2: 'LDAPS://ldapserver.example.com:636' where LDAPS is LDAP over SSL protocol,
            ldapserver.example.com is the LDAP/AD server and 636 is the default port for LDAPS protocol
          • ignoreSslIssues: false most of the time. Set true only if your LDAP/AD server has not been configured to use a trusted certificate and you are using LDAPS protocol
          • securityAuthentication: Security authentication type supported by your LDAP/AD server. By default, LDAP/AD server uses a simple security type. However, you should contact your administrator to check whether you need to use a different type (CRAM-MD5, or DIGEST-MD5, or none)
          • principalNameFormat: can have only one the the following values:
            1. {Name} : User's simple name will be used to authenticate. e.g. 'username' and 'password' will be used
            2. DOMAIN\{Name}: User's simple name will be added the DOMAIN name automatically e.g 'EXAMPLE.COM\username' and 'password' will be used to authenticate the user
            3. {Name}@DOMAIN: User's simple name will be appended the DOMAIN name automatically e.g. 'username@EXAMPLE.COM' and 'password' will be used to authenticate the user

          • principalDomain: must be set only if 'principalNameFormat' contains a domain name, otherwise it will be disregarded. e.g. 'EXAMPLE.COM'

        • spnegoMechanism: a Single-Sign-On authentication mechanism e.g.:
          <spnegoMechanism>
          <userNames>
          <userName userName="johnsmith" />
          <userName userName="johndoe" />
          </userNames>
          </spnegoMechanism>

          spnegoMechanism element has a list of user names to be verified once users authenticate successfully on LDAP/AD server and are assigned group permissions (roles).
          WARNING: spnegoMechanism will be disregarded during authentication if SPNEGO global settings are not set in config.xml




    folder.xml example


    <?xml version="1.0" encoding="UTF-8"?>
    <mobilefolder>
    <anonymous>
    <permissions listDirectory="false" downloadFile="false" viewInMobile="false"
    fileManagement="false" getStatic="false" viewServerState="false"
    exportData="false" />
    </anonymous>
    <groups>
    <group enabled="true" name="Data Analysts">
    <permissions>
    <permissions listDirectory="true" downloadFile="true" viewInMobile="true"
    fileManagement="false" getStatic="false" viewServerState="false"
    exportData="false" />
    </permissions>
    <mechanisms>
    <spnegoMechanism>
    <userNames>
    <userName userName="john" />
    </userNames>
    </spnegoMechanism>
    <ldapQuery
    distinguishedName="CN=Users,DC=example,DC=com"
    url="ldap://ldapserver.example.com:389"
    ignoreSslIssues="false"
    securityAuthentication="simple"
    principalNameFormat="{Name}@DOMAIN"
    principalDomain="example.com">
    </ldapQuery>
    <listOfUsers>
    <users>
    <credentials username="Tester" password="f5d1277e04873b9" />
    </users>
    </listOfUsers>
    </mechanisms>
    </group>
    </groups>
    </mobilefolder>


    Common use cases:


    • Anonymous access not allowed, Admin user full permissions, Guest users browse and play IOK files

      <?xml version="1.0" encoding="UTF-8"?>
      <mobilefolder>
      <anonymous>
      <permissions listDirectory="false" downloadFile="false" viewInMobile="false"
      fileManagement="false" getStatic="false" viewServerState="false"
      exportData="false" />
      </anonymous>
      <groups>
      <group enabled="true" name="Administrators">
      <permissions>
      <permissions listDirectory="true" downloadFile="true" viewInMobile="true"
      fileManagement="true" getStatic="true" viewServerState="true"
      exportData="true" />
      </permissions>
      <mechanisms>
      <listOfUsers>
      <users>
      <credentials username="admin" password="5d141e04873b9" />
      </users>
      </listOfUsers>
      </mechanisms>
      </group>
      <group enabled="true" name="Guests">
      <permissions>
      <permissions listDirectory="true" viewInMobile="true"
      getStatic="true" />
      </permissions>
      <mechanisms>
      <listOfUsers>
      <users>
      <credentials username="guest" password="f5d1ee04873b9" />
      <credentials username="visitor" password="43ffge14197e45" />
      </users>
      </listOfUsers>
      </mechanisms>
      </group>
      </groups>
      </mobilefolder>

    • Anonymous access not allowed, admin users authenticating with their LDAP accounts, employees browse and play IOK files and authenticate with their LDAP accounts, a new employee user authenticating with List Of Users mechanism if an LDAP account is not yet available and a user authenticating with a Single-Sign-On (SPNEGO) mechanism

      <?xml version="1.0" encoding="UTF-8"?>
      <mobilefolder>
      <anonymous>
      <permissions listDirectory="false" downloadFile="false" viewInMobile="false"
      fileManagement="false" getStatic="false" viewServerState="false"
      exportData="false" />
      </anonymous>
      <groups>
      <group enabled="true" name="Administrators">
      <permissions>
      <permissions listDirectory="true" downloadFile="true" viewInMobile="true"
      fileManagement="true" getStatic="true" viewServerState="true"
      exportData="true" />
      </permissions>
      <mechanisms>
      <ldapQuery
      distinguishedName="CN=Administrators,DC=example,DC=com"
      url="ldap://ldapserver.example.com:389"
      ignoreSslIssues="false"
      securityAuthentication="simple"
      principalNameFormat="{Name}@DOMAIN"
      principalDomain="example.com">
      </ldapQuery>
      </mechanisms>
      </group>
      <group enabled="true" name="Employee">
      <permissions>
      <permissions listDirectory="true" downloadFile="true" viewInMobile="true"
      fileManagement="false" getStatic="true" viewServerState="false"
      exportData="false" />
      </permissions>
      <mechanisms>
      <spnegoMechanism>
      <userNames>
      <!-- User 'john' with password 'SomePassword' is defined on the
      LDAP server and logged in the client machine to test SPNEGO -->
      <userName userName="john" />
      </userNames>
      </spnegoMechanism>
      <ldapQuery
      distinguishedName="CN=Users,DC=example,DC=com"
      url="ldap://ldapserver.example.com:389"
      ignoreSslIssues="false"
      securityAuthentication="simple"
      principalNameFormat="{Name}@DOMAIN"
      principalDomain="example.com">
      </ldapQuery>
      <listOfUsers>
      <users>
      <credentials username="NewEmployee" password="d1274e417e04" />
      </users>
      </listOfUsers>
      </mechanisms>
      </group>
      </groups>
      </mobilefolder>

    ]]>
    Security: SPNEGO Troubleshooting http://forums.visokio.com/discussion/2571/security-spnego-troubleshooting Tue, 27 May 2014 05:05:11 -0400 Veaceslav 2571@/discussions Mobile Web Server Authentication

    SPNEGO Troubleshooting


    • Error Java Cryptography Extension (JCE) Unlimited Strength is not enabled.
      LDAP/Active Directory (AD) server may send tickets that have been encrypted using AES 256 bits (or larger) which is not enabled in Java (JRE) by default and therefore SPNEGO authentication may fail

      Java Cryptography Extension (JCE) Unlimited Strength includes two jar files that contain only configuration settings enabling unlimited strength cryptography algorithms in Java.

      To enable JCE unlimited strength download it from http://www.oracle.com/technetwork/java/javase/downloads/jce-7-download-432124.html

      The downloaded file contains three files

      • local_policy.jar
      • US_export_policy.jar
      • README.txt

      Read and follow the instructions outlined in the README.txt file.

      To install JCE unlimited strength, the client needs to put these two jars in
      - {OMNISCOPE LOCATION}\x86\lib\security
      - {OMNISCOPE LOCATION}\x64\lib\security
      while creating a backup for the existing (default) two files and restart the application

    ]]>
    Security: List Of Users authentication http://forums.visokio.com/discussion/2569/security-list-of-users-authentication Mon, 26 May 2014 06:12:43 -0400 Veaceslav 2569@/discussions Mobile Web Server Authentication

    List Of Users authentication mechanism

    Besides Single-Sign-On (SPNEGO) and LDAP Query mechanisms which authenticate users that are stored and managed on other servers like LDAP, Omniscope Mobile server may be configured to validate Omniscope users by manually adding custom users on server. Those users are stored in Omniscope Server configuration files (config.xml, folder.xml).

