To enhance the security of the traffic between automation scripts and the Perfecto Lab, Perfecto has instituted the use of a Security Token used by the different automation tools when activating the Perfecto Lab system. The Security Token is a unique key assigned to an authorized user.
The Security Token will become invalid only in the following cases:
- The user generates a new Security Token. This prevents use of outdated automation scripts, that may have an old token included.
- The token has not been used for a period of 3 months. This solves the problem of zombie tokens being used, for example when a user quits the company.
- The owner of the token is disabled or deactivated from the Perfecto Lab.
The Perfecto Security Token system will work properly with installations that support an external IDentification Provider (IDP), with some small changes, see below.
Generate a Security Token
The Security Token is generated based on your personal Perfecto Lab credentials. Use the following procedure to generate a new token.
Note: Generating a new Security Token will invalidate any existing token associated with your credentials.
In the Perfecto Lab interface or in the Plugin interface, click More -> Create security token in the top right corner
Enter your password in the popup window and click the Get new token button -
When generating a security token on an installation with an external IDP, there is no need to supply a password. Just click the Create token button:
If a Security Token is already associated with your username and password, then the dialog window will include a reminder that creating a new token invalidates the existing token.
Get your security token:
Click the Copy to clipboard link and save your new security token.
The Security Token should be saved in a location that can be accessed for use in:
- If you use multiple Perfecto Labs, a separate Security Token needs to be generated for each Perfecto Lab.
- The Security Token must be included in its entirety, wherever the token is supplied. It is recommended that the entire token be saved in a location that can easily be used to copy and paste the token.
In Automation Scripts
Automation scripts should now use the tester's Security Token, in place of the username and password, for validation. This should be updated in all automation scripts whenever the tester generates a new token.
Perfecto Native Automation
The transfer to the Perfecto Security Token is transparent to the user and his scripts. This is automatically controlled by the user's session and validated as part of logging into the Perfecto IDE.
The Perfecto Security Token is added to a Selenium/Appium automation script by using the Perfecto supported securityToken capability. This should replace the use of the user and password capabilities.
if the Security Token is either incorrectly supplied (for example, missing some characters) or invalid - the script will fail on a Perfecto Exception with a message:
"Access denied - cannot authenticate user"
After creating your personal security token, use it to authenticate your user when logging into the UFT testing tool.
- Create your personal Security Token, as described above.
- Copy the Security Token, as described above.
- From the UFT Settings (Tools→Settiings) window -
- Select to Login with - Security Token
- Paste your Security Token directly into the text field.
- Click OK.
- Select to Login with - Security Token
Future connections to UFT will be performed with this Security Token.
The following video shows the complete process:
Validating a Security Token
To verify that the Security Token that you have saved is valid, use the tool supplied by clicking on Validate security token in the More... menu of the Perfecto Lab.
The following dialog box is displayed - copy the token into the text entry field and click Validate.
Possible results are:
- If token is valid: The security token is valid
- If token is expired: The security token is expired
- If token is invalid: The security token is invalid
- If the token's owner is no longer active in the Perfecto Lab: The security token belongs to a disabled user
- If there were problems running the check: Failed to validate the security token.