Hi there “Process Automation” fans,
Welcome to a new installment of “Process Automation” tips.
Two weeks ago, we eXperienced some great Node-RED details with some valuable insights at authentication level! For this week, a quick recap on the authentication part as getting a grip on the current (OTDS!) user session seems to be a recurring struggle in lots of projects. Why would we want to use the current user session? Well, for further communication to xECM for example! Only, for people not understanding seamless authentication via OTDS, the answer is mostly the usage of a “Service account”. Because of all the disadvantages of a service account, it’s time to turn the tide with a real seamless reusable authentication flow…
Let get right into it…
Make sure you have the platform up and running and login to your favorite spot via an OTDS account (as recommended by OpenText). Once, you’re in (and having a session!) open a second tab and tune in on this URL: http://192.168.56.107:8080/home/opa_tips/com.eibus.sso.web.authentication.AuthenticationToken.wcp
The result is a SAMLart ID as “token”:
1 | <AuthenticationToken xmlns="http://schemas.cordys.com/SSO/Runtime/1.0"> |
It’s a temporary token available for a period (see below in the Request
example). We already know what we can do with it (read here) and we also know this token is a critical string of characters to get a grip on when you want to do further communication. Now is the URL great, but we can’t call it from a BPM!
Don’t be smart calling the
AuthenticationToken.wcp
URL via a GET request over the HTTP connector; Trust me, you’re already outside the platform where the token is EMPTY!
Right, but how CAN we get a SAMLart token in a BPM? That’s the greatest question where one service call is key:
1 | <SOAP:Envelope |
Minimal requirements (after 25 try-outs) for this service call are:
MajorVersion="1"
MinorVersion="1"
<ns1:NameIdentifier NameQualifier="" Format=""/>
This is the result where samlp:AssertionArtifact
contains again the SAMLart ID as “token”:
1 | <data> |
Investigating the result tells me the period of the token validity: <saml:Conditions NotBefore="2025-02-26T20:15:45.871Z" NotOnOrAfter="2025-02-27T04:20:45.871Z" />
. So, that’s 8 hours and 5 minutes in this example! Let’s not dive into further details about where we can change this (I would not even know and even care at this moment). We have a SAMLart ID available in our BPM of our current user…that’s important! 🤗
If you can’t find the
Request
operation in the BPM, you need to add a runtime reference (in your project!) of type ‘Web Service Interface’ under the category ‘Cordys Single Sign-On’ and select ‘SAMLProtocol’!
…
Another great tip is #RTFM…have a search forAssertionArtifact
in the administration manual of the OPA platform for additional details.
I give it a “DONE” for the quick recap on this oh so important topic. It’s the entrance to our next step where we want to call xECM/OTCS for reading and updating business workspace data (or any other data) via the ReST API layer of that platform. It’ll be great as where we always hear that it’s an impossible task, and you really need a service account…Well, #SPOILER_ALERT…We nailed it with a lot a sweat and tears! Have a great weekend and till next week on a new “Process Automation Tips” topic.
Don’t forget to subscribe to get updates on the activities happening on this site. Have you noticed the quiz where you find out if you are also “The Process Automation guy”?