Hi All
We are looking to create a password reset option for our PAS application.
As part of this we need to allow the user to call various business entities to facilitate this i.e. to lookup OTP's and reset their password essentially unauthenticated.
Our PAS is form based authentication so will not allow the above unless you have authenticated a 'catch 22'.
What have other folks done?
Could you use a 'dummy' account with limited privileges to give access to the password reset BE's only.
Do you create an anonymous PAS instead to serve these BE's and other like them.
Am i missing a trick?
Thanks
Christian.
You can always change the authorization URL's.
For example, if you want to access /web/SportsBE URL without any authentication then in the oeablSecurity.csv you can modify the authorization from a role to "permitAll()". This will allow you to run your ABL without going through any security authentication.
"/web/SportsBE","GET","permitAll()"
But if your ABL code does CP validation then you have to take care of that.
You can always change the authorization URL's.
For example, if you want to access /web/SportsBE URL without any authentication then in the oeablSecurity.csv you can modify the authorization from a role to "permitAll()". This will allow you to run your ABL without going through any security authentication.
"/web/SportsBE","GET","permitAll()"
But if your ABL code does CP validation then you have to take care of that.
HI Irfan
Thanks for that.
I was coming to the same conclusion!
Christian.
Irfan
How would you call an invoke or method on this unauthenticated BE using the JSDO?
Thanks