Directed Web Access submission gives Access Denied Message
Developer has configured an External Assignment where in the external user tries to submit the assignment, and they get an “Access denied” error.
Steps to Reproduce
1. Configure Directed Web Access (DWA).
2. In the section, include a button which performs "finish Assignment".
2. When the external user clicks on the submit button, "Access denied" message comes up.
DWA has it's own Submit and Cancel buttons (which do not require any extra actions or server interactions).
Here is the explanation for the reported behavior.
- DWA can be configured for obtaining some inputs from external parties through email. Most likely for data entry using Text fields, Radio Buttons, Checkbox, dropdowns and so on.
- When the recipient clicks this link, a browser session opens and submits a one-time-only signature token to the Process Commander server. Process Commander evaluates the token to authenticate the external user and displays the assignment in browser window. The user completes and submits the requested information, which ends the requestor connection. The link can be used only once.
- In this case, clicking on custom "Submit" button which performs "Finish Assignment", involves an extra action to be performed by the external user. Since, external user does not have any access to perform any actions except DWA configured "Submit and "Cancel", it gives you "Access Denied" message.
That is an expected behavior in this scenario. Since when the user is trying to perform "Finish Assignment" on click of the button, it means that the external user is trying to perform server interaction which is not allowed in DWA. Hence, is the error message during execution "Access Denied".
Out-of-the-box (OOTB) "Submit" and "Cancel" buttons should be used for the external user.
Other configured buttons might cause server interactions and hence result in access denied error.