I need to make authenticated web services calls and the servers I’m calling uses CAS protocol. I need to make a first POST request containing username and password in the body to authenticate to the CAS Server.
I’m building the body content for the POST Request node with a String Manipulation but I cannot access the credential objects variables. I’m forced to use standard flow variable but it makes the the username/password in clear in the workflow.
Is there a better, more secured way of doing that ? Can I forge a body content without exposing username/password ?
You can access this menu by doing a right-click on the workflow.
The thing is that you will have to enter the credentials everytime you open the workflow, but it will not show (unless you view the variable). Then just use the username and password as variables in your POST body.
Hi Bruno and thank you for the warm welcome. What si the difference between Workflow Credentials and Variables from traditional Flow Variable / Credentials that I would create at the beginning of my workflow ? This is what I do today - I actually need both as I deal with two servers, one uses the CAS authentication and the other basic http auth so I also need Credentials object.
Hi @semon , the Workflow Credentials will take login and password as input and create a credentials object. Most probably, the login and password are not accessible, so you can’t see their values, you can only use the credential objects.
For Workflow Variables, it will create variables with the input values, and these input values are accessible, like you would use variables. The difference is that the values are not saved in the workflow. Users have to input their own values, so users will have access to values that they entered.
I think @bruno29a explained everything very well. The only other way I can think of right now would be using a scripting node and access environmental variables from your system
br
Hello @bruno29a and @Daniel_Weikert , thanks a lot for all the information ! I’ll look into Workflow variables but considering I need to use credentials and variables into POST I don’t see a way to “secure” the password
Hi @semon , I’m not sure I understand what you mean by “secure” the password. If you want it to be “secure”:
(1) make sure you are submitting via https;
(2) with the Workflow Variables, the user has to manually enter the password so you will not be saving the password in the workflow, meaning you will not be sharing the password, though the workflow will have access to the password, which you can send over via POST. This addresses what you said about “I’m forced to use standard flow variable but it makes the the username/password in clear in the workflow”. The password will not be saved.
thank you @bruno29a for the answer. Maybe I’m doing something wrong. I’ve created the two Workflow Variables but when I execute locally I’m not asked for the value - it takes the default ones. I’m using 4.5 Knime Analytics Platform (no server).
you need configuration or widget nodes(knime server) to cofigure that but I see @bruno29a is already typing and provides certainly a better more detailed answer.
br
Hi @semon , indeed it does not seem to prompt for the Workflow Variables, only for the Workflow Credentials, which you cannot use in your case.
I’m sorry about this, I thought the Workflow Variables would prompt you for values, similar to the Workflow Credentials’ behaviour, but it’s not the case.
I can propose 2 alternatives.
Method 1:
Create the variable in the workflow and save the password as blank:
And then enter the password when you use the workflow, without saving it. Just add some notes to the node like this:
It will take discipline to not save the password by accident.
Method 2:
You can create an interactive workflow via Components:
The component offers interaction to enter username and password. You can set a default value for the username, and leave the password blank as default. This is what the interaction looks like:
But again, as with Method 1, it will keep the value you enter. So you will need to save the workflow without the password as with Method 1.
Hey @Daniel_Weikert , sorry I did not see your post. I think it came while I was replying. I think the Widget should work. Waiting for @semon to confirm.
hello @bruno29a@Daniel_Weikert ! thanks a lot for your inputs. I tried the String Widget and it seems to work. I would love that the widget pops the view at each workflow execution but I have to “execute and open view” the node. I wonder if their shouldn’t be a way to obfuscate part of a workflow so that he state is never saved.
Hi @semon , I’m not sure how you can force the workflow to save as unexecuted. In terms of popup, alternatively you can also use a Java popup for input of the password.
I created a 4th Method for this, and it will popup a prompt for the password like this when you run the workflow:
