Question

6
Replies
126
Views
PRATHEEP KUMAR MS Member since 2011 22 posts
TCS
Posted: June 1, 2018
Last activity: June 13, 2018
Closed

Authentication modification permitted via privileged path only - invalid caller

Hi PSC team..

we are having an issue with our application that is on Pega 7.2.2 + SI 7.11. This service is re-usable one and multiple business process/apps can use it and we are just one of the business process/.application to use it.

Pega application is hosting a service which takes request from upstream system and creates a case. its a soap integration.

Pega service package has the authentication disabled. also on the incoming soap request header, we don't get the user id and password that can be used to authenticate the incoming request.

Rather we get a value in a soap request called process type, based on which our service activity will identify the model operator that ahs to be used for the authentication & case creation context. once we identify the model operator, we use the below code :

com.pega.pegarules.pub.context.PRAuthentication auth = pega.getAuthenticationHandle();
auth.setUserSecurityProfile(pega, UserID);

on doing so we get the error -

2018-06-01 12:00:07,515 [ WebContainer : 14] [ STANDARD] [ ] [ Group:01.01.01] (.authentication.Authentication) ERROR zzzzzzz.machine.test.group|10.xx.xx.xxx|SOAP|GenericDocMgmtServicePackage|Services|GenericNotify|AD035BDF87C5717896BD43D453D68CF78 - Authentication modification permitted via privileged path only - invalid caller: RULE-OBJ-ACTIVITY GROUP-INT-DOCMGMT GENERICNOTIFY #20180531T074219.949 GMT

GROUP-INT-DOCMGMT GENERICNOTIFY - this is our service activity. From this activity we call our custom code - SwitchOperatorForGS() with applies t o class of Code-Security.

on our service activity, the Require authentication to run is un checked and Allow direct invocation from the client or a service is checked.

In this activity, we set the value for UserID (based on our business process model operator id) and invoke below steps:

com.pega.pegarules.pub.context.PRAuthentication auth = pega.getAuthenticationHandle();
auth.setUserSecurityProfile(pega, UserID);

is this a kind of known issue?

have attached the entire error stack trace for reference.

Security
Moderation Team has archived post
Share this page LinkedIn