Question

6
Replies
734
Views
TSUCK Member since 2010 125 posts
PEGA
Posted: 4 years ago
Last activity: 4 years 6 months ago
Closed

Requirements for WebSEAL SSO integration

Hi,

We are about to build SSO integration with WebSEAL on Pega 7.2/WebLogic 12.1.3. I have provided the following two settings that Pega requires to WebSEAL team but they said these are not acceptable from their security policies.

1.

[script-filtering]

script-filter=yes

rewrite-absolute-with-absolute=yes


2.

[preserve-cookie-name]

#PRPC URL Obfuscation

name=JSESSIONID

#PRPC Visio/Word/Excel Compatibility

name=Pega-RULES

My question is, if these can't be accepted, does that mean we can't accomplish WebSEAL SSO integration or do we still have any alternatives?

They also have other regulations as follows:

- URL written in application must be in relative path.

- Do not use <BASE> tag.

- If application uses cookie, it has to be set in HTTP header. Cookie that has no value can't be used.

- If browser sends data to web server, use POST method as much as possible.

- Do not build application that uses Content-length: header.

- Use double quotation for URL for specifying tag.

- URL written in Java Script has to be in relative path.

- Do not use <> for variables.

etc

Thanks,

Kensho

Data Integration
Moderation Team has archived post
Share this page LinkedIn