I am trying to configure an outbound call to a web service which requires Bearer Authentication. To authenticate, you first have to make a POST to a /token endpoint using body in application/x-form-www-urlencode format. This is a fairly common authentication scheme, but Creatio currently only supports Basic or OAuth 2.0. That's fine, I thought I'd implement the token call myself, however it appears the only content type supported is JSON. If I try to add a Body parameter, it is expecting a JSONPath. Is there some way to do this that I'm missing? Otherwise, what would it take to allow url-encoded body parameters, or add Bearer Token as a supported authentication scheme?
The Creatio documentation suggests that basic authentication is only available for the OData API and not for a custom configuration web service. Anonymous/Forms authentication are the only 2 ways to authenticate for configuration web services. Would like to reconfirm this.
A typical system integration use case is the following -
1. Creatio pings an external product/system asking it to do some asynchronous processing.
2. External product/system pings a Creatio custom configuration call back to inform it regarding the status.
Typically, external products only permit registering a callback URL and do not provide for customization to do forms authentication with Creatio. How does one over come this? One way is to make the call back permit anonymous authentication but this is a bad security practice. Is there a way to enable basic authentication for custom configuration services on Creatio?
Custom configuration service becomes available after user authentication via the AuthService.svc. If you don't have a possibility to call it directly from your integration you can create another layer of service from your side to send a response from external product and call auth service and after that configuration web service.
The only way to bypass the Auth service for configuration web services is to create an anonymous web service. As a workaround, you can path login and password to the method in this service and check the validity of credentials in this service using auth service.
Does BPM'Online support SSL-MA authentication? I have a financial services application that I need to connect to BPM'Online. I am going to develop few custom configuration service endpoints on BPM'Online that are going to be consumed by the financial services app. However, there is a requirement from the customer for adding an extra layer of security to any kind of interactions between the systems through client/server signed certificates(could be X.509 certificates) and perform mutual authentication. So, can mutual authentication be performed on BPM'Online?
I'm not sure what is the difference between "mutual authentication" and just a simple authentication to an SSL application. According to the article by the link below, it seems like there is no difference.
Please find how to call a bpm'online authentication service in the article by the link below. Please read all the article from the very beginning to the very end before creating the integration. There are lot of tricks that you have to use are described there.
Here is academy article regarding single-sign-on to bpm'online instances and there is no information on integration with Google accounts. We will register this as a suggestion for the improvement of bpm'online services.
