AndyWeedman Member since 2015 2 posts
Quavo, Inc.
Posted: 2 years ago
Last activity: 2 years 10 months ago

Mashup authentication using single id

I have a pega application that users currently access through the standard SAMLAuth authentication service. This works fine for individual users. However, I have a scenario where pega will be running as a mashup in another application. Users of this other application will not be setup as operators in pega. I'd like users coming in from this other application to run under a single system/applicaiton operator that is setup for this purpose. I know that we can send the UserIdentifier and Password as data-pega-action-param-parameters. However, I don't like this option as the id/pass is hardcoded in the html of the hosting application and sent in the clear as a query string parameter.

What suggestions are there to accomplish this? One option I was wondering about is if the application hosting the mashup could get a saml token for a single system/application id and then pass that when calling the mashup and go through the same SAMLAuth auth service as individual users.

Data Integration Security System Administration
Moderation Team has archived post
Share this page LinkedIn