(...) _id":"08fffc80-37ae-4651-b6b0-a1de65076cd6","error_uri":"https://login.microsoftonline.com/error?code=900144"} Response-Header: Cache-Control: no-store, no-cache Pragma: no-cache Strict-Transport-security : max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff P3P: CP="DSP CUR OTPi IND OTRi ONL FIN" x-ms-request-id: 0768443e-3dcf-41ae-b29c-3bf5c6b66c00 x-ms-ests-server: 2.1.13777.6 - (...)
(...) We are using WEBCON BPS 2022.1.3.45 and should execute some soap actions to to SAP. System.security .Authentication.AuthenticationException: Authentication failed because the remote party sent a TLS alert: 'HandshakeFailure'. Submitting requests via Postman works fine. It seems to be a problem on transport level, related to .netCore/OS and is most likely a problem related to TLS version and Cipher (...)
(...) eskInfo, IProcessesAttachmentMaxSizeProvider processesAttachmentMaxSizeProvider, IAttachmentsRestrictionsProvider attachmentsRestrictionsProvider, IAuthenticationProvider authenticationProvider, IDesksecurity desksecurity ) at Microsoft.AspNetCore.Localization.RequestLocalizationMiddleware.Invoke(HttpContext context) at WebCon.BPSCloud.Portal.Extensions.DesignerDesk.DesignerDeskContextMiddleware.In (...)
(...) Hi there, For security reasons, we need to add a timeout for all user logins such that after a couple of hours, after login, the user will be prompted to log in again. I looked through the GlobalParameters data base and found the following (line 44 - PortalTokenSigningKey) ..."Expiration":"00:00:00","RefreshTokenExpiration":"0.00:00:00","AuthCookieExpiration":"0.00:00:00","AuthCookieSlidingExpirati (...)
(...) eededThenValidate(String input) at WebCon.WorkFlow.Base.Authentication.UserSearcherCached.FindByBpsIdThenByDisplayNameThenSynchronizeIfNeededThenValidate(String input) at WebCon.WorkFlow.Base.security .ElementPermissions.Set(String login, Dicsecurity Levels level, Dicsecurity ChangeReason reason, String reasonAdditional, Boolean isPermanent) at WebCon.WorkFlow.Base.Actions.Setsecurity .SetForAllEl (...)
(...) element, an error message is displayed: "403 - Forbidden: Access is denied.\r\n You do not have permission to view this directory or page using the credentials that you supplied." I checked the security settings for SQLLowPrivilegeUser. Has anyone encountered this error in a newly configured webcon environment? 04.07.2023 Closing. The error was caused by an IIS setting. IP Address and D (...)
(...) Hi, Following a security audit, we are compelled to set the CLR Assembly Permission Sets to SAFE_ACCESS in SQL SERVER. I'm not an expert in SQL. What impact does this setting have on Webcon? Thanks, Raluca
(...) l in the studio to be able to indicate specific logins, maybe ad/bps groups, for which access to the webcon bps portal would be blocked. I think that such a solution would also be advisable for data security reasons, it would make it possible to cut off the user and give him time to make complete changes to the system. On the other hand, it may be worth considering a mechanism that also works the othe (...)
(...) Hello, our information security office has detected a log4j vulnerability. We currently have the log4j-1.2.17.jar version for WebCon BPS 2023 R2 Is it possible to upload version 2.21.1 according to the article https://kb.webcon.pl/security -podatnosc-cve-2021-44228-w-apache-log4j2/? https://logging.apache.org/log4j/2.x/download.html Will the new version of BPS include this type of fix?
(...) tions - but it was not the case in 2022 ver. Do you have any idea how to change it? Thanks. msg: An unhandled exception has occurred while executing the request. | ex: System.ServiceModel.security .security AccessDeniedException: Użytkownik nie ma prawa edytowania elementu WorkFlow at WebCon.WorkFlow.BusinessLogic.BusinessLogic.ElementManagement.WorkFlowObject.WorkFlowObjectForElementFormCre (...)
(...) Hi, We tried introducing a method that will force an inactive user to log out of the portal after 10 minutes. We found the security configuration and changed the cookie expiration time (set it to 10 minutes). Successful logout occurred after 10 minutes. After logging out, a login window appears. In some cases, the user had to enter the correct login and password several times before being able to e (...)
(...) Hi community! I have to remove all privileges (except the author of the element) on current workflow element for security reasons. I tried putting the action 'On exit' of the current step, before executing all other actions (assigning tasks, adding certain privileges, ...) on path to next step. According to an old documentation 'On exit' actions should be executed first and should not be depen (...)
(...) o move and lock Active Directory users. This involves moving the user to a different OU, but I can't seem to find this option in Webcon (other than executing Powershell which I'm trying to avoid for security reasons). Does anyone have experience in this? Greetings from Switzerland Raymond
(...) emObject,localeid,mail,manager,memberOf,mobile,name,objectCategory,objectVersion,ou,pager,physicalDeliveryOfficeName,postalcode,postofficebox,primarygroupid,proxyaddress,sAMAccountName,sAMAccountType,security identifier,showInAddressBook,sn,st,streetAddress,telephoneNumber,thumbnailPhoto,title,userAccountControl,userParameters,userPrincipalName,whenChanged,whenCreated,wwwhomepage?sub?(|(objectClass=user)(o (...)
External content by Daniel Krüger; July 06, 2024 ; The original post has appeared on daniels-notes.de It should be obvious, that you should secure any website with an SSL certificate. There's neither an excuse nor a valid reason for it. Ok, there's one theoretical exception I would accept. You are run a single server environment. Use only local accounts.
(...) bsites are used via a safe encrypted connection (SSL); data are stored at a properly secured servers in the EU; access to personal data is determined by appropriate internal procedures on company security . Despite the security measures applied by WEBCON, every user should follow the principles of security . In order to prevent the account from being used by unauthorized persons, any user should lo (...)
(...) Up to date as of 2024-11-19 The security of our platform is of utmost importance. We monitor the net for news on emerging vulnerabilities, run security audits, and react to issues raised by our clients. We constantly update WEBCON BPS to remove any known security vulnerabilities. On this page, we will compile information regarding security vulnerabilities detected in the system. Each problem li (...)