Input of the type Credentials: Logged-In User Password (239 Views)
Reply
Trusted Contributor
DBR
Posts: 201
Registered: ‎07-29-2010
Message 1 of 6 (239 Views)

Input of the type Credentials: Logged-In User Password

This isn't acceptable. How are we supposed to run headless flows if the user has to type in their password in the middle of a flow run?

Input of the type Credentials: Logged-In User Password
To improve security, the password is no longer automatically transferred when a Credentials input is of the type Logged-In User Password. Instead, the user will be asked to enter the password manually in a prompt message.

Thanks,
Don

Please use plain text.
Trusted Contributor
DBR
Posts: 201
Registered: ‎07-29-2010
Message 2 of 6 (234 Views)

Re: Input of the type Credentials: Logged-In User Password

I forgot to add that we are running 9.07 and I ran the upgrade-content.bat file. In OO 10 now it looks like the don’t allow the “Logged-In User Password” any more. I received many warnings in the output from running the command. If we are running headless flows, everywhere we have are currently using “Logged-In User Password” we would have to prompt the user for their password which doesn’t work for headless flows. How are we supposed to do this now in OO 10?

Thanks,
Don
Please use plain text.
Occasional Advisor
bhowel02
Posts: 9
Registered: ‎09-18-2012
Message 3 of 6 (193 Views)

Re: Input of the type Credentials: Logged-In User Password

I suppose you'd have to use a system account.

 

Please use plain text.
Valued Contributor
Dimiter Todorov
Posts: 101
Registered: ‎03-02-2010
Message 4 of 6 (186 Views)

Re: Input of the type Credentials: Logged-In User Password

I agree with Don.

 

How are we supposed to Run headless flows in a User's context?

 

There are many ways to get around this, including having a user specify credentials as part of a flow primary inputs.

 

However, in a SSO environment using LDAP (AD), using the user's Username/Password to authenticate for certain operations during flows was a good feature.

 

We are working on an internal Portal that parses these detail before calling the OO flows using the AWESOME REST API., however, I think this should be part of the default OO webapp.

 

I would actually even like to access more of the "Logged In User" details.

In many cases, I want to send an E-Mail to the user kicking off the flow from Central. However, in OO 10, there is no mail attribute synchronized from LDAP.

Even just accessing the Logged-in user's DN would be ok.

 

Right now, OO 10 just provides the Username of the logged in user. If I want to access more information in a flow, I have to do LDAP queries.

 

D

Please use plain text.
Trusted Contributor
DBR
Posts: 201
Registered: ‎07-29-2010
Message 5 of 6 (181 Views)

Re: Input of the type Credentials: Logged-In User Password

I opened a case with support and they opened the below.
QCCR1D175061

Who knows if/when they will do anything about it.

Thanks,
Don
Please use plain text.
Trusted Contributor
DBR
Posts: 201
Registered: ‎07-29-2010
Message 6 of 6 (131 Views)

Re: Input of the type Credentials: Logged-In User Password

This is the update from support.
The QCCR number for this issue was changed - QCCR8C21877

I wanted to make you aware of the decisions made regarding this issue:

This is the current status:

The severity of ER has been raised an opened for implementation in our next minor release. This release is scheduled to go out in the 2nd quarter of FY14.

From implementation perspective, logged-in user functionality will not be re-introduced due to security considerations (credentials are stored in OO memory). As an alternative, SSO will be used, more specifically LW-SSO.

Don
Please use plain text.
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation