Input of the type Credentials: Logged-In User Password (380 Views)
Reply
Trusted Contributor
DBR
Posts: 211
Registered: ‎07-29-2010
Message 1 of 6 (380 Views)

Input of the type Credentials: Logged-In User Password

This isn't acceptable. How are we supposed to run headless flows if the user has to type in their password in the middle of a flow run?

Input of the type Credentials: Logged-In User Password
To improve security, the password is no longer automatically transferred when a Credentials input is of the type Logged-In User Password. Instead, the user will be asked to enter the password manually in a prompt message.

Thanks,
Don

Trusted Contributor
DBR
Posts: 211
Registered: ‎07-29-2010
Message 2 of 6 (375 Views)

Re: Input of the type Credentials: Logged-In User Password

I forgot to add that we are running 9.07 and I ran the upgrade-content.bat file. In OO 10 now it looks like the don’t allow the “Logged-In User Password” any more. I received many warnings in the output from running the command. If we are running headless flows, everywhere we have are currently using “Logged-In User Password” we would have to prompt the user for their password which doesn’t work for headless flows. How are we supposed to do this now in OO 10?

Thanks,
Don
Occasional Advisor
bhowel02
Posts: 9
Registered: ‎09-18-2012
Message 3 of 6 (334 Views)

Re: Input of the type Credentials: Logged-In User Password

I suppose you'd have to use a system account.

 

Valued Contributor
Dimiter Todorov
Posts: 109
Registered: ‎03-02-2010
Message 4 of 6 (327 Views)

Re: Input of the type Credentials: Logged-In User Password

I agree with Don.

 

How are we supposed to Run headless flows in a User's context?

 

There are many ways to get around this, including having a user specify credentials as part of a flow primary inputs.

 

However, in a SSO environment using LDAP (AD), using the user's Username/Password to authenticate for certain operations during flows was a good feature.

 

We are working on an internal Portal that parses these detail before calling the OO flows using the AWESOME REST API., however, I think this should be part of the default OO webapp.

 

I would actually even like to access more of the "Logged In User" details.

In many cases, I want to send an E-Mail to the user kicking off the flow from Central. However, in OO 10, there is no mail attribute synchronized from LDAP.

Even just accessing the Logged-in user's DN would be ok.

 

Right now, OO 10 just provides the Username of the logged in user. If I want to access more information in a flow, I have to do LDAP queries.

 

D

Trusted Contributor
DBR
Posts: 211
Registered: ‎07-29-2010
Message 5 of 6 (322 Views)

Re: Input of the type Credentials: Logged-In User Password

I opened a case with support and they opened the below.
QCCR1D175061

Who knows if/when they will do anything about it.

Thanks,
Don
Trusted Contributor
DBR
Posts: 211
Registered: ‎07-29-2010
Message 6 of 6 (272 Views)

Re: Input of the type Credentials: Logged-In User Password

This is the update from support.
The QCCR number for this issue was changed - QCCR8C21877

I wanted to make you aware of the decisions made regarding this issue:

This is the current status:

The severity of ER has been raised an opened for implementation in our next minor release. This release is scheduled to go out in the 2nd quarter of FY14.

From implementation perspective, logged-in user functionality will not be re-introduced due to security considerations (credentials are stored in OO memory). As an alternative, SSO will be used, more specifically LW-SSO.

Don
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.