Posted: 16 Apr 2018 11:54 EDT Last activity: 25 Mar 2020 2:48 EDT
Pega Mashups - SAML and Passing in Parameters
Currently, I am trying to implement SAML 2.0 into Pega Mashups. I seem to be stuck right now trying to simply pass in parameters to the mashup so that they can be used with the Authentication service attributes. I think that I have read nearly every post online with regards to this. I have attempted to pass in things like PegaA_params and data-pega-action-param-parameters but this hasn't been working for me. Perhaps my syntax is right in the mashup code, however I'm missing a step in Pega.
Here is my 'code' in my mashup trying to pass in parameters.
Is my syntax for that portion correct? If so, how do I map these passed in parameters to values in my Pega case? It seems that if I have values in my case's "Data Model" that they should simply pass into it when creating and appear on pyWorkPage.
Furthermore, when I get simple values working, how do I pass values in if they are a property of my other types? Something like 'parentObject.targetParameterValue'?
Lastly, what is the best way to then get these values into the attributes for my SAML Authentication Service so that I can link to Site Minder?
Thanks in advance for any help that anyone can offer!
When your mashup page loads you will first see two HTTP GET requests:
pyActivity=pzGetURLHashes = gets accessgroup hash, primarily needed for multi tenant.
These two activity calls do NOT trigger authentication.
Once these are done you will see a HTTP GET request that is for the mashup definition and the activity being called will be pyActivity=doUIAction.
The parameters you have specified in the data-pega-action-param-parameters are added to this request. The way you have it defined above is fine. They are parameters to the doUIAction activity though and each action type may handle parameters differently and there are extension points available.
What data-pega-action are you using? If it's createNewWork these parameters are sent as part of the sarting of the flow you are specifying in the data-pega-action-flowname and data-pega-action-classname mashup attributes.
Regarding SAML authentication:
This "doUIAction" request will trigger authentication so this is where you will see SAML authentication starting. This activity wont run until after authentication is done. The PRPC application will send a SAMLRequest to the IDP. The IDP will identify the user and send back a SAMLResponse. In that SAMLResponse we require the assertion contains an AttributeSatement node with AttributeValue node(s) that contain information about the user. On the PRPC AuthService record on the Mapping tab you specify what attributes map to what PRPC operator properties.
Once the SAMLResponse is processed and validated authentication will be completed. At this point the "doUIAction" activity will be run with all the parameters before. It's complicated with SAML because of the back and forth with the IDP.
A concern I have from your above post is that it looks like you are trying to identify the user trying to access PRPC via a parameter in the mashup content. Is that correct? We don't sent any attributes in our SAMLRequest to the IDP, there is no mapping you can do OTB for that. The IDP has to identify the user either through standard form login or desktop level authentication.
Thank you for your reply, I have since got SAML Authentication to work with a mashup. Yes, your fears were correct. At first I was thinking that I needed to pass values into Pega for use with attributes in the authentication service we created. The way in which I got SAML to work via a mashup was to just replace the data-pega-URL with our SSO url. It authenticates and then loads the mashup as we have declared. While my original post was completely thinking wrong, I think that I have it figured out now. While we still have some pending concerns we are working through those seperately.
doing a similar implementation where I need to pass few parameters from the container web page to pega via mashup. So do I need to define them in the parameter page of the flow rule referenced so that they are available in the param page when the process flow triggers ?