Question

5
Replies
884
Views
Close popover
Joost Spekschoor (JSPEKSCH)
Achmea
LSA - Solution Architect Pega Marketing
Achmea
NL
View Profile
JSPEKSCH Member since 2011 9 posts
Achmea
Posted: September 12, 2019
Last activity: September 23, 2019
Closed
Solved

JWT Processing using pxProcessJWT - Custom Authentication

Hi,

For a new project we are looking into the Pega rules used for processing an already externally generated Json Web Token (JWT).

From Pega perspective we provide a processing-service where the external party authorizes using the JWT which we want to check using the Tokenprofile and the related activity pxProcessJWT

So far I found the following help link.

https://community.pega.com/sites/default/files/help_v73/data-/data-admin-/data-admin-security-/data-admin-security-token/sec-config-activity-proc-JWT-tsk.htm

My Question:

What and where should we configure this activity for checking the JWT validity? In the custom authentication part on the service Package?

Pega version 7.3.1

Low-Code App Development Data Integration Security
Close popover
Moderation Team has archived post
Posted: 1 year ago
Close popover
Victor Talukdar (VTALUKDAR)
Cognizant Technology Solutions
Technology Architect
Cognizant Technology Solutions
BE
View Profile

Hi,


    We have a similar requirement, and we do the authentication in the Service activity Step #1 . If the validateJWT function returns false, it means the token was not validated, and you can then return an "Ïnvalid Token" error back to the consumer. 

Posted: 1 year ago
Close popover
Joost Spekschoor (JSPEKSCH)
Achmea
LSA - Solution Architect Pega Marketing
Achmea
NL
View Profile

Hi,


Thnx for your response. The problem we run into is the following:


We configured the following:


- Custom authentication service


- Custom authentication activity which calls the JWT processing activity * Required input, Token profile + JWT string.


The activity requires a JWT string param which normally comes from the header. When we test our service with for example SoapUI we dont see a header comming into the activity to perform the validation.


We added a custom Authorization header in SoapUI with "bearer !@#!#$!ASD.. etc"


Please provide a solution.


 


Kind regards,


Joost


 

Accepted Solution

Posted: 1 year ago
Close popover
Anoojit Dhar (AnoojitD)
Capgemini

Capgemini
SE
View Profile

Hi Joost,


One more thing you can probably try ( if not done already) is to use the httpServletRequest object in your custom activity. You can use the getHeader("Authorization") or something to get the bearer token as the value. This can fetch you the JWT token inside the bearer authentication scheme.

Posted: 1 year ago
Close popover
Joost Spekschoor (JSPEKSCH)
Achmea
LSA - Solution Architect Pega Marketing
Achmea
NL
View Profile

Thanks! We were playing around and used the following code to get the authorization header in a property-step.


@java("((javax.servlet.http.HttpServletRequest)tools.getRequestor().getRequestorPage().getObject(\"pxHTTPServletRequest\")).getHeader(\"Authorization\")")

Posted: 1 year ago
Close popover
Dheepan Panneerselvam (DheepanP4947)
VIVAT

VIVAT
NL
View Profile

Do you have PEGA Sales Automation in your application stack? There is an OOTB activity - OutlookAddinAuth​ which is used for PEGA Outlook integration. That activity will give you an example of how to process JWT token and create operator record. You still need to create a token processing profile and trust store to validate the token.
Share this page Share via LinkedIn Copying...
Copied!