Trusted User Account: Unexpected Behaviour if Passwords Do Not Match

Liz Sanderson
Liz Sanderson
  • Updated
Known Issue IDFMESERVER-13569
DiscoveredFME Server 2019.2
AffectsMultiple Versions*


* Verified only with FME Server 2019.2. This is a configuration issue and may affect versions as far back as FME Server 2016.


FME Server has the ability to provide unauthenticated access to workflows through the Trusted User Account. Administrators can change the default password of the Trusted User Account for any of the FME Server Web Services by manually editing the file for each web service.

However, if the password is only changed in the file, and it does not match that of the Trusted User Account as configured in the FME Server, then unexpected behaviour can occur:

1. Unauthenticated users may not be able to run FME Server workflows. The following message will be displayed:

HTTP Status 401 – Unauthorized
The request has not been applied because it lacks valid authentication credentials for the target resource.

2. Users may be required to sign in with no username or password instead of the ability to access workflows without authenticating. This may affect any web applications, scripts, or workflows that are designed or required to have unauthenticated access.


Documentation is updated for FME Server 2020.0 and newer to make this more clear for FME Server administrators.

There are no further product changes planned. The Trusted User Account is designed to provide unauthenticated access, and for this reason this issue is not classified as a security concern.

Note: FME Server administrators may also disable the Trusted User Account to prevent unauthenticated access. By default, this is the guest user account – this user account has very limited access to FME Server unless configured differently by an FME Server administrator. (This user account may be disabled by default in newer releases of FME Server.)

Was this article helpful?



Please sign in to leave a comment.