Question

2
Replies
145
Views
LyndonS1 Member since 2012 3 posts
SMS Management and Technology
Posted: July 24, 2018
Last activity: August 2, 2018
Closed

Pega Provided MASSL Services

Hi All

There is an old article from 2015 ( https://community1.pega.com/community/pega-product-support/question/mutual-ssl-service-rest ) that documents how to configure tomcat/pega to support Client Cert Auth/MASSL in Tomcat.

I think the pega configuration has changed a bit since then, and probably makes that article no longer valid.

Specifically I have found this servlet mapping in web.xml

  <servlet-mapping>
                <servlet-name>WebStandard</servlet-name>
                <url-pattern>/*</url-pattern>
        </servlet-mapping>

Seems to override the web.xml settings to enable CLIENT-CERT authentication


<security-constraint>
  <web-resource-collection>
    <web-resource-name>DemoApp</web-resource-name>
    <url-pattern>/api/*</url-pattern>
    <url-pattern>/DiagnosticData</url-pattern>
  </web-resource-collection>
  <auth-constraint>
    <role-name>needcert</role-name>
  </auth-constraint>
</security-constraint>
<login-config>
  <auth-method>CLIENT-CERT</auth-method>
</login-config>
<security-role>
  <role-name>needcert</role-name>
</security-role>

Has anyone got this working on Pega 7.2/7.3 + ?

Thanks

Lyndon

Data Integration
Moderation Team has archived post
Share this page LinkedIn