search cancel

How Workpoint designer gets authentication? How to enable oauth authentication of workpoint designer?

book

Article ID: 212871

calendar_today

Updated On:

Products

CA Identity Suite

Issue/Introduction

As of now Workpoint designer which I am using doesn't ask for any kind of authentication. So I was wondering how this authentication process happening. Is there a way we can enable OAuth authentication or AD-based Authentication?

Environment

Release : 14.3

Component : CA IDENTITY SUITE (VIRTUAL APPLIANCE)

Resolution

Steps to incorporate authentication for Workpoint Designer:

 

  1. Make the following changes on iam_im.ear\config\workpoint-server.properties:
    1. user.authentication = true
      1. This option enables Workpoint authentication.
    2. authentication.module = com.workpoint.sample.security.WpLoginModule
      1. This option specifies the package and class file name of the Login Module that Workpoint will use.
    3. classpath.url1=file:///C:/Workpoint/
      1. This option specifies the location of the class file WpLoginModule. In this case, it is a folder named Workpoint. You can put your WpLoginModule.class file (including the package folder structure) inside this folder. Workpoint will search thru its classpaths, and locate your login module.

 

  1. Coding the WpLoginModule.class

A sample provided by Workpoint exists in the Tools under Workpoint\src\com\workpoint\sample\security\WpLoginModule.java

You want to ensure that the following users are added into any storage where you perform password verification – <username>/<password>

IDM/password – This is the user from ra.xml under workflow.rar.

Workpoint/workpoint – This user is part of the Workflow schema.

Any user whose work lists you expect to fetch from the IDM UI. This will require some kind of LDAP integration in your Login module.

 

NOTE: If user authentication is enabled, the Workpoint Client API method ClientContext.open requires a valid user name and password in order to successfully establish a connection to the Workpoint Server. For this reason, all client processes have to be accommodated. In my version of WpLoginModule.java, I simply excluded Superadmin, IDM and Wokpoint users from requiring password checks, by returning true for the login() function:

if ( username.toLowerCase().contains("superadmin") || username.toLowerCase().contains("idm") || username.toLowerCase().contains("workpoint") )

  return true;

verifyUserPassword();

 

 

 

  1. How to compile your login module, sample batch file:

 

@echo off

 

REM Set the WORKPOINT_HOME variable to the Workpoint installation directory.

call init.bat

 

SET WP_CLASSPATH=%WORKPOINT_HOME%\conf;%WORKPOINT_HOME%\lib\wpClient.jar;%WORKPOINT_HOME%\lib\wpCommon.jar;%WORKPOINT_HOME%\lib\log4j.jar

@echo Classpath set to %WP_CLASSPATH%

 

@echo Compile com\workpoint\sample\security\WpLoginModule.java

javac -classpath %WP_CLASSPATH% com\workpoint\sample\security\WpLoginModule.java

pause

Place it under bin folder (along with the .java file in package heirarchy) so that it can call init.bat to use its required libraries.

 

Once compiled, place the .class file including the folder hierarchy in the location specified by the workpoint.classpath.url1 property.

 

Restart the server, you will be challenged when invoking Designer:

 

 

Attachments