    Configuration steps


    1. Open Edit Default folder configuration dialog (Visokio Omniscope Server window -> Mobile Web Server section -> Config button -> Permissions section -> Default folder configuration -> Edit)
    2. Make sure to properly edit anonymous permissions first (actions that are allowed for anonymous users will not use authentication).
    3. Add a new group (or edit an existing group)
      - Note: Disabled groups are not considered during authentication

      image

    4. Edit group permissions
    5. For group mechanisms click the Add button and select List of users.

      image
    6. Add users.

      image

      image


    Legacy Omniscope users


    List Of Users authentication mechanism is a replacement for the legacy Omniscope users. Old configuration files are converted automatically.

    Users are grouped automatically based on their permissions and whether users are enabled or disabled.

    E.g.
    Legacy users:

    • User 1 with permissions A, enabled
    • User 2 with permissions B, enabled
    • User 3 with permissions A, enabled
    • User 4 with permissions A, disabled
    • User 5 with permissions A, enabled

    Are automatically converted to:
    • Group 1 with permissions A, enabled having User 1, User 3, User 5
    • Group 2 with permissions A, disabled having User 4
    • Group 3 with permissions B, enabled having User 2

    ]]>
    Security: LDAP Query Mechanism http://forums.visokio.com/discussion/2567/security-ldap-query-mechanism Fri, 23 May 2014 11:50:30 -0400 Veaceslav 2567@/discussions Mobile Web Server Authentication

    LDAP Query Mechanism

    LDAP Query authentication mechanism let's you configure Omniscope Mobile server to query an LDAP server to validate user credentials.
    • Users are stored and managed by an LDAP/Active Directory (AD) server
    • Omniscope Mobile server is configured to query the LDAP/AD server


    Prerequisites


    To configure Omniscope Mobile server to use LDAP query mechanism you need to know the following:
    • LDAP distinguished name (e.g CN=Users,DC=example,DC=com)
    • LDAP URL and port (e.g. LDAP://ldapserver.example.com:389)
    • LDAP security authentication type (e.g. simple, or CRAM-MD5, or DIGEST-MD5, or none)
    • Local domain name (e.g. example.com)
    • Whether your LDAP/AD server has been configured to use your trusted certificate (only if you want to use LDAPS instead of LDAP which does not need that information)

    Configuration


    1. Start Omniscope Mobile server

      image

    2. On Mobile Web Server service section click Config, scroll down to Default folder configuration and click Edit

      image

    3. Either create a new group with new permissions, or edit an existing group

      image

      image

    4. Edit LDAP settings

      image

      • Type LDAP distinguished name (e.g CN=Users,DC=example,DC=com), it should match the distinguished name configured on your LDAP server
      • Optional: on the LDAP/AD server create a dedicated user to be used only by Omniscope Mobile server to authenticate users and add this user in the LDAP/AD Dedicated User section
        Setting a dedicated user will help authenticate other users by their account name (which may be composed of their first name and last name). By default, users are authenticated using their account id (sAMAccountName) only
      • Type LDAP URL
        This is a full URL pointing to your LDAP/AD server
        Example 1: 'LDAP://ldapserver.example.com:389' where LDAP is protocol name, ldapserver.example.com is the LDAP/AD server and 389 is the default port for the LDAP protocol
        Example 2: 'LDAPS://ldapserver.example.com:636' where LDAPS is LDAP over SSL protocol, ldapserver.example.com is the LDAP/AD server and 636 is the default port for the LDAPS protocol
      • Check Ignore Ssl certificate issues only if necessary (your LDAP/AD server has not been configured to use your trusted certificate and you want to use LDAPS protocol instead of LDAP )
      • Select the security authentication type supported by your LDAP/AD server.
        By default, LDAP/AD server uses a 'simple' security type. However, you should contact your administrator to check whether you need to use a different type like CRAM-MD5, or DIGEST-MD5, or none
      • Select principal name format. Choosing DOMAIN\{Name} or {Name}@DOMAIN will enable Omniscope server to prepend/append the domain name automatically if the user did not type it already
      • Type your local domain name to be appended to usernames automatically when authenticating users. This field will be disregarded if you selected {Name} for principal name format field



    LDAP Filter


    If you want to authorize only specific users from a LDAP group you should use the LDAP Filter option.

