How To
Archived

How do I remove sensitive data from OpenIDM 2.x workflow requests made via the REST API?

Last updated Jan 5, 2021

The purpose of this article is to provide information on removing sensitive data from OpenIDM 2.x workflow requests made via the REST API. For example, you might want to remove the openidmcontext variable as this contains the request headers and cookies data in the request.


Archived

This article has been archived and is no longer maintained by ForgeRock.

Removing sensitive data

All variables in workflow script tasks are saved by default in OpenIDM 2.x (which uses pre-5.12 versions of Activiti®). These variables can be viewed by the end user using the browser's developer tools.

You can remove sensitive data from workflow requests in one of three ways:

  • Upgrade to OpenIDM 3.x.
  • Remove variables from the workflow request.
  • Completely remove variables.

Upgrade to OpenIDM 3.x or later

Workflow variables are no longer saved by default in OpenIDM 3.x, which uses a later version of Activiti. Instead, you have to specify any variables you want saved so they can be tracked in a workflow task using the Activiti execution.setVariable() call.

You can download OpenIDM 3.x or later from BackStage.

Remove variables from the workflow request

You can remove variables from the workflow request by amending the gettasksview.js file (located in the /path/to/openidm/bin/defaults/script/workflow directory). This approach means the variable is still included in the workflow, but is not accessible via the browser's developer tools. For example, to remove the openidmcontext variable, you would add the following line to line 178 in this file:

delete task.variables.openidmcontext;

The resulting section of the file would now look like this:

175| for (var i = 0; i < tasks.length; i++) { 176| var taskId = tasks[i]._id; 177| var task = openidm.read("workflow/taskinstance/"+taskId); 178| delete task.variables.openidmcontext; 179| if (!view[task.processDefinitionId+"|"+task.taskDefinitionKey]) { 180| view[task.processDefinitionId+"|"+task.taskDefinitionKey] = {name : task.name, tasks : []}; 181| }

You can remove other variables by replacing openidmcontext with the appropriate variable name.

Completely remove variables

You can completely remove variables so they are not available in the workflow or accessible using the browser's developer tools using the Activiti execution.removeVariables() call. For example, to completely remove the openidmcontext variable from the workflow, you can add the following statement:

execution.removeVariable('openidmcontext');

See Also

OpenIDM Integrator's Guide › Integrating Business Processes and Workflows

Activiti User Guide - Script Task

Related Training

N/A

Related Issue Tracker IDs

OPENIDM-1745 (Activiti version change, different configuration files)


Copyright and Trademarks Copyright © 2021 ForgeRock, all rights reserved.