The activity is present. Our issue is that's it's not being called. Additionally, we need to Save As of the activity as we need to override it (it's on a PEGA RS so we can't check in, and Private Edit is not an option as we actually need the changes to be applied to the system rather than only for a single operator).
At the time the EstablishOperator activity runs you are not yet authenticated in PRPC. You are authenticated with the context and allowed to access PRPC but now PRPC is going to try to map the user principal to Data-Admin-Operator-ID. Once that is done then you are authenticated with PRPC.
So, your activity has to be available to unauthenticated users in PRPC. You copied that activity to your own ruleset but is that ruleset available to unauthenticated users?
You need to look at your SysAdmin->Requestor Type data rule for <SystemName>.Browser . This contains an AccessGroup that is used for unauthenticated users. Make sure the ruleset you have copied EstablishOperator lives is provided by the AccessGroup.
Note: Don't give unautheticated users access to the same AccessGroup as authenticated users. Instead create a RuleSet like <CompanyName>SSO or <AppName>SSO that is mapped to an AccessGroup that provides the core PRPC and just that one RuleSet used for SSO, Single Sign On.
Thanks a mill for the reply, it was extremely beneficial.
I've added the Requester Type data rule as it was missing. For the meantime, I gave it the same access group I have and which contains the new EstablishOperator activity (I'll be changing that later on once I create the dedicated RS and Unauthenticated Access Group). The EstablishOperator activity still doesn't seem to be getting called. Is there anything else I should be looking at?
After you switched the correct browser requestor type to an new Access Group you can't login through SSO anymore or you can't login at all even through normal PRServlet? If just SSO will need to look at EstablishOperator activity more.
***Updated by moderator: Lochan to remove information on private session***
This is a great discussion and I hate to put in a spanner, but we encourage you to either continue the troubleshooting out here OR we go through an SR if this needs a closer look that's easier through a screen share!
Sorry for the late reply. Back then, we couldn't log in into the system at all. I think that was due to the fact that we've customized our log in screen on a new Unauthenticated Ruleset and the Access Group didn't include that.
As I understand, the best practice is to create a new application that only has access to that Ruleset and make the access group point to that application?