    For instance, let's say you have a group 'CN=Sales,CN=Users,DC=example,DC=com' that has four users: john.smith, ellen.doe and two other users. However, you want to authorize only the first two users. To do so, click the LDAP Filter option and add the two users as shown below:
    image

    Note: The LDAP/AD attribute name should match exactly a user attribute name on your LDAP/AD server. E.g. 'sAMAccountName', and the values you add should match the actual property value for users that are authorized.
    ]]>
    Security: Single-Sign-On (SPNEGO) Configuration http://forums.visokio.com/discussion/2566/security-single-sign-on-spnego-configuration Fri, 23 May 2014 10:32:45 -0400 Veaceslav 2566@/discussions Mobile Web Server Authentication

    Single-Sign-On (SPNEGO) Mechanism

    SPNEGO (Single-Sign-On) mechanism allows users to authenticate automatically with their LDAP/Active Directory (AD) account without asking them for credentials. Having a proper setup, authorized users never type their credentials in any dialog or form. Unauthorized users, however, are either prompted for credentials or are denied server access.
    • Users are stored and managed by an LDAP/AD server
    • Omniscope Mobile server is configured to ask the LDAP/AD server to validate user tokens

    Configuration

    At least three machines are involved in a Single-Sign-On setup:

    1. LDAP/AD server (e.g. computer name ldapserver)
    2. A machine running Omniscope server (e.g. computer name omniscopeserver)
    3. A client machine having a browser installed (Chrome, Firefox, Internet Explorer, etc) (e.g. computer name browserA)

    Note: Single-sign-on does not work when the client (browser) runs on the same machine as Omniscope server (or LDAP/AD)

    • The machines must be on the same intranet network,
    • on the same domain (e.g. example.com),
    • DNS properly setup such that they all can nslookup each other by name (e.g. nslookup omniscopeserver finds the machine running omniscope server)

    1. LDAP/AD machine - Windows Server OS (2003, 2008, 2012, etc)
      • Create a dedicated LDAP user on the domain, e.g. omniscopeuser@example.com with password YourPassword (choose a stronger password), make sure the password never expires
      • In command prompt execute:
        setspn -A HTTP/omniscopeserver.example.com omniscopeuser


        image
        where example.com is your network domain
        omniscopeserver is the name of the machine running Omniscope server
        omniscopeuser is user logon name of the dedicated LDAP user
        HTTP/omniscopeserver.example.com has never been mapped before with other user. If it has, you need to remove it first:
        setspn -D HTTP/omniscopeserver.example.com otheruser

      • In command prompt, execute the second command (make sure to use capital letters exactly as shown in the command):
        ktpass -princ HTTP/omniscopeserver.example.com@EXAMPLE.COM -pass YourPassword -mapuser omniscopeuser@EXAMPLE.COM -out omniscopeuser.HTTP.keytab -crypto RC4-HMAC-NT -kvno 0
        • where example.com is your network domain
        • HTTP/omniscopeserver.example.com - Kerberos service principal name for SPNEGO
        • omniscopeuser - the dedicated SPNEGO user that has been created on the LDAP server
        • YourPassword - password of the dedicated SPNEGO user
        • RC4-HMAC-NT - cryptosystem to use when sending SPNEGO tickets
        • kvno - Key version number

        image

      Obviously, LDAP/AD needs to have regular users defined, users that are about to use Omniscope at least. For the purpose of this tutorial we will consider that
      there is a user clientA@example.com with password ClientPassword

