How To Cofigure Server based authentication (LDAP)
We are trying to configure LDAP through weblogic
we dint find any article regarding this in pega, the only reference we found is
https://pdn.pega.com/documents/authentication-in-pegarules-process-comm… ,which is not working now can any one provide step by step to achive this .
We have setup Ldap in weblogic in security realms are trying to hit https://servername:port number/prweb/PRServletContainerAuth which is giving a popup but it not able to authenticate .
We have some basic questions like
How PRServletContainerAuth and LDAP Configuration are linked?
Does PRServletContainerAuth look for a kerberos ticket?
Hi Ravi,
Please find the attached document to give the step by step to configure LDAP Authentication in PRPC. Hope this will helpfull to setup the LDAP authentication.
Hi kondk and SudhakarReddy,
thanks for the reply, I have this document with me but We are trying a different approach to setup LDAP in Weblogic and connect it through PRServletContainerAuth. Do you have any idea regarding this approach.?
Hi Ravi,
Could you please let us know your requirement ?
What exactly are you trying to setup, please elaborate on that, so that we can help you ?
Hi Ravi,
You're probably getting a basic authentication popup because of the WebLogic HTTP authentication issue related to default settings in the WebLogic config.xml. The following steps are taken from our PRPC install document for WebLogic:
https://pdn.pega.com/documents/pega-73-platform-installation-guide-orac…
This has been in our install documents for awhile now, this is just the latest document for 7.3. Please look at the document and this section:
Correcting an HTTP authentication issue with Oracle
WebLogic Server 9.2 and later
Open the Oracle WebLogic Server config.xml file.
2. Add this line within the <security-configuration> element:
<enforce-valid-basic-auth-credentials>false</enforce-valid-basic-auth-credentials>
3. Save and close the file.
If you don't have this set to "false" you will get a basic authentication popup.
How PRServletContainerAuth and LDAP Configuration are linked?
They are not linked. You have setup container managed authentication at the WebLogic server level. Regardless of how you have configured this, LDAP or other, users have to be authenticated before they are allowed to access the application running in the container, in this case PRPC.
Does PRServletContainerAuth look for a kerberos ticket?
Nope. Our side of the Container Managed Authentication is very easy as the engine layer simply calls the Data-Admin-Operator-ID.EstablishOperator activity to log the user into PRPC passing the User Principal provided by the container as a parameter to the activity. There is no authentication/validation on our side, just mapping the User Principal provided by container to a PRPC Operator record and logging the user into PRPC.
Hi Ravi,
LDAP authnetication is available in most of the PRPC versions, if you are looking for kerberos authentication it is available from Pega 7.2.2.
LDAP authentication can be configured using "Authentication Service" rule form in Pega application, which belongs to the SysAdmin rule category.
1. Create an authentication Service.
2. Choose "Custom" authentication.
3. Once you are done setting up LDAP server, provide those details in the "Service" tab.
4. Mapping tab can be used to map the attributes to pega specific properties like "pyUserIdentifier", which identifies an operator.
5. Timeout and ChallengeStream which is displayed when a timeout occurs can be configured in the "Custom" tab of Authentication Service ruleform.
6. The operator has to be an external operator, which will be used to login to Pega application, to configure this, open the Operator ruleform and check "External Authentication" in "Security" tab.
Please find the document consisting of the screenshots for your reference.