Quick Form Credential Output

I finished building a Python Source node that requires Windows NT authentication. I am utilizing the win32security library to impersonate a user for the duration of the script. This is necessary because these jobs are on a Knime server with a service account that cannot reach the datasources that the script are using. I used the traditional Quick Forms but wanted to mask the password from the Wrapped Node configuration. To do so I used the Credential Quick Form but I am having trouble understanding what the Flow Variable is passing.

My questions are:

What is the expected output?

Does it create an Authentication Token? 

Can I utilized the output with the win32security module in python? 

 

What is the expected output?

The credentials flow variable isn't accessible to the 'end-user'. It's only seen by some node implementations, which can then make use of it. These include the DB nodes, the web service nodes, ssh nodes, etc.... but not the  KNIME python nodes, I think. So if you are using the built-in python nodes you are out of luck, I think.

We do not plan to expose the credentials in the scripting nodes (or write a node "Extract Credentials as plain text") as then everyone could just create a workflow that discloses plain text passwords.

Does it create an Authentication Token? 

It's a KNIME class called Credentials, which wraps some ID and then username+password.

Can I utilized the output with the win32security module in python? 

I don't know this. Is that some SSO magic, whereby you just need the username of whoever is running the workflow (which isn't necessarily the user owning the KNIME process on the KNIME server)?

Sorry to resurrect an old thread, but I have a follow up question:

Is it at all possible to extract the username from the credentials object, or otherwise access the name of the user running a workflow (on the server or locally)?

I understand not wanting to expose the password, but there are legitimate reasons why you might want to access the name. For example tagging some input data or, as I intend to do, passing the user's name on to another service within your own infrastructure.

The Extract Context Properties node returns you the username (among other information about the current workflow).

2 Likes