GlobalCube
/
analytics


			
				
					
						
						
							12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576
							<?xml version="1.0" encoding="UTF-8"?>
<!--
Licensed Materials - Property of IBM

IBM Cognos Products: CAFCommon

© Copyright IBM Corp. 2005, 2019
US Government Users Restricted Rights - Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp. 
-->

<!--
    Copyright (C) 2008 IBM Cognos Incorporated. All Rights Reserved.
    IBM Cognos (R) is a trademark of Cognos Incorporated.
-->
<crn:parameters xmlns:crn="http://developer.cognos.com/schemas/crconfig/1/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" version="2">
	<crn:parameter name="CAF" opaque="true">
		<crn:value>
			<!--
				Should we reject unsigned requests for /gd/ urls. (e.g. multipage excel reports)
				Default: true
			-->
			<crn:parameter name="caf_signedReportUrls">
				<crn:value xsi:type="xsd:boolean">true</crn:value>
			</crn:parameter>
			
			<!--
				Require a valid cafcontextid parameter for Portal form commands affecting CM data.
				Default: true
			-->
			<!-- crn:parameter name="caf_extendedContextId">
				<crn:value xsi:type="xsd:boolean">false</crn:value>
			</crn:parameter -->
			
			<!--
				Shadows a third party authentication session value to synchronize the termination of the third party session with the Cognos session.
				Set the value of caf_tpSessionHeader to your third party header name to enable the feature. For example: REMOTE_USER. 
				Empty value disables the feature. 
				Default: <empty>
			-->
			<crn:parameter name="caf_tpSessionHeader">
				<crn:value xsi:type="xsd:string"></crn:value>
			</crn:parameter>

            <!--
				A pattern defined using Perl regular expression syntax to reject well-known malicious values. The pattern is checked
				against all query string and form parameter values. A match results in the request being rejected.
		
				IMPORTANT: As the pattern is checked against all parameter values it can reject valid requests.
				For example, a regular expression matching "javascript" by itself would cause valid requests to be rejected.

				Sample case insensitive pattern to reject attackkeyword1 and attackkeyword2: (?i)(attackkeyword1|attackkeyword2)
				Sample case insensitive pattern to reject expression and fromcharcode invocations: (?i)(\bexpression\(|\bfromcharcode\s*\()
		
				To reduce the risk of upgrade issues arising from Perl regular expression incompatibilities, usage of a simple
				pattern is recommended. A long or complex pattern could result in performance degradation.

				Empty value disables the feature.
            <crn:parameter name="caf_globalRejectionPattern">
                <crn:value xsi:type="xsd:string"></crn:value>
            </crn:parameter>
			-->
			<!--
				Enable/Disable the spoofing fix.  When the spoofing fix is enabled SDK users may get different return codes on some failures.  

				0 - no change in behaviour (Spoofed messages will be unchanged) (This is the default value)
				1 - users lacking the DetailError Capabiity will see new CAF error/warning
				2 - all users will see the new CAF error/warning
			-->
			<!--
				<crn:parameter name="caf_spoofFixEnabled">
					<crn:value xsi:type="xsd:int">0</crn:value>
				</crn:parameter>
			 -->
		</crn:value>
	</crn:parameter>
</crn:parameters>