    2. Omniscope server machine

      • Start Omniscope server

        image

      • On Mobile Web Server service section click Config, scroll down to Default folder configuration and click Edit

        image

      • Edit SPNEGO global settings, for principal name type:
        HTTP/omniscopeserver.example.com
        and edit the password for that LDAP account ('YourPassword')

        image

        image

      • Click OK to close editing SPNEGO global settings
      • Either create a new group with new permissions, or edit an existing group

        image

      • Add a new authentication mechanism and choose SPNEGO mechanism

        image

      • Make sure you add all user names for the users that will be allowed to authenticate automatically (e.g. clientA, no domain needs to be included in the name)

        image

        image

      • Click OK to close each dialog and click Save and apply to save the configuration
      • Omniscope server does not need to be restarted manually

    3. Client Machine - The browser has to be configured to use Single-Sign-On and trust omniscopeserver machine

      • For Internet Explorer

        • Open Internet Options

          image
        • In Security tab select Local intranet and click Sites button - make sure all check boxes are selected:
          Automatically detect intranet network,

          image
          • Include all local intranet sites not listed in other zones,
          • Include all sites that bypass the proxy server,
          • Include all network paths


          Then click Advanced button and add the name of the omniscopeserver or the full name (with domain) as it is going to be used to access the omniscope server from the browser
          Note: The browser cannot use Single-Sign-On when accessing the omniscopeserver by IP instead of name, and the name has to be added to the zone

          image

        • Click Close then OK to close the Local intranet dialogs
        • Click Custom Level... button, scroll down to User Authentication and select Automatic logon with current user name and password then click OK to close the dialog

          image

        • In the Advanced tab of the Internet Options dialog scroll down to Security section and make sure Enable Integrated Windows Authentication option is selected. (It should be selected by default)

          image

        • Click OK to close Internet Options dialog
        • Restart Internet Explorer
        • Test it: open http://omniscopeserver you should be able to use omniscope server if you have the right permissions (group permissions that you set up on Omniscope server)

      • Google Chrome
        • Google’s Chrome browser shares the same configuration with Internet Explorer. Once the trusted URL is added in Internet Explorer, Chrome works with SPNEGO. Chrome does not have a configuration mechanism.

      • Mozilla Firefox
        • In the address bar type:
          about:config

          image

          and search for trusted. The required key is a comma separated parameter named network.negotiate-auth.trusted-uris - edit it to include 'omniscopeserver' as well
          image


    ]]>
    Display: Localisation/field formatting for browser versions (2.9+) http://forums.visokio.com/discussion/2565/display-localisationfield-formatting-for-browser-versions-2.9- Fri, 23 May 2014 09:48:49 -0400 Peter 2565@/discussions image
    Fields with dates and numbers are formatted according to the field settings and timezone in the IOK file.
    Abbreviations are now more accurate throughout the application.]]>
    Security: Mobile Web Server Authentication using AD & LDAP+SSO http://forums.visokio.com/discussion/2564/security-mobile-web-server-authentication-using-ad-ldap-sso Fri, 23 May 2014 06:49:45 -0400 Veaceslav 2564@/discussions Mobile Web Server Authentication

    Mobile Web Server Authentication


    Mobile Server authentication has been redesigned to include LDAP/Active Directory (AD) authentication and Single-Sign-On (SPNEGO) mechanism while preserving the List Of Users (Omniscope Users) existing mechanism.

    A realm defines a protection space. Realms allow the protected resources on the server to be partitioned into a set of protection spaces, each with its own authentication and authorization settings.

    By default, all protected resources on the server are configured in the config.xml file. This is the (Home) realm. Specific folders may be manually configured to have their own set of permissions and authentication groups. For more information about folder permissions read this post.

    Server permissions may be configured for anonymous users and for authentication groups.

    A group may have a list of authentication mechanisms and server permissions.

