Hi
Thank you both for the answers!
@Marconi
That seems to be the most secure way of going about it, but I think that for this time I will create a service user that have permission just to call this one specific task. Since it is only a synchonization task I don't see how it could cause much trouble.
@Per
You have my vote for the enhancement. I made the original post because It seems strange to me that they develop a SOAP Query PX and in there they have an option for a "Basic Auth Invoke" and their own TEWS doesn't make use of it to hide away the user password.
Thanks again for the help!
Original Message:
Sent: 03-31-2020 02:56 AM
From: Per Borg
Subject: Using a PX with a SOAP request to call an admin task .
Hi Luiz,
just as you wrote you need to pass the user name and password in the request body (unless you turn that requirement off in the IM Management Console, but that opens up a big security hole).
I'm also calling TEWS internally from PXs quite a lot and I have seen the exact same requirement as you (i.e. to be able to encrypt the user name and password parameters in PX) and right now there is no work-around that I'm aware of. A couple of weeks ago I submitted an enhancement request for this and I would encourage you to vote for it so that it might get some attention.
The Idea is called: Ability to define a Password Constant in PX
Regards
Per
------------------------------
Senior Architect
HCL Enterprise Studio
Original Message:
Sent: 03-27-2020 06:18 PM
From: Luiz Felipe Martins
Subject: Using a PX with a SOAP request to call an admin task .
I have to do a bulk task that calls the "Synchronize User with Roles" task, and I have to select the check box for "Add missing accounts" on that task. The currently IM version here is 14.2, so I don't have the option to do that on the task configuration screen.
I am working on a PX that would call that task using a SOAP request, and on that SOAP Request I would be able to pass the parameter to "Add missing accounts", as described on this article:
https://knowledge.broadcom.com/external/article?articleId=97740
The "SOAP Queries" Action Rule screen give me two options, "Basic Auth Invoke" and the "Anonymous Auth Invoke", but as far as I can tell, both of them work the same way.
I have to pass the user and password to the SOAP request, to authenticate the user that is calling the admin task, so I thought the "Basic Auth Invoke" option would do that, since it gives me both an "User Name" and a "Password" field on the Action rule form, leaving the SOAP Request Message field for the missing parameters of the SOAP Action itself. The problem is that the only way I can get the SOAP Request to work is passing the username and password directly on the "SOAP Request Message" field, passing the entire SOAP envelope on that field, leaving the password for the user that I'm using on clear text.
Is there a way around it or my only option is to leave the password on clear text on the SOAP request Message field?
Sorry for the long post and thanks in advance!
------------------------------
Luiz Felipe Martins
Software Consultant
Gliat
------------------------------