Question

1
Replies
164
Views
Michael Blust (MichaelB9860)
Segue Technologies Inc
Pega Certified System Architect
Segue Technologies Inc
US
MichaelB9860 Member since 2018 8 posts
Segue Technologies Inc
Posted: September 6, 2019
Last activity: September 10, 2019
Posted: 6 Sep 2019 14:46 EDT
Last activity: 10 Sep 2019 10:02 EDT
Closed

Reading Header Attribute information - get CN works in non-Pega app, but doesn't work in Pega app

I have loaded Pega Personal Edition (tomcat installation) and we have deployed two apps. The first app is able to read the header to get the user CN. The pega app is not able to obtain the user CN.

First application (java code)

X509Certificate[] certs = null;
try {

  Object objCertificates = request.getAttribute("javax.servlet.request.X509Certificate");
  certs = (X509Certificate[])objCertificates;

} catch (Exception e) {
  System.out.println("ERROR: Calling x509 certificate ... " + e.getMessage());
}

if (certs != null) {	

  X509Certificate cert = certs[0];
  Principal p = cert.getSubjectDN();

  // display user cn from cac, set session attributes
  String CN = p.getName().substring(3, p.getName().indexOf(",", 0));
           
  System.out.println("~~ CN = " + CN);
  System.out.println("~~ caCertO = " + cert.getIssuerDN().toString());

}

… and when we access the java web application, the java console show:

~~ CN         = BL*****.M*****.A.129012345
~~ cacCertO   = CN=DOD ID CA-24, OU=PKI, OU=DoD, O=U.S. Government, C=US

In the second (Pega) application, we modified the Web-Login page to include similar java code:

<pega:choose>
  <pega:when test="pyUnsupportedBrowsers" >
    <pega:include name='pyUnsupportedBrowserLoginMessage' type='Rule-HTML-Fragment'/>
  </pega:when>
  <pega:otherwise>

    <%
      System.out.println("---------------------------------------------------------");
      System.out.println("-- Checking for Certificates!");
      System.out.println("---------------------------------------------------------");
      java.security.cert.X509Certificate[] certs = null;
      try {
        if (request != null) {
          System.out.println("-- 3");
        }
        String requestUrl = (request.getRequestURL()).toString();
        System.out.println("-- Checking for Certificates 00 - requestURL = " + requestUrl);
        System.out.println("-- Checking for Certificates 01");
        Object objCertificates = request.getAttribute("javax.servlet.request.X509Certificate");
        if (objCertificates != null) {
          System.out.println("-- Checking for Certificates 02 - objCertificates is not null");
        }
        certs = (java.security.cert.X509Certificate[])objCertificates;
        System.out.println("-- Checking for Certificates 03");
     } catch (Exception e) {
      	System.out.println("ERROR: Calling x509 certificate ... " + e.getMessage());
     }

     if (certs != null) {	
       System.out.println("~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~");
       System.out.println("~~ WE FOUND CERTS");
       System.out.println("~~");

       java.security.cert.X509Certificate cert = certs[0];
       java.security.Principal p = cert.getSubjectDN();

       // display user cn from cac, set session attributes
       String CN = p.getName().substring(3, p.getName().indexOf(",", 0));
            
       System.out.println("~~ CN = " + CN);
       System.out.println("~~ caCertO = " + cert.getIssuerDN().toString());
       System.out.println("~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~");
     } else {
       System.out.println("-- We did not find any certificates ...");
     }

///////////////////////////////////////
// Start of original Web-Login code
///////////////////////////////////////
...

When we access the Pega login screen, the tomcat console shows:

---------------------------------------------------------
-- Checking for Certificates!
---------------------------------------------------------
-- Checking for Certificates 00 - requestURL = /Non_Interactive_Session_No_Context/NonInteractive
-- Checking for Certificates 01
-- Checking for Certificates 03
-- We did not find any certificates ...
Security
Moderation Team has archived post, This thread is closed to future replies. Content and links will no longer be updated. If you have the same/similar Question, please write a new Question.