Posted: 27 Jan 2020 12:02 EST Last activity: 28 Jan 2020 9:44 EST
Fail error during Single Sign On using built on application
We have a SSO implementation using custom authentication activity. The requestor type is mapped to an unauthenticated access group with PegaRULES:Guest-Maximum as user role. The AG is mapped to an application A whose rule sets have the authentication service and the authentication activity. The authentication activity invokes a connect-http service which is also in rulesets belonging to application A.
Due to some changes, we have created an other application B and added application A as built on to B. Now, we are referring B in the earlier mentioned Unauthenticated AG. We are seeing error during the execution of the connect-http service. I error we see is:
Only authenticated client may start this activity: RULE-OBJ-ACTIVITY RULE-OBJ-REPORT-DEFINITION PXRETRIEVEREPORTDATA #20160614T132614.161 GMT ReqID=HF4B40208D8E3C8E194ABCD195572BF74
com.pega.pegarules.pub.PRRuntimeException: Error: You lack access required to execute RULE-OBJ-ACTIVITY RULE-OBJ-REPORT-DEFINITION PXRETRIEVEREPORTDATA #20160614T132614.161 GMT.
This error does not happen when we directly map application A to the unauthenticated AG. I can understand that PegaRULES:Guest-Maximum does not have access to the class Rule-Obj-Reportdefinition and hence I can see this error. However, Can some one help with this issue to understand why Pega is trying to run a RD when application B is mapped and used as built - on to A.
Attached log for further information
***Edited by Moderator Marissa to update platform capability tags****
in which application is located your custom activity?
I think it should be either a standalone one or in B.
If in A, since you're not yet authenticated, I guess you cannot yet access it.
If it's a standalone SSO application, then in Advanced tab of prpc:unauthenticated you should mention it in the Production Ruleset. As such unauthenticated can yet still execute activity from your SSO package.
The custom activity is in application A which is stand - alone and built on PegaRules. I am able to access all rules in A except that I am seeing the error while running the connect-http rule. Since, this application is a build - on for application B, which is mapped to the unauthenticated AG, there shouldn't be any issue. More analysis of logs revealed that the issue is with one model rule that is circumstanced to load the data page that holds the end points for the connect - http rule. Not sure why this error occurs when using A as built - on to B.