HV

Dear community,

Our users with role Connect Designer, have created data feeds and dashboards in the past. Now, after a user changed their password, their data feeds (and consequently their dashboards) have become unaccesable, error message: "Connection failed JBPMZCE350 Unable to establish connection to resource... Status 401 - Unauthorized".

We would expect that changing ones password does not invalidate access to resources, but apparently it does.

My question is, is this normal behaviour or a bug? And second, how can we fix this?

Thanks in advance,
~H

PS, resetting the password to the old password is not an option, as passwords are automatically generated by a password manager (organisation policy). Also, never changing the password is not an option: organisation policy.

by Eva Klein
Badge for 'Community Team' achievement
Posted on Tue, 05/24/2022 - 10:05

Hi Harm,

could you please reload the page or clear the cache after you get the message that your connection failed. It looks like there is a caching problem.

Does it help?

Kind regards
Eva

 

0
by Harm Verschuren Author
Posted on Tue, 05/24/2022 - 13:23

In reply to by Eva Klein

Hello Eva,

Do you mean the browser cache?
If so, the situation is reproducible on different machines, browsers and browser-sessions and it didn't solve the problem. In case you meant another cache, can you pls explain? TIA.

Kind regards,
Harm

0
by Eva Klein
Badge for 'Community Team' achievement
Posted on Tue, 05/24/2022 - 14:13

In reply to by harmv

Hi Harm.

yes, that is what I meant. But it looks like that's not the solution. 

Please see Rune's comment: Do you use a technical user account for authentication? If not, the passwords must also be changed in the corresponding area (e.g., datafeed settings), too.

A recommendation from my side is to set up a technical user account for the authentication. 

Kind regards
Eva

0
by Harm Verschuren Author
Posted on Tue, 05/24/2022 - 17:02

In reply to by Eva Klein

Hello Eva, we don't use technical user accounts. More explanation is found in Runè's thread. Pls feel free to add to that thread.

Kind regards,
Harm

0
by Runé Becker
Badge for 'Mastermind' achievement
Posted on Tue, 05/24/2022 - 10:31

Dear Harm,

Did that user enter an authentication in the data feed? Then the password is outdated there.

Or did that user enter an authentication for the dashboard alias "Feed URL"? Then the password is outdated there, too.

An alternative to the comon practice above could be to switch to SSO user token. This could resolve the dependency of a user's password:

However, this would require that all users are granted access to all dashboards, all data feeds and all their data sources, such as other ARIS apps or files located in ARIS Document Storage. Means, this could lead to a high maintenance effort when often adding new user accounts.

Therefore, another option is common practice: use a technical user account for authentication.

Cheers
Runè

0
by Harm Verschuren Author
Posted on Tue, 05/24/2022 - 15:04

In reply to by rbe

Hello Rune,

Thanks for the elaborate answer. We use the first option always. We changed the password as you describe. However, it doesn't work, always the same error message. Caching perhaps, we don't know?

In case we create a new data feed from scratch, query works fine. However, recreating all our data feeds like so, isn't a viable option from a end-user perspective, they will not accept recreating every data feed they've build over the years after each password change. If this is indeed "how ARIS works", it's really bad imho.

As your third option you recommed that we use a technical user account. Will this result in the same issue as the second option (SSO token), namely it requires that all users are granted access to all dashboards, all data feeds and all their data sources, right? In addition, this technical user account can never change it's password and it consumes an additional Connect Designer licence, right?

Kind regards,
Harm

0
by Runé Becker
Badge for 'Mastermind' achievement
Posted on Tue, 05/24/2022 - 16:17

In reply to by harmv

When a new dashboard/data feed works fine, was that authenticated with the very same user account which was used when the older feeds were created?

In case the password has been manually entered then it's dependency which ARIS can't resolve automatically.

Cheers
Runè

0
by Harm Verschuren Author
Posted on Tue, 05/24/2022 - 16:59

In reply to by rbe

Hi Runè, yes same user using his new password. So the isssue is most probably occuring in the authentication not being processed correctly. Pls rule out typo's in entering username/paswword. We're definitely made sure no typo's were made.

Going forward, this basically would mean that each user needs to recreate their existing data feeds as a new data feed, as re-entering the new password in the old data feed doesn't work. Is this really how it works or is there also a user-friendly option ;-) ?

Can you please react on my questions / asumptions about the technical user account option? Thanks in advance.

Cheers
Harm

0
by Runé Becker
Badge for 'Mastermind' achievement
Posted on Tue, 05/24/2022 - 17:25

In reply to by harmv

Maybe we'd better talk as there might be more details to be checked.

Reentering a password could be eleminated when using SSO as then the user's token is being used.

The technical user could be "system" as I guess that account's password won't change so often.

Cheers
Runè

0
by Gerhard Müller
Posted on Wed, 05/25/2022 - 08:59

In reply to by rbe

Hi everyone,

SSO is definitely a good approach, but still it would be good to know the root cause of the issue concerning the re-entered new password. From a developer perspective, I think, we could rule out a caching issue. The first thing that comes into my mind is that after updating the CXF library to a newer version, we had problems with certain special characters. This also impacted Basic Authentication credentials in some cases. For further investigation I need more information about the installation, like the exact version and other details. I suggest opening a ticket through our customer support. Then we could also arrange a remote session.

Best regards,
Gerhard

1
by Harm Verschuren Author
Posted on Wed, 05/25/2022 - 09:34

Hello Runè, Gerhard, I've created a support incident (SI-470686). Thank you for helping me.

BTW, I relieved some pressure of the end-users by authenticating with system account, however this does not solve the unlying problem of users not be able to change their credentials on their data feeds.

Kind regards,
Harm

0

Featured achievement

Genius
You like to help others solve their problems by answering questions.
Recent Unlocks
  • KF
  • KH
  • RG
  • Profile picture for user Vee_ARIS
  • Profile picture for user smarty
  • PacMan

Leaderboard

|
icon-arrow-down icon-arrow-cerulean-left icon-arrow-cerulean-right icon-arrow-down icon-arrow-left icon-arrow-right icon-arrow icon-back icon-close icon-comments icon-correct-answer icon-tick icon-download icon-facebook icon-flag icon-google-plus icon-hamburger icon-in icon-info icon-instagram icon-login-true icon-login icon-mail-notification icon-mail icon-mortarboard icon-newsletter icon-notification icon-pinterest icon-plus icon-rss icon-search icon-share icon-shield icon-snapchat icon-star icon-tutorials icon-twitter icon-universities icon-videos icon-views icon-whatsapp icon-xing icon-youtube icon-jobs icon-heart icon-heart2 aris-express bpm-glossary help-intro help-design Process_Mining_Icon help-publishing help-administration help-dashboarding help-archive help-risk icon-knowledge icon-question icon-events icon-message icon-more icon-pencil forum-icon icon-lock