As of now Workpoint designer which I am using doesn't ask for any kind of authentication. So I was wondering how this authentication process happening. Is there a way we can enable OAuth authentication or AD-based Authentication?

https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/identity-manager/14-4/administrating/workflow/workpoint-documentation.html

Please see this note:
Workpoint is a third-party product installed with Identity Manager. Identity Manager supports a subset of functionality in WorkPoint. For example, Identity Manager does not support the WpConsole. However, the WorkPoint documentation describes all functionality in the product. Portions of the Workpoint documentation do not apply to Identity Manager users.

Further research shows:

designer calls the init.bat/sh

call init.bat

at the bottom the init bat file is where you find the security policy:

-Djava.security.policy=..\conf\client.policy %CLIENTSAS%

This %CLIENTSAS% is only populated if you are using Websphere, if not then it uses what it finds in the 

-Djboss.ejb.client.properties.file.path=../conf/workpoint-client.properties

for weblogic user and password are sent:

# java.naming.security.principal=workpoint
# java.naming.security.credentials=workpoint

For jboss no security is used:

# remote.connection.default.connect.options.org.xnio.Options.SASL_POLICY_NOANONYMOUS=false

Steps to incorporate authentication for Workpoint Designer:

1. Make the following changes on iam_im.ear\config\workpoint-server.properties:
   1. user.authentication = true
      1. This option enables Workpoint authentication.
   2. authentication.module = com.workpoint.sample.security.WpLoginModule
      1. This option specifies the package and class file name of the Login Module that Workpoint will use.
   3. classpath.url1=file:///C:/Workpoint/
      1. This option specifies the location of the class file WpLoginModule. In this case, it is a folder named Workpoint. You can put your WpLoginModule.class file (including the package folder structure) inside this folder. Workpoint will search thru its classpaths, and locate your login module.

2. Coding the WpLoginModule.class

A sample provided by Workpoint exists in the Tools under Workpoint\src\com\workpoint\sample\security\WpLoginModule.java

You want to ensure that the following users are added into any storage where you perform password verification – <username>/<password>

IDM/password – This is the user from ra.xml under workflow.rar.

Workpoint/workpoint – This user is part of the Workflow schema.

Any user whose work lists you expect to fetch from the IDM UI. This will require some kind of LDAP integration in your Login module.

NOTE: If user authentication is enabled, the Workpoint Client API method ClientContext.open requires a valid user name and password in order to successfully establish a connection to the Workpoint Server. For this reason, all client processes have to be accommodated. In my version of WpLoginModule.java, I simply excluded Superadmin, IDM and Wokpoint users from requiring password checks, by returning true for the login() function:

if ( username.toLowerCase().contains("superadmin") || username.toLowerCase().contains("idm") || username.toLowerCase().contains("workpoint") )

  return true;

verifyUserPassword();

3. How to compile your login module, sample batch file:

@echo off

REM Set the WORKPOINT_HOME variable to the Workpoint installation directory.

call init.bat

SET WP_CLASSPATH=%WORKPOINT_HOME%\conf;%WORKPOINT_HOME%\lib\wpClient.jar;%WORKPOINT_HOME%\lib\wpCommon.jar;%WORKPOINT_HOME%\lib\log4j.jar

@echo Classpath set to %WP_CLASSPATH%

@echo Compile com\workpoint\sample\security\WpLoginModule.java

javac -classpath %WP_CLASSPATH% com\workpoint\sample\security\WpLoginModule.java

pause

Place it under bin folder (along with the .java file in package heirarchy) so that it can call init.bat to use its required libraries.

Once compiled, place the .class file including the folder hierarchy in the location specified by the workpoint.classpath.url1 property.

Restart the server, you will be challenged when invoking Designer: