My requirement is to fail the authentication for the user who doesnt qualify few requirements. I am handling this in OOTB SAML Post Authentication activity. I used below code to stop the authentication but looks like its not working.
Hi @SOLOM Thanks for the response. I dont see the property .pyAuthenticationPolicyResult on pxRequestor clipboard page under System Pages. I also did a search on property instances and dont see this property in the system. Not sure why? Does it have anything to do with the Pega version we are in.
The property is not defined in the system, so you won't find it. But that should not prevent this from working. The fact the property is not on the pxRequestor page indicates to me that the logic in your activity is such that the line where this is set to false is not being executed. Do you have another line that sets the value to true, which should cause it to appear on the page?
I suggest using debug statement to help you determine how the logic is flowing in your activity.
Thank you @SOLOM . I see the property is set to false now. I was actually looking at px instead of py on the pxRequestor page. Now that pyAuthenticationPolicyResult is "false", do you know why system is letting the user login?
Do we need to call HTML rule (Web-Authentication-Failure) after setting this value to false.
Yes, Auth service type is SAML 2.0 and we added pySAMLWebSSOAuthenticationActivity as post-authentication activity under Advanced configuration settings in Auth service form.
I am setting pyAuthenticationPolicyResult to "false" after calling the activity "pyEstablishOperatorContext" by default just to check if the authentication fails. But I am able to login properly while the pyAuthenticationPolicyResult to "false" in clipboard.
That is necessary only for older style external/custom type authentication services. For the newer types like SAML 2.0, OpenID connect, Basic credentials, Token credentials and Anonymous (aka PRAuth based authentication services) it is not necessary. What version of Pega platform are you on, and what is the servlet name you are using for SAML SSO?
@SOLOM Thanks for letting me know. Do you recommend any other solution that we can use in Pega 7.1.9 to terminate authentication process. I can think of OOTB HTML rule "Web-authentication-failure" as one option.