BPM, Workflow, and Case

BPM, Workflow, and Case

Come for answers. Stay for best practices. All we’re missing is you.

 View Only

  • 1.  How to store a password as a configuration parameter in a ProcessApp?

    Posted Tue April 20, 2021 11:43 AM

    I need to manage a connection to a third-party system using an ad-hoc Java Connector. I'm looking for a way to store connection settings (host, port, user, password) in the ProcessApp.

    I tried ENV vars but the password is stored clear, at least I didn't find how to encrypt.

    Adding a server definition in the processApp settings looks a better option. The JavaScript API tw.env.MY_SERVER_SETTINGS returns all the information that I need for the connection as a JSON string that I can parse to a JSON object: "{"host":"localhost","port":"9090",..."authentication":{"username":"xxxxx","password":"{xor}xxxxx"}}"

    However, I don't know how to decrypt the password, I didn't find any BAW javascript API to decrypt the password in the doc and neither any reference to the encryption method.

    ¿Is it possible to use an HTTP server definition to store my own connection settings? ¿how can I decrypt the passwd?

    If not possible, what is the best option to store a password in a configuration parameter without making it clear for everyone?

    ------------------------------
    Eduardo Izquierdo Lázaro
    Automation Architect
    DECIDE
    MADRID
    +34609893677
    ------------------------------


  • 2.  RE: How to store a password as a configuration parameter in a ProcessApp?

    Posted Wed April 21, 2021 02:53 AM
    You can encode to base64 and then store it in the ENV or EPV. Whenever you are calling your integration service just decode and send it to the service.
    Although its not the safest method because anyone can decode it but it will solve your purpose and just by seeing no one can identify or remember the password.

    ------------------------------
    Akash Gupta
    ------------------------------

    Original Message


  • 3.  RE: How to store a password as a configuration parameter in a ProcessApp?

    Posted Wed April 21, 2021 05:34 AM

    Thanks Akash, I tried this solution before, but javascript API provided by BAW does not support functions like atob() / btoa(), looks like you have to develop you own encoding mechanism. Also, this solution has some inconveniences as you mention.

    Any option to use a Server Configuration of the ProcessApp?  I think is a safer approach. Note that external services decode it internally to execute the HTTP REST call, the question is if the API used internally is available, even if no documented.



    ------------------------------
    Eduardo Izquierdo Lázaro
    Automation Architect
    DECIDE
    MADRID
    +34609893677
    ------------------------------

    Original Message


  • 4.  RE: How to store a password as a configuration parameter in a ProcessApp?

    Posted Wed April 21, 2021 06:07 AM

    Hi,

    you can use WebSphere's APIs for working with either
    (a) encrypted credentials or
    (b) authentication aliases

    For (a), see
    https://www.ibm.com/docs/de/was-nd/8.5.5?topic=SSAW57_8.5.5/com.ibm.websphere.javadoc.doc/web/apidocs/com/ibm/websphere/crypto/PasswordUtil.html
    For (b), see
    https://georgemao.wordpress.com/2013/06/17/how-to-read-j2c-java-2-connector-entries-in-ibm-websphere/ 

    (I didn't find a sample in the WAS knowledge center immediately, but the keyword is JAAS login configuration DefaultPrincipalMapping).

    Key point here is: you can configure WAS 8.5.5.18 to apply AES encryption when storing passwords in general. A configured key should also apply when calling PasswordUtil.

    Not specific for use from within your code, I mention that in https://community.ibm.com/community/user/automation/blogs/jens-engelke1/2021/02/19/encrypting-credentials-in-baw-part2

    HTH Jens



    ------------------------------
    Jens Engelke
    ------------------------------

    Original Message


Related Content