0 votes
in Activities & Tasks by

1 Answer

0 votes
edited by anonymous

We can construct a URL with the credentials embedded in the URL as follows

https://{hostname}:{port}/teamworks/redirect-login.jsp?credentials={EncodedUserName}:{EncodedPassword}=&j_forward=executeServiceByName%3FprocessApp={ProcessAppAcronym}%26serviceName={Service Name}

The EncodedPassword and EncodedUserName can be created by running the following utility

  1. From a command prompt, go to the install_root/BPM/Lombardi/lib directory.
  2. Run the java -cp utility.jar com.lombardisoftware.utility.EncryptPassword password command, where password is the password that you want to encrypt.

The use of encoded username and password is controlled through 00Static.xml via the following line

   <encode-redirect-url-credentials merge="replace">true</encode-redirect-url-credentials>
if you need to you can make use of clear text username and password also by changing the above to false.

by (700 points)
How efficient is the encryption of the password?

I believe so this is a recommended approach to go with for a internet based application.
edited by anonymous
From what i remember during Teamworks days this was just a base64 encoding not even encryption so it is not recommended to use this for security unless after IBM acquiring the product something has changed, you can have a anonymous user without any priviliges except launching the service if you need to use it as an entry point to your apps unsecured area.
I just tested its still base64 encoded, if you copy and paste the credentials=? encoded string from your service run urls in process Center using the base 64 decode utilities e.g. at
you will get the username=password
by (700 points)
Try to avoid using usernames and passwords in the URL which could be easily hackable.

1. Trust Association Interceptor can be used as an alternative where you can define parameters of username.

2. It requires to built a java component and deploy it into WAS server.

3. It takes the URL as input which doesn't have username and password provided in it.

4. TAI will consume the traffic and bypass the authentication driven by IBM event manager and let the screen to be displayed.
by (16.1k points)
By the way when you play a service from Process Designer the url is a GET url with the base64 password in plain sight of network listeners on the same switch and in most organizations its your windows credentials also.

Related questions

0 votes
1 answer 390 views
0 votes
0 answers 658 views
0 votes
1 answer 285 views
0 votes
0 answers 200 views
0 votes
0 answers 27 views
0 votes
1 answer 262 views
0 votes
1 answer 207 views
asked Oct 21, 2018 in BPD by BPM Tips Admin (21.5k points)
0 votes
2 answers 331 views
0 votes
1 answer 151 views
0 votes
0 answers 111 views

593 questions

485 answers


1.8k users

Dosvak IBM BPM /BAW Products, Download Evaluation
Process & Performance Tools Process & Performance Tools
Code Analyzer Code Analyzer
UI Toolkit UI Toolkit
Integration Monitoring Integration Monitoring
Welcome to BPM Tips Q&A, Community wiki/forum where you can ask questions and receive answers from other IBM BPM experts and members of the community. Users with 2000 points will automatically be promoted to expert level.
Created by Dosvak LLC
Our Youtube Channel