We have a CAF application which is used to interact with the webMethods tasks on Task Engine. To interact with the task Engine we have been using Task webservice. The task web service requires credentials of a user who has full access to the task. We have been passing the ‘sysadmin’ user credentials and we are storing the details in config.
But we want to change this approach as this is essentially sharing the details of sysadmin. The ideal way would be to pass the details of the users who have logged in on the fly. But the password is not stored anywhere.
So, is there a way to enable SSO (as we have between MWS and IS) between MWS and Task Engine so that we dont have to pass the credentials of the logged inuser again to the Task Service?
Note: Using Task API is another way but that is a huge change for us. Plus not all task clients are CAF based, so it’s not that feasible.
Not sure if my question is clear here. For starting, has anyone implemented task engine where the frontend is not wM CAF? In such case, how is the authentication managed?
Change your web service call in CAF from Basic Authentication (1) to Hybrid (3).
You should make the above change, and remove all the username/password settings from your project, setting method to 3 and the user and password to blank values in these four places:
in CAF, the web service bean itself the Method, Username and Password properties
wsclient-authmethod, wsclient-username and wsclient-password environment variables (in CAF project, Bindings → Implicit Variables → Environment Variables)
CAF Application Runtime Configuration when logged into MWS web console as sysadmin (CAF Application Runtime Configuration → search for portlet → Environment Entries)
Global defaults in CAF Application Runtime Configuration (CAF Application Runtime Configuration → Configure Global Defaults → Environment Entries)
Then you need to configure access in your web service on IS correctly. To just make it work to start with, set Execute access to Anonymous and use some Java to pull out the username header in your service and log it to the console. When it’s passing through correctly, then set up your IS security properly.