Question

3
Replies
544
Views
GowriD25 Member since 2015 9 posts
NJ Courts
Posted: 3 years ago
Last activity: 3 years 2 months ago
Closed

Public access application

Hello there,

I have a requirement to build a PEGA application exposed to public, no login is required to access the application.

I see a lot of related posts but no concrete answers. What is the best approach to implement this? please suggest

Thanks

Gowri

Low-Code App Development Security
Close popover
Moderation Team has archived post
Posted: 3 years ago

Hi Gowri,


I can say that we can achieve the requirement two ways.


Approach 1:-


In PRPC, all the rules that does not require login should go under unauthenticated ruleset. You can have a look at PRPC:Unauthenticated OOTB ruleset once. You can also create your own unauthenticated ruleset and save all the rules those need to be exposed to public and configure your Requester Type rules of Type Browser with new unauthenticated ruleset


Approach 2:


By using Pega Mashup (Pega Internet Application Composer). Configure Pega IAC in the environment and expose your portal harness using Gadget Manager with administrator credentials. You will get a html with div after successful completion. You can expose this html to public. However, there as some limitation with Pega IAC where prior Pega 7.2 application must obey the same origin policy.


Please feel free to reply for any thoughts


Thank you,

Posted: 3 years ago

Hi Cherb,


   Thanks for you response. I have one concern with Approach 1, we want to expose certain search features in a internal application to public. And this application is built on top of enterprise ruleset. All these rulesets cannot be exposed to unauthenticated access group right?.


Can we use a dummy use profile login for all the public users? Do you see any issues with this approach?


There would be multiple session with the same id, I hope this should not be an issue.


Thanks


Gowri 


 

Posted: 3 years ago

Hi Gowri,


I dont think that there is a restriction on ruleset exposed to unauthenticated access group as we are trying to add the enterprise ruleset to production ruleset list of unauthenticated access group.


you can use a dummy profile login, However I prefer to use password in Base64 encode format. PRPC accepts unliminted concurrent session for the same user. The property which handles this is pyConcurrentSessions. This should not be an issue.


Please feel free to add your comments or thoughts if any.


Thank you,


 
Share this page LinkedIn
Copied!