Below post explain the current issue with Workflow Notifications and completed request where the request is only available to view one time.
There is a feature in Applications that allows you to send an email
notification to a user, or group of users when you submit a concurrent request.
The notification itself has the actual completed request as an attachment,
essentially allowing the recipients to view the request without having to log
into Applications. On the Submit Request form, there is an 'Upon Completion'
section. You then click on the 'Completion Options' button. In the next screen
you can enter Applications user names that will get sent the email notification.
The Workflow mailer must be running at this point prior to submitting the
request.
The problem with this feature is that the request that is attached is only
view able one time. Even if users log into Applications or Self Service
Applications and go in to view notifications and try to view the attachment,
it just comes up "Authentication Failed" in the browser.
The problem lies in the URL that gets generated for the call to the Web Report
Review agent (FNDWRR). Embedded within this URL is a temp_id string that is
randomly generated. This string is part of an encryption mechanism that does
not recognize or record the first time the request is accessed and then
regenerates the temp_id string in order to be used again.
Explanation:
This URL will only work once. This is a security feature.
The temp_id is stored in a table, and once it is used, it is deleted.
The security is definitely needed.
Reports can contain very sensitive information, for example, HR reports.
Security is normally done with UNIX file permissions and by the use of responsibilities. However, providing a URL that allows anyone on the network to access a report would be a major security hole.
There is a feature in Applications that allows you to send an email
notification to a user, or group of users when you submit a concurrent request.
The notification itself has the actual completed request as an attachment,
essentially allowing the recipients to view the request without having to log
into Applications. On the Submit Request form, there is an 'Upon Completion'
section. You then click on the 'Completion Options' button. In the next screen
you can enter Applications user names that will get sent the email notification.
The Workflow mailer must be running at this point prior to submitting the
request.
The problem with this feature is that the request that is attached is only
view able one time. Even if users log into Applications or Self Service
Applications and go in to view notifications and try to view the attachment,
it just comes up "Authentication Failed" in the browser.
The problem lies in the URL that gets generated for the call to the Web Report
Review agent (FNDWRR). Embedded within this URL is a temp_id string that is
randomly generated. This string is part of an encryption mechanism that does
not recognize or record the first time the request is accessed and then
regenerates the temp_id string in order to be used again.
Explanation:
This URL will only work once. This is a security feature.
The temp_id is stored in a table, and once it is used, it is deleted.
The security is definitely needed.
Reports can contain very sensitive information, for example, HR reports.
Security is normally done with UNIX file permissions and by the use of responsibilities. However, providing a URL that allows anyone on the network to access a report would be a major security hole.
hi, i am receiving this error in sshr page. Any work around to fix this
ReplyDelete