Question

5
Replies
7875
Views
 Ravi Kiran (RaviK1778)
Virtusa

Virtusa
IN
RaviK1778 Member since 2015 2 posts
Virtusa
Posted: September 6, 2017
Last activity: September 7, 2017
Posted: 6 Sep 2017 6:19 EDT
Last activity: 7 Sep 2017 7:46 EDT
Closed

How To Cofigure Server based authentication (LDAP)

We are trying to configure LDAP through weblogic

we dint find any article regarding this in pega, the only reference we found is

https://pdn.pega.com/documents/authentication-in-pegarules-process-commander-v53 ,which is not working now can any one provide step by step to achive this .

We have setup Ldap in weblogic in security realms are trying to hit https://servername:port number/prweb/PRServletContainerAuth which is giving a popup but it not able to authenticate .

We have some basic questions like

How PRServletContainerAuth and LDAP Configuration are linked?

Does PRServletContainerAuth look for a kerberos ticket?

Low-Code App Development Security
Moderation Team has archived post, This thread is closed to future replies. Content and links will no longer be updated. If you have the same/similar Question, please write a new Question.
Posted: 3 years ago
Posted: 7 Sep 2017 2:48 EDT
Krishna Chaitanya Kondu (kondk)
Cognizant Technology Solutions Benelux B.V.
Lead System Architect
Cognizant Technology Solutions Benelux B.V.
NL

Hi Ravi,


LDAP authnetication is available in most of the PRPC versions, if you are looking for kerberos authentication it is available from Pega 7.2.2.


LDAP authentication can be configured using "Authentication Service" rule form in Pega application, which belongs to the SysAdmin rule category.


1. Create an authentication Service.


2. Choose "Custom" authentication.


3. Once you are done setting up LDAP server, provide those details in the "Service" tab.


4. Mapping tab can be used to map the attributes to pega specific properties like "pyUserIdentifier", which identifies an operator.


5. Timeout and ChallengeStream which is displayed when a timeout occurs can be configured in the "Custom" tab of Authentication Service ruleform.


6. The operator has to be an external operator, which will be used to login to Pega application, to configure this, open the Operator ruleform and check "External Authentication" in "Security" tab.


Please find the document consisting of the screenshots for your reference.
Posted: 3 years ago
Posted: 7 Sep 2017 4:39 EDT
Sudhakar Reddy Yaparla (SudhakarReddy)
PEGA
Principal Technical Solutions Engineer
Pegasystems Inc.
IN

Hi Ravi,


Please find the attached document to give the step by step to configure LDAP Authentication in PRPC. Hope this will helpfull to setup the LDAP authentication.


 
Posted: 3 years ago
Posted: 7 Sep 2017 6:18 EDT
Ravi Kiran (RaviK1778)
Virtusa

Virtusa
IN

Hi  kondk and SudhakarReddy,


thanks for the reply, I have this document with  me but We are trying a different approach to setup LDAP in Weblogic and connect it through PRServletContainerAuth. Do you have any idea regarding this approach.?


 


 


 
Posted: 3 years ago
Posted: 7 Sep 2017 7:22 EDT
Krishna Chaitanya Kondu (kondk)
Cognizant Technology Solutions Benelux B.V.
Lead System Architect
Cognizant Technology Solutions Benelux B.V.
NL

Hi Ravi,


Could you please let us know your requirement ?


What exactly are you trying to setup, please elaborate on that, so that we can help you ?
Posted: 3 years ago
Posted: 7 Sep 2017 7:46 EDT
Chris Koyl (ChrisKoyl)
PEGA
Client Support Engineer Senior Fellow
Pegasystems Inc.
US

Hi Ravi,


You're probably getting a basic authentication popup because of the WebLogic HTTP authentication issue related to default settings in the WebLogic config.xml.  The following steps are taken from our PRPC install document for WebLogic:


 


https://pdn.pega.com/documents/pega-73-platform-installation-guide-oracle-weblogic-server-and-oracle


This has been in our install documents for awhile now, this is just the latest document for 7.3. Please look at the document and this section:


Correcting an HTTP authentication issue with Oracle


WebLogic Server 9.2 and later


Open the Oracle WebLogic Server config.xml file.

Show More

Hi Ravi,


You're probably getting a basic authentication popup because of the WebLogic HTTP authentication issue related to default settings in the WebLogic config.xml.  The following steps are taken from our PRPC install document for WebLogic:


 


https://pdn.pega.com/documents/pega-73-platform-installation-guide-oracle-weblogic-server-and-oracle


This has been in our install documents for awhile now, this is just the latest document for 7.3. Please look at the document and this section:


Correcting an HTTP authentication issue with Oracle


WebLogic Server 9.2 and later


Open the Oracle WebLogic Server config.xml file.


2. Add this line within the <security-configuration> element:


<enforce-valid-basic-auth-credentials>false</enforce-valid-basic-auth-credentials>


3. Save and close the file.


If you don't have this set to "false" you will get a basic authentication popup.


 


How PRServletContainerAuth and LDAP Configuration are linked?


They are not linked. You have setup container managed authentication at the WebLogic server level. Regardless of how you have configured this, LDAP or other,  users have to be authenticated before they are allowed to access the application running in the container, in this case PRPC. 


Does PRServletContainerAuth look for a kerberos ticket?


Nope. Our side of the Container Managed Authentication is very easy as the engine layer simply calls the Data-Admin-Operator-ID.EstablishOperator activity to log the user into PRPC passing the User Principal provided by the container as a parameter to the activity. There is no authentication/validation on our side, just mapping the User Principal provided by container to a PRPC Operator record and logging the user into PRPC.



Show Less