Resolving an Attach File Control "Forbidden" Server Error

Follow

Problem

The BP3 Brazos UI Examples Application includes demonstrations of the attach file control. These examples connect to either the internal BPM repository or the BP3 Alfresco ECM server. When attempting to upload files to the BP3 Alfresco document repository you may encounter the following error message from your BPM server:

This error may also be seen in custom solutions using the Attach File control when attempting to connect to external ECM servers.

Cause

Starting with release of the security APAR CVE-2015-1904 (JR53209), BPM is by default configured to prevent creating, updating, or downloading external ECM documents. Document tasks related to the internal BPM document repository are not affected by this iFix.

Solutions

There are three methods outlined by IBM to allow access to external ECM repository documents.

  1. Disabling authorization services can be done by modifying server configuration files. This is not recommended due to the security vulnerabilities this presents; doing so essentially undoes the changes introduced by the security iFix.
  2. For custom solutions, the "Always use this connection information" configuration for the ECM server can be cleared to allow user credentials from BPM to be used with the external ECM server. The external ECM server may need additional configuration to work with BPM.
  3. Creating and using an integration service to authorize users is an option in newer versions of BPM and is useful in situations where the ECM server is not integrated with BPM authorization systems.

For purposes of the Brazos UI Examples application, method three is the preferred choice. Disabling authorization services is not recommended and the BP3 Alfresco server is not configured to handle BPM user credentials. However, it should be noted that this option is not available in BPM versions prior to 8.5.6.

Simple Authorization Service

Since the BP3 Brazos UI Examples application is targeted towards BPM designers, it is expected that it will only be installed on lower environments which would already have access controls in place. Starting with v4.9.0 of the toolkit, the Examples application includes an extremely simple authorization service that gives document access to the BP3 Alfresco ECM repository to any user running the Examples application.

  • Open the BP3 Brazos UI Examples application in Process Designer and navigate to the Servers tab of the main Process App Settings page. Select the Alfresco server. You should see the following pre-populated server settings. 
  • Click Select next to the External ECM Document Authorization Service option and pick the "BP3 Alfresco Authorization" integration service.
  • Save the changes to the BP3 Brazos UI Examples application.

The Attach File controls from the Attach File Demo that utilize the BP3 Alfresco server will now allow you to upload documents without errors.

 

Have more questions? Submit a request

Comments

Powered by Zendesk