    For instance, the server may be configured to have a group named 'Data Analysts' with permissions to:
    - List directory
    - View in mobile
    - Export view data
    and authenticate users through LDAP Query and List Of Users.

    image

    Authentication mechanisms


    List Of Users

    List Of Users mechanism let's you define custom Omniscope users that are stored and managed by the Omniscope Mobile server. No third party servers/services are involved. Users are manually added/edited/removed by an administrator of the server.

    A user name and a password has to be added for each individual user. Read this post for more information about List Of Users mechanism configuration.

    LDAP Query

    LDAP Query authentication mechanism let's you configure Omniscope Mobile server to query an LDAP server to validate user credentials.

    • Users are stored and managed by an LDAP/AD server
    • Omniscope Mobile server is configured to query the LDAP/AD server

    To learn how to configure Omniscope server to use LDAP Query read this post.

    SPNEGO (Single-Sign-On) Mechanism

    SPNEGO (Single-Sign-On) mechanism allows users to authenticate automatically with their LDAP/AD account without asking them for credentials. Having a proper setup, authorized users never type their credentials in any dialog or form. Unauthorized users, however, are either prompted for credentials or are denied server access.

    • Users are stored and managed by an LDAP/AD server
    • LDAP/AD user password is never sent to Omniscope server
    • Omniscope Mobile server is configured to ask the LDAP/AD server to validate user tokens

    How does SPNEGO work ?

    The browser negotiates with the LDAP/AD server and gets a temporary ticket which is further used to generate temporary unique tokens that are included in every client/browser request sent to Omniscope Mobile server. The tokens contain no information about client user name, password, or any other sensitive data, they are simple strings that can be verified only by the LDAP/AD server. Whenever Omniscope Mobile receives requests having SPNEGO tokens, Omniscope Mobile asks the LDAP/AD for token validation and if the token is valid, LDAP/AD provides only the user name associated with that token. Omniscope server checks whether this user is authorized to be served the requested resource and proceeds accordingly.

    To learn how to configure Omniscope server to use SPNEGO mechanism read this post.

    Authentication Groups

    A group may have multiple authentication mechanisms. Each mechanism will be used during authentication until the user authenticates successfully. If no group authorizes the action that has been requested by the user, the access will be denied.

    You may want to temporarily disable groups instead of deleting them and then adding them back later when needed. Disabled groups are disregarded during authentication.

    ]]>
    New: Chromium browser engine bundled (2.9+) http://forums.visokio.com/discussion/2520/new-chromium-browser-engine-bundled-2.9- Tue, 15 Apr 2014 09:20:07 -0400 antonio 2520@/discussions

    From version 2.9 b1149+ Omniscope will bundle the Chromium browser engine, a stable, modern and standards-compliant open-source browser engine which is behind the Google Chrome browser.

    This major change will bring important benefits:
    • Users will not need a browser installed on their machine to use Web view, Content view, and Omniscope Mobile interface.
    • Application stability will improve as Omniscope will no longer suffer from issues caused by the old version of the installed browser (e.g. IE6).
    • Omniscope user experience will be boosted and improved in terms of look-and-feel, regardless the machine specifications.


    Please feel free to test it and send us your feedback.]]>
    Versions: Omniscope 2.8 stable released http://forums.visokio.com/discussion/2130/versions-omniscope-2.8-stable-released- Fri, 10 May 2013 09:53:41 -0400 steve 2130@/discussions www.visokio.com/download

    If you encounter any faults, please report when prompted or using Help > Error Reporting.
    ]]>
    Connectors: Facebook Atlas paid search report (2.9+) http://forums.visokio.com/discussion/2502/connectors-facebook-atlas-paid-search-report-2.9- Wed, 26 Mar 2014 12:33:07 -0400 chris 2502@/discussions
    In tonight's Omniscope 2.9 release (b1053) we have added the ability to select the report type in the Facebook Atlas connector. You now can choose from "Web media report" and "Paid search report".

    The "Web media report" is the default report that was supported in older versions of Omniscope.

    The "Paid search report" is a new report that mirrors the paid search report in the web interface.

    Please let us know if you have any questions about this, or if you have any ideas for improving the Atlas connector.

    Chris]]>