We are trying to customize the out of the box logoff behaviour for our application where once user selects log-off , the browser window will automaticlly close. The out of the box behaviour after logging off is
1. User will see the log off screen
2. Redirected to log in screen
For our change we have modified the out of the box Code-Security.EndSession activity in our ruleset version and added one step to close the browser window. While debugging using tracer we found that once the user hits the logoff link, it was calling the out of the box EndSession activity(not the customized one). Once we have updated the PRPC:Unauthenticated access group and added our own application rule inside it, the new EndSession activity rule is getting picked up.
I would like to know:
1. How the PRPC:Unauthenticated access group is being used by the user at the time of log off. The test user id is pointing to our own application specicfic access group.
2. How can we change the above behaviour as I don't want to change the PRPC:Unauthenticated access group. I would like to create a new unauthenticated access group and let the user to use that at the time of logging off.
***Updated by moderator: Lochan to add Category***
To achieve your functionality :'user selects log-off , the browser window will automaticlly close. ' please use this OOTB HTML fragment - UserWorkForm to automatically close window after the user logs off from Pega.
You can use this HTML fragment to do a lot of other browser behaviour modifications like disabling back buttons etc. But remember the behaviour may be restricted only IE browser only.
To answer your point # 1: there is no relation with the log off and the prpc:unauthenticated ag. since this ag is configured to work in sync with the authentication service only. By default the access role provided to this AG is prpc:guest; hence this user will not be able to do almost anything (execute sql statements,service calls etc.) - dont confuse this ag and with the application ag; the unauthenticated ag is only required for the process of authentication where the rules should belong to the enterprise layer and should never have access to the application specific code.
To your point # 2 you should create an application specific unauthenticated access group which you can manipulate as per your requirement; as many application requirements need some kind of changes/modifications during the login process itself.
Thanks for your clarifications. Can you please mention the place where should I reffer the new unathanticated ag? I was doing some reading and it seems that I will have to modify the Pega:Browser requestor type instace. is it the correct place to change the access group?
Modify the prpc:browser requestor. Do the changes directly in the environment where you are trying to achieve this. DO NOT import this rule to higher or consequent environments. The results could be pretty nasty.