Rally LoginKey : Embedding or Granting External Access to Rally Data for users
search cancel

Rally LoginKey : Embedding or Granting External Access to Rally Data for users

book

Article ID: 47865

calendar_today

Updated On:

Products

Rally On-Premise Rally SaaS

Issue/Introduction

The Rallt Confluence Integration provides a view of Rally apps or standard reports from within Confluence via Rally's Login-Component-Example (LoginKey) feature. How to create login keys for some of Rally's apps and reports on any internal site.

URL: https://rally1.rallydev.com/apps/html/EncoderPage.html 

 

 

Environment

RALLY SAAS

Cause

Any Rally workspace/project administrator account that has been demoted to a read-only account will not work as it is still regarded by LoginKey as a NON-read-only account. If a user wants the LoginKey feature to access the account, 

Resolution

The App SDK LoginKey is a feature that allows customers to create an app that runs external to the Rally product—hosted in an intranet portal such as Confluence or SharePoint, or on a user's desktop—without being prompted to enter login credentials. It is especially useful to create dashboards and information radiators for stakeholders that do not have Rally credentials or experience using the Rally product.

The LoginKey essentially provides a way to embed encoded (WARNING: this is not encryption) Rally credentials for a read-only user into the script tag used to reference the App SDK. Because it is possible for a savvy JavaScript programmer to decrypt the string and discover the credentials, we require customers wishing to use the LoginKey feature to read and accept the following disclaimer before using the LoginKey feature.

Disclaimer and Limitations

  1. The Rally LoginKey feature enables customers to view Rally apps and reports without the need to present user credentials (manually). Customers can use the LoginKey feature to show Rally content within systems like Sharepoint, Confluence, Wiki's, portals, etc.

  2. The LoginKey feature accesses Rally via the encoded (WARNING: this is not encryption) username and password of a "read-only" Rally user. The encoded username and password are stored in a Javascript file that is delivered to the browser.

This means that a malicious user could determine the read-only username and password to your Rally subscription by inspecting the code and thus login to your subscription (into the read-only account).

We strongly recommend only using this feature for displaying information on internal systems that already requires authentication.

  1. Warnings:

    • The LoginKey string is subject to the password rules implemented on the Subscription. It will be invalid if the underlying read-only user account's password has expired or changed. A new LoginKey string will need to be generated on the Encoder page after the password is changed at the specified interval if 'Password Expiration' is enabled on the Subscription. There is no way to exempt a specific user from the password rules set on the Subscription, they are enforced for all users.
    • For the LoginKey user, a Rally workspace administrator account that has been demoted to a read-only account will not work as it is still considered a NON-read-only account by the LoginKey.

    • It is recommended by admin users to create a new account and assign a viewer role for the functionality to work properly.

       

 

Powered by Wolken Software