Posted: 21 Mar 2017 7:13 EDT Last activity: 8 May 2017 3:31 EDT
How to use security policy on PRCustom authentication acitivity
My project use Pega cloud 2 and PRPC 7.2.
And there is a requirement to whitelist of Client IP address.
On pega cloud 2 , I can't get client IP by RemoteAddr so I need to get x-forwared-for of HTTP Header.
To achieve this I have to use PRCustom authentication activity to get x-forwared-for but it seems that PRCustom authentication activity can't use security policy.
For example, I can't use account lock, password failed penalty function of security policy.
Is there any way to use security policy functions on PRCustom authentication activity?
***Updated by moderator: Lochan to add SR details***
Here is the explanation for reported issue, "External authentication does not use the PRPC security policy. When a user has "External Authentication" flag set on their Data-Admin-Operator-ID record the Password stored in the same record is not used to authentication within PRPC. For example with LDAP the password the user provided on the PRPC SSO Login page, provided by configuration in the Data-Admin-AuthService, is just passed to the LDAP server for verification. The LDAP server security policies take affect. Same with other third part security software like Siteminder, WebSEAL as these require authentication before even being allowed to access any resource on site they are protecting. These have their own security policies etc."