We are going to implement Genesys chat widget in our organization in an existing web application based on J2EE. According to the architecture diagram, first the widget will make a request to the backend to JSON data with client information, once the chat widget create a connection with Genesys server, all the communication will happen from this widget to Genesys server directly.
We are concerned about the security with this approach as the communication is directly between browser and Third party server (over HTTPS).
Any idea how to make it secure and prevent from false identity attack?
If you want security, you need to authenticate the users before enabling chat. This way, you control all the User Data that is passed on to the Genesys Widget.
Else, there's no stopping them from entering false names, mobile, and emails which will be used to link to contact history in UCS.
Related
I am testing an application which is configured with Microsoft AD MFA. Whenever i login into application with my user id and pwd, i receive a push notification in my mobile from microsoft authenticator application which states "Approve" or "Deny" request.
Here we need to find out solutions for these two below mentioned problems :-
how can we handle the push notification that we receive in mobile while login using JMeterenter image description here.
how to perform the load test execution with these 2MFA enabled by handling the push notification and token expiry.
Your test should focus on your application only any external dependencies must be excluded. You are not load testing Microsoft servers, are you?
So if your test is making requests to one of the "forbidden websites" most probably these requests need to be removed.
If for some reason it's not possible - ask around if it's possible to turn off Azure authentication.
If it's not possible - ask whether it's possible to turn off the 2nd factor.
If it's not possible - ask whether it's possible to switch it to something you can handle easily like OATH Software token
As the last resort you can use a browser automation framework like Appium for automating the approval process on your mobile device/simulator
We have to integrate calendar feature of outlook exchange in our application, need to customize the UI for meeting room booking.
One way will be to use via registering the app in Azure AD and call the Graph API's for accessing data.
Can we access these API's without registering the app in Azure AD?
No, you cannot access Graph APIs without registering your application. The registration manifest declares how your app will authenticate against Graph, its web server location and which resources it requires access to. Without this mechanism anybody can write code to delete all of your email.
Looking for client side details / documentation on how to access the Wakanda server side progressIndicator details from an Angular application.
I find the latest server side docs on progressIndicator, but nothing on how to access these from the client.
In the old days of WAF, the communication was handled via the widget. I'm rewriting clients and do not find any documentation on the client side.
Thanks
In V1, WAF offers a widget to periodically connecting to the server using the name of progress indicator as the reference.
In V2, the progressIndicator is available in REST API via rest/$info/ProgressInfo.
The call to {ServerIP}/rest/$info/ProgressInfo will return an array of current progress indicators on the server side. Each object represents an active progress indicator containing information like value, max, start time, etc.
Below is a quick example of calling rest/$info/ProgressInfo with the example code from Wakanda doc. The two calls are about 5 seconds apart:
Notice the fValue has been updated on the server. The developer can check for the updated value periodically and present it in customized progress bar, tag or progress bar from libraries like Angular Material.
Hope this helps.
Updated Requirements for $info:
When Wakanda server is in Controlled Admin Access Mode, $info is only available to users in Admin group, this requires the user log in and have an active session that belongs to admin group. This is documented in $info doc page.
The Controlled Admin Access Mode is not implemented in 4D Web server so $info will always work when sent directly to 4D. But this is highly not recommended because you will not be able to manage sessions and each REST call will consume a new client license.
In order to use progress indicator via $info in your Wakanda app, I would recommend considering disabling Controlled Admin Access Mode by implementing custom authentication using login listeners.Or, use getProgressIndicator() in RPC/Dataclass methods to implement a new REST access to display progress indicator to all users.
I need to implement live customer support chat to liferay 7.
Portal will provide capability for the end user to chat with the support users for online issue resolution, technical and non technical help. Portal support team can support the end users over chat as well over E-mail for the first tracking issue resolution. The user will be provided with a hyper link at footer of each page to start Web Chat. Once the user clicks on Web Chat the Web Chat window will be opened for communication. User can put his/her e-mail id, issue category and queries to start Web Chat. Once the Web Chat will be initiated by user, one chat window will be opened at for support user who is logged in mediation portal to provide support. If the support team is not available, then the end user will be communicated with a message that, Customer support teat will be in touch with you soon on e-mail. The user chat requests will be allocated among the support users those who are logged in mediation portal in round robin method.
There is the native chat portlet, but I really do not recommend using it for your case, your case is a bit more complex then what comes out of the box. You will be better served if a support system plugin.
I like https://www.zendesk.com/chat/
Which is pretty easy to install and customize.
I am developing an API for a social network website. This API will basically get all the requests from the users (get friend list, post a status update etc) and reply back if necessary.
We will implement OAuth 2.0 protocol for authentication. Consumer (our php project) has API id and secret.
Basic scenario:
Client wants to log in
API Consumer (php web project) takes this request, directs user to API
User send his/her user credentials to the api, gets the token.
User comes back to our website, pass token to the consumer.
Consumer goes to the api server, gets the access token.
Now consumer (php project) has access to user's private information.
Since this is a social network website, we want app developers to be able to use our API in the future.
I am not experienced in API-design. Does that flow make sense? I guess the simplest authentication would be accessing user information through php project. But we don't want to access database in php code. We will use ajax in client side and send a request to the API. And I believe there should be a better solution, what would you suggest?
Sure, API design is basically point where you need to choose technology.
Either it can be PHP or .net or Java.
I would prefer either PHP or .Net as we get lot of flexibility in it.
API will return XML or Json depending upon the request.
There are lot of CMS in php which can be helped.
.net we have Service Stack to help you.
API's had to be fully independent from other world as well as within API method as well.
If you are able to achieve this, then you will surely create a good architecture.