0 votes
1.4k views
in Activities & Tasks by

1 Answer

0 votes
by
edited by anonymous

We can construct a URL with the credentials embedded in the URL as follows

https://{hostname}:{port}/teamworks/redirect-login.jsp?credentials={EncodedUserName}:{EncodedPassword}=&j_forward=executeServiceByName%3FprocessApp={ProcessAppAcronym}%26serviceName={Service Name}

The EncodedPassword and EncodedUserName can be created by running the following utility

  1. From a command prompt, go to the install_root/BPM/Lombardi/lib directory.
  2. Run the java -cp utility.jar com.lombardisoftware.utility.EncryptPassword password command, where password is the password that you want to encrypt.

The use of encoded username and password is controlled through 00Static.xml via the following line

<authoring-environment>
   <encode-redirect-url-credentials merge="replace">true</encode-redirect-url-credentials>
</authoring-environment>
if you need to you can make use of clear text username and password also by changing the above to false.

by (700 points)
How efficient is the encryption of the password?

I believe so this is a recommended approach to go with for a internet based application.
by
edited by anonymous
From what i remember during Teamworks days this was just a base64 encoding not even encryption so it is not recommended to use this for security unless after IBM acquiring the product something has changed, you can have a anonymous user without any priviliges except launching the service if you need to use it as an entry point to your apps unsecured area.
I just tested its still base64 encoded, if you copy and paste the credentials=? encoded string from your service run urls in process Center using the base 64 decode utilities e.g. at
https://www.base64decode.org/
you will get the username=password
by (700 points)
Try to avoid using usernames and passwords in the URL which could be easily hackable.

1. Trust Association Interceptor can be used as an alternative where you can define parameters of username.

2. It requires to built a java component and deploy it into WAS server.

3. It takes the URL as input which doesn't have username and password provided in it.

4. TAI will consume the traffic and bypass the authentication driven by IBM event manager and let the screen to be displayed.
by (16.3k points)
By the way when you play a service from Process Designer the url is a GET url with the base64 password in plain sight of network listeners on the same switch and in most organizations its your windows credentials also.

Related questions

0 votes
1 answer 906 views
+1 vote
0 answers 1.2k views
0 votes
1 answer 808 views
0 votes
0 answers 704 views
0 votes
0 answers 133 views
0 votes
1 answer 737 views
0 votes
1 answer 1.5k views
asked Oct 21, 2018 in BPD by BPM Tips Admin (21.5k points)
0 votes
2 answers 921 views
0 votes
1 answer 567 views

634 questions

495 answers

97 comments

2.7k users

Join BPM Community Discord Channel

Welcome to BPM Tips Q&A, Community wiki/forum where you can ask questions and receive answers from other IBM BPM experts and members of the community. Users with 2000 points will automatically be promoted to expert level.
Created by Dosvak LLC
Our Youtube Channel
...