Question
Tech Mahindra Ltd
IN
Last activity: 5 Jul 2018 9:46 EDT
Pass username and password to Pega site from my ASP.NET Application
I have a button which redirects to a pega site from my asp.net application.
I want to use single sign on in this application.
When the user clicks button, it should pass the username and password to the pega site, which will automatically login without asking for credentials.
How can I do this? Please help me.
***Updated by moderator: Lochan to update platform capability***
Pegasystems Inc.
US
Hi,
Technically you can do this but for security reasons it's not a very good idea to send in a users password from one application to another.
From a PRPC perspective and generic SnapStart usage this can be done by sending UserIdentifier and Password parameters. The Password parameter has to be base64 encoded and that is the problem, it's not encrypted but encoded. The only time this would really be acceptable if the same PRPC user is being used all the time and you control security more with the PRPC user roles.
Better Approaches:
For single sign on you can implement it so the environment uses desktop level authentication. For example a SAML implementation where the IDP is configured for desktop level authentication would allow for login to PRPC with out prompting for credentials. The setup is more dependent on IDP setup then PRPC. Same with J2EE Container level authentication and Kerberos authentication which is more environment setup than PRPC setup.
Another approach is a custom Authentication Service that uses a token is generated by the calling application and is encrypted. You then use the Authentication Service login activity processing to decrypt the token and validate it. The token could contain the UserIdentifier, a date/time that can be used for token expiry and other information as needed. This doesn't need to have a password. You would need to have good working knowledge of custom authentication services for implementing this type of solution.
Hi,
Technically you can do this but for security reasons it's not a very good idea to send in a users password from one application to another.
From a PRPC perspective and generic SnapStart usage this can be done by sending UserIdentifier and Password parameters. The Password parameter has to be base64 encoded and that is the problem, it's not encrypted but encoded. The only time this would really be acceptable if the same PRPC user is being used all the time and you control security more with the PRPC user roles.
Better Approaches:
For single sign on you can implement it so the environment uses desktop level authentication. For example a SAML implementation where the IDP is configured for desktop level authentication would allow for login to PRPC with out prompting for credentials. The setup is more dependent on IDP setup then PRPC. Same with J2EE Container level authentication and Kerberos authentication which is more environment setup than PRPC setup.
Another approach is a custom Authentication Service that uses a token is generated by the calling application and is encrypted. You then use the Authentication Service login activity processing to decrypt the token and validate it. The token could contain the UserIdentifier, a date/time that can be used for token expiry and other information as needed. This doesn't need to have a password. You would need to have good working knowledge of custom authentication services for implementing this type of solution.
Hope this helps you get started. Not sure of your security requirements so please be careful ;)
--Chris