Summary:
Web Login Links are a MassTransit feature that allows quick login access for web client users by providing a clickable web browser link in an email. This article describes how to configure and use these links as well as the security risks of the different types of email links when an email is intercepted by a third party.
For information on web login links for MassTransit, please refer to the Email Notification Tokens page.
Description:
Email Passkey Login:
For MassTransit Email Passkey Actions there are 4 new tokens that can be used to send email to a contact that will contain a FTP or HTTP link allowing the contact to click the link and retrieve files from the MassTransit server. These links can either take the contact to the MassTransit Web (MTWeb) or FTP login page with the contact's user name already populated. If the link also contains a passkey, the contact is automatically logged in the MTWeb or FTP site without having to know his/her username and password.
The specific token names are:
$${{FTPLink}}
$${{FTPLink_passkey}}
$${{HTTPLink}}
$${{HTTPLink_passkey}}
When configuring an email action in MassTransit, add these tokens to the body text of the email and the link will be automatically generated when the email is sent.
In order to use these new tokens, you must configure four settings in the MassTransitEngine.cfg file.
- HTTP_DOMAIN=http://10.10.3.56 or =https://10.10.3.56
- FTP_DOMAIN=masstransit.grouplogic.com
- PASSKEY_DEFAULT_TTL_HOURS=5
- PASSKEY_DISABLED_AFTER_LOGIN_MINUTES=20
The .cfg file contains information on how to set each of these values.
Note: Any time you make a change to the MassTransitEngine.cfg file you must restart the MassTransit engine for the changes to take effect.
In addition to providing links via MassTransit email actions, these links can be generated and used by scripts for more custom workflows.
COM
For COM support, the following functions handle the Email Passkey Link tokens:
contactobject.FTPLink
contactobject.FTPLink_passkey
contactobject.HTTPLink
contactobject.HTTPLink_passkey
Calling one of the above functions will return a string that represents a clickable url in an email.
Applescript
For Applescript support, new tokens allow retrieval of the Email Passkey Link tokens as follows:
tell application "MassTransit Engine"
set client_id to 9
set emailLink1 to make_link (client id client_id) link_type ftp_link
set emailLink2 to make_link (client id client_id) link_type ftp_link_passkey
set emailLink3 to make_link (client id client_id) link_type http_link
set emailLink4 to make_link (client id client_id) link_type http_link_passkey end tell
Calling one of the above object properties will create a new passkey for the contact with the specified client id and return a string that represents a clickable url in an email.
Security Considerations
There are four types of email links: FTPLink, HTTPLink , FTPLink_passkey, and HTTPLink_passkey. The FTPLink and HTTPLink have different security considerations than FTPLink_passkey and HTTPLink_passkey.
When the FTPLink or HTTPLink types are used, web client users receive emails that contain a web browser link. This link directs the user to the MTWeb login page with their login name field filled in. If the email is intercepted, a third party will know the web client user's login name but NOT their password.
When the FTPLink_passkey or HTTPLink_passkey types are used, emails sent to web client users contain a link with a temporary passkey code. When this link is clicked, the user is automatically logged into MTWeb under their account and are able to transfer files. If the email is intercepted, a third party can log into MTWeb under the user's account until the passkey expires. The only way to fully prevent a third party from gaining access is by ensuring that emails with passkey codes are not intercepted. Another preventative measure to take is to reduce the amount of time a passkey lives by modifying the passkey lifetime parameters in the MassTransitEngine.cfg file.