Posted: 9 Oct 2017 10:09 EDT Last activity: 16 Oct 2018 12:03 EDT
Configuring Pega Web Mashup authentication using http services
We have a requirement in which we need to embed a pega application inside a html page. i have configured pega web mashup to achieve that. but the login screen is coming once the html page is loading initially (index.html). we need to implement in such a way that the login id and password we can authenticate by using http service so that we can directly show the gadget while the html page is loaded. Is there any way to achieve this functionality?
**Moderation Team has archived post**
This post has been archived for educational purposes. Contents and links will no longer be updated. If you have the same/similar question, please write a new post.
Thanks for providing the above snippet .I check with above code it is working. i am able to logged in by providing the login details in IACAuthentication and directly calling that activity from the script. I have one question can we pass the login details information through http services and call them through the html page in JS. so that in request header will get that information and pass the same to IACAuthentication.
This does not longer work with IAC in Pega 7.3.1 . The url /prweb/PRServlet=Code-Security.IACAuthentication does not work . Is there an alternate way to do this in this version that uses a snippet with this url /prweb?pyActivity=pzIncludeMashupScripts
Whenever I test or work with clients on Mashup implementations I am using the servlet "IAC". This is mapped to the AuthService IACAuthentication and ends up calling the activity IACAuthentication. I have never had to specify the Code-Security.IACAuthentication in the gatewayURL Mashup attribute or call it directly in scripts.
The AuthService IACAuthentication is a simple PRCustom style authentication implementation. On the Custom tab there is a "Source of operator Credential" drop down option that lets you specify one of two options:
Use externally stored credentials
Use Credentials stored in PegaRULES - This requires a valid PRPC operator id and a base64 encoded password. This is the default for the IACAuthentication service and is good for simple testing but not for a production application as the gadget would need to have a parameter value containing the users PRPC password.
In your original issue you may have got to the login screen because the authentication was not working due to missing password? If you are using PRServlet that would require PRPC user id and base64 password.
Now that you have upgraded to 7.3.1 you are getting the script file from PRPC directly with this script block:
This uses the PRServlet and you will see two requests with some redirects before the Mashup doUIAction call:
pzIncludMashupScripts - Gets the mashup scripts
pzGetURLHashes - Part of setting up the mashup and is called from code returned in the pzIncludeMashupScripts
Both of these activities do not require authentication to run. This is done at the engine layer and part of 6 or so activities that don't require authentication. So the use of PRServlet here is fine.
The next call will be the request for the Mashup and authentication will be triggered here as the requestor is still unauthenticated. The AuthService login activity will run at this point and access to the Mashup content will not be allowed until authentication passes.