Page tree
Skip to end of metadata
Go to start of metadata

Note: In Release 10.3, the Security Token will be supported for Early Access customers only. Customers interested in joining the EA use should contact their CSM.

To enhance the security of the traffic between automation scripts and the Perfecto Lab, Perfecto has instituted the use of a Security Token used by the different automation tools when activating the Perfecto Lab system. The Security Token is a unique key assigned to an authorized user.

The Security Token will become invalid only in the following cases:

  • The user generates a new Security Token. This prevents use of outdated automation scripts, that may have an old token included.
  • The token has not been used for a period of 3 months. This solves the problem of zombie tokens being used, for example when a user quits the company.
  • The owner of the token is disabled or deactivated from the Perfecto Lab.

Limitation: Use of the Security Token is not supported for On-Prem Perfecto Lab installations.

 

Generate a Security Token

The Security Token is generated based on your personal Perfecto Lab credentials. Use the following procedure to generate a new token.

Note: Generating a new Security Token will invalidate any existing token associated with your credentials.



Step 1:

In the Perfecto Lab interface or in the Plugin interface, click More -> Create security token in the top right corner

 

 

Step 2:

Enter your password in the popup window and click the Get new token button -

 

 

 

If a Security Token is already associated with your username and password, then the dialog window will include a reminder that creating a new token invalidates the existing token.

 

Step 3:

Get your security token:

 

 

Step 4:

Click the Copy to clipboard link and save your new security token.

The Security Token should be saved in a location that can be accessed for use in:

Special Notes

  • If you use multiple Perfecto Labs, a separate Security Token needs to be generated for each Perfecto Lab.
  • The Security Token must be included in its entirety, wherever the token is supplied. It is recommended that the entire token be saved in a location that can easily be used to copy and paste the token.

In Automation Scripts

Automation scripts should now use the tester's Security Token, in place of the username and password, for validation. This should be updated in all automation scripts whenever the tester generates a new token.

Perfecto Native Automation

The transfer to the Perfecto Security Token is transparent to the user and his scripts. This is automatically controlled by the user's session and validated as part of logging into the Perfecto IDE.

Selenium/Appium Scripts

The Perfecto Security Token is added to a Selenium/Appium automation script by using the Perfecto supported securityToken capability. This should replace the use of the user and password capabilities.

//      capabilities.setCapability("user", args[1]);
//      capabilities.setCapability("password", args[2]);
		capabilities.setCapability("securityToken", "eyJhbGciOiJSUzI1NiJ9.eyJqdGkiOiI1NTg2MjBmZi1lMTAyLTRlNDAtOTQwNy03Y2U2MzMzODMzYTgiLCJleHAiOjAsIm5iZiI6MCwiaWF0IjoxNDk0MjM1NjA1LCJpc3MiOiJodHRwczovL2F1dGguYXdzLXN0Zy5wZXJmZWN0b21vYmlsZS5jb20vYXV0aC9yZWFsbXMvcWF0ZXN0bGFiLXBlcmZlY3RvbW9iaWxlLWNvbSIsImF1ZCI6Im9mZmxpbmUtdG9rZW4tZ2VuZXJhdG9yIiwic3ViIjoiNDVjYmE3OTYtOGUxZS00MDZmLWJiODAtMTVhNTgxOGZmYzk3IiwidHlwIjoiT2ZmbGluZSIsImF6cCI6Im9mZmxpbmUtdG9rZW4tZ2VuZXJhdG9yIiwic2Vzc2lvbl9zdGF0ZSI6ImIxODU5Y2JiLWUwZGUtNDI4OS04NGYzLTdmZjY5ZGNhMWE2MyIsImNsaWVudF9zZXNzaW9uIjoiNGU3YjFhNGEtMmJhNi00ZTNmLWFkYzgtNmNkNjNhYTA1MGQ5IiwicmVhbG1fYWNjZXNzIjp7InJvbGVzIjpbIm9mZmxpbmVfYWNjZXNzIl19LCJyZXNvdXJjZV9hY2Nlc3MiOnsiYWNjb3VudCI6eyJyb2xlcyI6WyJtYW5hZ2UtYWNjb3VudCIsInZpZXctcHJvZmlsZSJdfX19.UhkpFwRp5KnwEKr8uk08PuH0wIucdv-9_1dX8to0qcR_rMelEgn6E4US8vp-ZAJSIMiEsND49PTo3Fd_2IbHrGGcddQK4_dGy7dmHrtdt1_SOphu5QkJQgoqgzngNoJrTr1XPAiiTYsb1iRg3sGHywekMgMrUnoj3ecc-CoBTepiJpa-cd3Wc_zWf2EAuHReCNRvoaMpKN6YoMzrX39WQDR08PBMlTPN74oEMMzjIkavHb1TGRiVDuB-uDmrH2i822oDlg501k_llC8zisA7pWJkf03iYeAHitXPbQPOK8L4_qUV2BGPMY3Ul9prutsQIalYCHkgEQQU0IB_6CO6fQ");

if the Security Token is either incorrectly supplied (for example, missing some characters) or invalid - the script will fail on a Perfecto Exception with a message:

"Access denied - cannot authenticate user"

Validating a Security Token

To verify that the Security Token that you have saved is valid, use the tool supplied by clicking on Validate security token in the More... menu of the Perfecto Lab.

The following dialog box is displayed - copy the token into the text entry field and click Validate.

Possible results are:

  • If token is valid: The security token is valid
  • If token is expired: The security token is expired
  • If token is invalid: The security token is invalid
  • If the token's owner is no longer active in the Perfecto Lab: The security token belongs to a disabled user
  • If there were problems running the check: Failed to validate the security token.