ICRT Process User Roles and URLs

I am in complete agreement with the current wisdom of designing security in from the start. When developing, it is often more expedient to leave the security out until everything else has been tested to reduce the number of parts that need to be evaluated when debugging, and I (for better or worse) take the expedient path most of the time.

Recently I built some Informatica Cloud Real Time (ICRT) Processes intended for use as web services and built them with Anonymous access allowed up until completion, at which point I added the authorized users to the list to lock them down. And then found that they would not run when provided the correct authentication.

I will spare you the many things I looked at to resolve the issue and simply point that my excuse for it taking so long was the nature of the response when calling the service, which was “HTTP Status 403 – User is not authorized to perform operation within tenant context”. With that error my pursuits at debugging were focused on security configuration.

The actual source of the issue is that once the process is deployed requiring authentication, it uses a different URL format. To wit the unauthenticated structure is:

https://[SEGEMENT] .rt.informaticacloud.com/active-bpel/public/soap/[ORG ID]/[PROCESS NAME]

and the authenticated URL is:

https://[SEGEMENT] .rt.informaticacloud.com/active-bpel/soap/[PROCESS NAME].

So, be sure to publish the correct authenticated URL to clients while developing and update your test client when finalizing.

Facebooktwitterredditlinkedinmail
© Scott S. Nelson

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.