Discussion
cLSA Security Excellence webinar recording + handout - January 2021
On January 11 and 12 we hosted the cLSA Security Excellence webinar as part of the CLSA Continuous Excellence Enablement (C2E) program that is focussed on targeted content on platform topics and from a Pega 8 perspective. This webinar was focussed on security and discussed authentication, authorization and security features in Pega.
As an attachment the handout is added (visible when you are logged in).
We hope you enjoyed the session. We are working on the answers to the questions that couldn't be answered during the session and will make those answers available as soon as we can.
tx
Dion
I would like to understand the requirements around this better; specifically around which application to choose. Is that dynamic or not. Could you please send me an email (dion.lammers@pega.com) so I can look at this further.
On Slide 33, it is using a DataPage property in the Mapping example. I know the screen was taken from 8.5. I want to make sure that the use of a DataPage property is also supported in 8.4.
thx
Terence
Around the use of data pages for the operator provisioning; this should be available as of 7.4. This was the first version that supported a genuine declarative approach with Data Pages and Data Transforms.
Tx
Hi Dion, in the example on at around slides 48, for the purpose of securing a Pega API using OAuth2, it was using Pega as an OAuth2 Provider.
If we have a requirement to use an external OAuth2 provider for exposing a Service REST:
- Can we still use "OAuth2" in the Service Package Authentication Type?
- If yes, how do we configure to use the external OAuth2 provider's JWK url's?
- If not, if we use "Custom" in the Service Package Authentication Type, what should be done? Any links to examples will be appreciated.
Hi Terence,
When processing an external JWT, we set the Service Package to Custom and use pxProcessJWT activity to call the Token Profile. The identity mapping page created can then be used by the activity that calls pxProcessJWT to map to an existing operator with the correct AG and roles to run the API. You can create a key store instance of type URL to reference the JWK. This key store instance can be referenced from the Token Profile.
This picture shows the interaction:
@DionLammers
How to map multiple access group when user have access to multiple applications. What is the recommended approach to dynamically assign one or more access group to a user during user authentication.
I found below article related to this, but it describes how to configure a single access group and activity so that the correct role combination is dynamically added to the operator's clipboard page when they log in, but not multiple access group.
https://community.pega.com/knowledgebase/articles/security/85/dynamically-adding-roles-during-user-authentication