It's all about the answers!

Ask a question
QuestionsTagsUsersBadges
Guidelines | FAQ
Follow this question
Question details

×5,944
×4,712
×1,441

question asked: Oct 29, 11:48 a.m.
question was seen: 296 times
last updated: Nov 13, 5:12 p.m.

Related questions

Create a document builder connection to DNG via OAuth Consumer Key/Secret

0
Michael Rufer (1111) | asked Oct 29, 11:48 a.m.
edited Oct 29, 12:17 p.m. by Ian Barnard (2.3k714)
In the document builder (V7.02 SR1) i want to setup a connection to a Doors Next module / view for building a report.
I don't want to use an user account to authenticate the connection, therefore i was looking for an alternative way. I tried creating an OAuth Consumer under the JTS and RM administration but it failed.

What is the best way authenticate the connection

One answer

Most liked answers ↑|Newest answers|Oldest answers

0
permanent link
Ian Barnard (2.3k714) | answered Oct 29, 12:18 p.m.
FORUM ADMINISTRATOR / FORUM MODERATOR / JAZZ DEVELOPER
edited Nov 13, 5:12 p.m.
Hi Michael

You should use a user account because that's the basis for read access by the user being a member of a project.

If you're using JAS you might be able to create an application password but I'd still expect that user to have to be made a member of the project. And I don't know how to get PUB to authenticate using an application password.

Application passwords are managed by JAS with OIDC - indeed they're a way to be able to get controlled access separately from LDAP/AD - the application password can be expired/removed when you want to block access using it. TBH I've never used one but it seems they are an additional password on your user id: "Use the application password in place of your regular account password in the clients that you use" - that sounds good because then you don't have to also administer a new functional user dedicated to reporting: just use your own user id.



I don't know how to configure a report to use application passwords, or even if it's possible.

I strongly suggest you don't attempt to use one of the existing functional users for reporting - your challenge with automated password expiry turns into the opposite problem that the functional user can't possibly be revoked/disabled.

UPDATE 8th Nov - having done some work with OAuth1 credentials: these still expire, default is 6h - this is configurable but it's difficult to imagine any corporate security organisation agreeing to a user having insecure (because of an elongated expiry time) credentials.. And anyway you need the functional user id and password to generate new OAuth1 credentials so you are also still subject to password expiry on the functional ID.

HTH
Ian

Comments
Michael Rufer commented Oct 31, 4:49 a.m.
I was assuming that assigning the "Functional User ID" of the OAuth Consumer to a real user account with access rights to the project is intended for this purpose?

How would the JAS approach look like? We use an active directory for user management, with some restrictions and rules e.g. periodic password changes. Which makes it hard to use such an account for periodic reporting

Ian Barnard commented Oct 31, 7:42 a.m.
FORUM ADMINISTRATOR / FORUM MODERATOR / JAZZ DEVELOPER

I updated my answer

Ian Barnard commented Nov 08, 8:38 a.m. | edited Nov 13, 5:12 p.m.
FORUM ADMINISTRATOR / FORUM MODERATOR / JAZZ DEVELOPER

I updated my answer again with more details of why OAuth1 credentials won't help you avoid password changes

Your answer

Register or to post your answer.


Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.