Operations Orchestration Practitioners Forum
Showing results for 
Search instead for 
Do you mean 

Input of the type Credentials: Logged-In User Password

Trusted Contributor

Input of the type Credentials: Logged-In User Password

This isn't acceptable. How are we supposed to run headless flows if the user has to type in their password in the middle of a flow run?

Input of the type Credentials: Logged-In User Password
To improve security, the password is no longer automatically transferred when a Credentials input is of the type Logged-In User Password. Instead, the user will be asked to enter the password manually in a prompt message.

Thanks,
Don

5 REPLIES
Trusted Contributor

Re: Input of the type Credentials: Logged-In User Password

I forgot to add that we are running 9.07 and I ran the upgrade-content.bat file. In OO 10 now it looks like the don’t allow the “Logged-In User Password” any more. I received many warnings in the output from running the command. If we are running headless flows, everywhere we have are currently using “Logged-In User Password” we would have to prompt the user for their password which doesn’t work for headless flows. How are we supposed to do this now in OO 10?

Thanks,
Don
Occasional Advisor

Re: Input of the type Credentials: Logged-In User Password

I suppose you'd have to use a system account.

 

Valued Contributor

Re: Input of the type Credentials: Logged-In User Password

I agree with Don.

 

How are we supposed to Run headless flows in a User's context?

 

There are many ways to get around this, including having a user specify credentials as part of a flow primary inputs.

 

However, in a SSO environment using LDAP (AD), using the user's Username/Password to authenticate for certain operations during flows was a good feature.

 

We are working on an internal Portal that parses these detail before calling the OO flows using the AWESOME REST API., however, I think this should be part of the default OO webapp.

 

I would actually even like to access more of the "Logged In User" details.

In many cases, I want to send an E-Mail to the user kicking off the flow from Central. However, in OO 10, there is no mail attribute synchronized from LDAP.

Even just accessing the Logged-in user's DN would be ok.

 

Right now, OO 10 just provides the Username of the logged in user. If I want to access more information in a flow, I have to do LDAP queries.

 

D

Trusted Contributor

Re: Input of the type Credentials: Logged-In User Password

I opened a case with support and they opened the below.
QCCR1D175061

Who knows if/when they will do anything about it.

Thanks,
Don
Trusted Contributor

Re: Input of the type Credentials: Logged-In User Password

This is the update from support.
The QCCR number for this issue was changed - QCCR8C21877

I wanted to make you aware of the decisions made regarding this issue:

This is the current status:

The severity of ER has been raised an opened for implementation in our next minor release. This release is scheduled to go out in the 2nd quarter of FY14.

From implementation perspective, logged-in user functionality will not be re-introduced due to security considerations (credentials are stored in OO memory). As an alternative, SSO will be used, more specifically LW-SSO.

Don