Question

5
Replies
306
Views
 Hongte Kim (kimh1)
PEGA
Senior System Architect
Pegasystems Inc.
JP
kimh1 Member since 2016 32 posts
PEGA
Posted: March 21, 2017
Last activity: May 8, 2017
Posted: 21 Mar 2017 7:13 EDT
Last activity: 8 May 2017 3:31 EDT
Closed
Solved

How to use security policy on PRCustom authentication acitivity

My project use Pega cloud 2 and PRPC 7.2.

And there is a requirement to whitelist of Client IP address.
On pega cloud 2 , I can't get client IP by RemoteAddr so I need to get x-forwared-for of HTTP Header.

To achieve this I have to use PRCustom authentication activity to get x-forwared-for but it seems that PRCustom authentication activity can't use security policy.
For example, I can't use account lock, password failed penalty function of security policy.

Is there any way to use security policy functions on PRCustom authentication activity?

***Updated by moderator: Lochan to add SR details***

Low-Code App Development Security Support Case Created
Moderation Team has archived post, This thread is closed to future replies. Content and links will no longer be updated. If you have the same/similar Question, please write a new Question.
Posted: 4 years ago
Posted: 21 Mar 2017 14:10 EDT
Lochana Durgada Vijayakumar (Lochan_DV)
MOD
Lead Technical Documentation Specialist
Pegasystems Inc.
IN

Hi Kim,


We see that your query is being addressed on an SR with Pega Support. The SR looks active and ongoing so we recommend continuing that route of investigation. Do let us know for any updates!


Thank you!
Posted: 4 years ago
Posted: 21 Mar 2017 21:09 EDT
Hongte Kim (kimh1)
PEGA
Senior System Architect
Pegasystems Inc.
JP

Hi Lochana,


You are right, this SR is related to SR-B36429 which I ask to update server.xml by using RemoteIpValve to get RemoteAddr, but there are possibility this doesn't work well.

So I asked same query with this post on SR-B39021 and I got reply that this query is out of scope of GCS and should be posted to Product Support Community.
Posted: 4 years ago
Posted: 21 Mar 2017 22:10 EDT
Lochana Durgada Vijayakumar (Lochan_DV)
MOD
Lead Technical Documentation Specialist
Pegasystems Inc.
IN

Hi Kim,


Thank you for providing this information. Having this background helps! I will try to reach out internally to see how best to help you with your query.


Regards,
Posted: 4 years ago
Posted: 22 Mar 2017 12:04 EDT
Lochana Durgada Vijayakumar (Lochan_DV)
MOD
Lead Technical Documentation Specialist
Pegasystems Inc.
IN

Hi Kim,


I see that this is now being handled by reopening the earlier SR. We will track that through this post until resolution.


Thank you!

Accepted Solution

Posted: 4 years ago
Posted: 8 May 2017 2:28 EDT
Bala Nagendra Babu Devaguptapu (Bala_Nagendra)
PEGA
Principal Technical Solutions Engineer
Pegasystems Inc.
IN

Hi,


Here is the explanation for reported issue, "External authentication does not use the PRPC security policy. When a user has "External Authentication" flag set on their Data-Admin-Operator-ID record the Password stored in the same record is not used to authentication within PRPC.  For example with LDAP the password the user provided on the PRPC SSO Login page, provided by configuration in the Data-Admin-AuthService, is just passed to the LDAP server for verification. The LDAP server security policies take affect. Same with other third part security software like Siteminder, WebSEAL as these require authentication before even being allowed to access any resource on site they are protecting. These have their own security policies etc."



Please check the below post for reference,


https://pdn.pega.com/community/pega-product-support/question/does-pega-password-policy-security-policy-applicable