As of now Workpoint designer which I am using doesn't ask for any kind of authentication. So I was wondering how this authentication process happening. Is there a way we can enable OAuth authentication or AD-based Authentication?
Please see this note:
Workpoint is a third-party product installed with Identity Manager. Identity Manager supports a subset of functionality in WorkPoint. For example, Identity Manager does not support the WpConsole. However, the WorkPoint documentation describes all functionality in the product. Portions of the Workpoint documentation do not apply to Identity Manager users.
Further research shows:
designer calls the init.bat/sh
call init.bat
at the bottom the init bat file is where you find the security policy:
-Djava.security.policy=..\conf\client.policy %CLIENTSAS%
This %CLIENTSAS% is only populated if you are using Websphere, if not then it uses what it finds in the
-Djboss.ejb.client.properties.file.path=../conf/workpoint-client.properties
for weblogic user and password are sent:
# java.naming.security.principal=workpoint
# java.naming.security.credentials=workpoint
For jboss no security is used:
# remote.connection.default.connect.options.org.xnio.Options.SASL_POLICY_NOANONYMOUS=false
Steps to incorporate authentication for Workpoint Designer:
A sample provided by Workpoint exists in the Tools under Workpoint\src\com\workpoint\sample\security\WpLoginModule.java
You want to ensure that the following users are added into any storage where you perform password verification – <username>/<password>
IDM/password – This is the user from ra.xml under workflow.rar.
Workpoint/workpoint – This user is part of the Workflow schema.
Any user whose work lists you expect to fetch from the IDM UI. This will require some kind of LDAP integration in your Login module.
NOTE: If user authentication is enabled, the Workpoint Client API method ClientContext.open requires a valid user name and password in order to successfully establish a connection to the Workpoint Server. For this reason, all client processes have to be accommodated. In my version of WpLoginModule.java, I simply excluded Superadmin, IDM and Wokpoint users from requiring password checks, by returning true for the login() function:
if ( username.toLowerCase().contains("superadmin") || username.toLowerCase().contains("idm") || username.toLowerCase().contains("workpoint") )
return true;
verifyUserPassword();
@echo off
REM Set the WORKPOINT_HOME variable to the Workpoint installation directory.
call init.bat
SET WP_CLASSPATH=%WORKPOINT_HOME%\conf;%WORKPOINT_HOME%\lib\wpClient.jar;%WORKPOINT_HOME%\lib\wpCommon.jar;%WORKPOINT_HOME%\lib\log4j.jar
@echo Classpath set to %WP_CLASSPATH%
@echo Compile com\workpoint\sample\security\WpLoginModule.java
javac -classpath %WP_CLASSPATH% com\workpoint\sample\security\WpLoginModule.java
pause
Place it under bin folder (along with the .java file in package heirarchy) so that it can call init.bat to use its required libraries.
Once compiled, place the .class file including the folder hierarchy in the location specified by the workpoint.classpath.url1 property.
Restart the server, you will be challenged when invoking Designer: