Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

For some authentication methods you may need to use a script (or web browser) to login to a data source and generate an access token to use in your connection string. The access token could then be added in the  Profile  file record as the password for a connection. If you have use expiring tokens with a scheduler then you will need to create a script to refresh your tokens and restart update your scheduler service to pick up the new tokensprofile records, see the Scheduler Configuration section for more details.

This would involve the following general steps to be implemented in a script:

  1. Log in to a server and get a new token (this should be a non-interactive process for the Scheduler).
  2. Encrypt the token with Windows DPAPI ensuring the script is running as the same Windows User as the scheduler service.
  3. Create a base64 Unicode string from the encrypted token
  4. Modify the Scheduler  Profile  file (which is in .JSON format) replacing the password on the affected connection with the base64 string.
  5. Restart the Scheduler service OR select ‘Poll for Status and Refresh  Profile’ from RED for the Scheduler.
  6. Use a script similar to wsl_scheduler_profile_maintence script in RED, that takes the Scheduler Profile Encryption Password and your new token then updates the affected profile record in the redadmin.ws_scheduler_profile metadata table using the WhereScape Encryption Utility
  7. After the above profile record is updated, any further scheduler tasks will pick up the new token.

Anchor
encryptWithDPAPI
encryptWithDPAPI
Creating Windows DPAPI Encrypted Base-64 Unicode strings using PowerShell

Tip

The encryption and decryption process below can also be achieved using the Encryption Utility


Example PowerShell script to create an encrypted base-64 Unicode string using Windows DPAPI:

...