Dear community,
Our users with role Connect Designer, have created data feeds and dashboards in the past. Now, after a user changed their password, their data feeds (and consequently their dashboards) have become unaccesable, error message: "Connection failed JBPMZCE350 Unable to establish connection to resource... Status 401 - Unauthorized".
We would expect that changing ones password does not invalidate access to resources, but apparently it does.
My question is, is this normal behaviour or a bug? And second, how can we fix this?
Thanks in advance,
~H
PS, resetting the password to the old password is not an option, as passwords are automatically generated by a password manager (organisation policy). Also, never changing the password is not an option: organisation policy.
Hi Harm.
yes, that is what I meant. But it looks like that's not the solution.
Please see Rune's comment: Do you use a technical user account for authentication? If not, the passwords must also be changed in the corresponding area (e.g., datafeed settings), too.
A recommendation from my side is to set up a technical user account for the authentication.
Kind regards
Eva
Dear Harm,
Did that user enter an authentication in the data feed? Then the password is outdated there.
Or did that user enter an authentication for the dashboard alias "Feed URL"? Then the password is outdated there, too.
An alternative to the comon practice above could be to switch to SSO user token. This could resolve the dependency of a user's password:
However, this would require that all users are granted access to all dashboards, all data feeds and all their data sources, such as other ARIS apps or files located in ARIS Document Storage. Means, this could lead to a high maintenance effort when often adding new user accounts.
Therefore, another option is common practice: use a technical user account for authentication.
Cheers
Runè
Hello Rune,
Thanks for the elaborate answer. We use the first option always. We changed the password as you describe. However, it doesn't work, always the same error message. Caching perhaps, we don't know?
In case we create a new data feed from scratch, query works fine. However, recreating all our data feeds like so, isn't a viable option from a end-user perspective, they will not accept recreating every data feed they've build over the years after each password change. If this is indeed "how ARIS works", it's really bad imho.
As your third option you recommed that we use a technical user account. Will this result in the same issue as the second option (SSO token), namely it requires that all users are granted access to all dashboards, all data feeds and all their data sources, right? In addition, this technical user account can never change it's password and it consumes an additional Connect Designer licence, right?
Kind regards,
Harm
When a new dashboard/data feed works fine, was that authenticated with the very same user account which was used when the older feeds were created?
In case the password has been manually entered then it's dependency which ARIS can't resolve automatically.
Cheers
Runè
Hi Runè, yes same user using his new password. So the isssue is most probably occuring in the authentication not being processed correctly. Pls rule out typo's in entering username/paswword. We're definitely made sure no typo's were made.
Going forward, this basically would mean that each user needs to recreate their existing data feeds as a new data feed, as re-entering the new password in the old data feed doesn't work. Is this really how it works or is there also a user-friendly option ;-) ?
Can you please react on my questions / asumptions about the technical user account option? Thanks in advance.
Cheers
Harm
Maybe we'd better talk as there might be more details to be checked.
Reentering a password could be eleminated when using SSO as then the user's token is being used.
The technical user could be "system" as I guess that account's password won't change so often.
Cheers
Runè
Hi everyone,
SSO is definitely a good approach, but still it would be good to know the root cause of the issue concerning the re-entered new password. From a developer perspective, I think, we could rule out a caching issue. The first thing that comes into my mind is that after updating the CXF library to a newer version, we had problems with certain special characters. This also impacted Basic Authentication credentials in some cases. For further investigation I need more information about the installation, like the exact version and other details. I suggest opening a ticket through our customer support. Then we could also arrange a remote session.
Best regards,
Gerhard
Hello Runè, Gerhard, I've created a support incident (SI-470686). Thank you for helping me.
BTW, I relieved some pressure of the end-users by authenticating with system account, however this does not solve the unlying problem of users not be able to change their credentials on their data feeds.
Kind regards,
Harm