Question

7
Replies
4903
Views
AzharHussein Member since 2012 2 posts
Cognizant Technology Solutions
Posted: September 13, 2018
Last activity: September 20, 2018
Closed
Solved

SAML 2.0 SSO Implementation in 7.4

Hi, We are trying to implement SSO using SAML 2.0 authentication in Pega 7.4

We have referred to Pega help and also the below link

https://community.pega.com/knowledgebase/articles/configuring-pega-7-platform-service-provider-sp

we have created a 'SAMLAuth' Authentication rule which has autogenerated the following URL

https://XXXXXXX:53490/<context root>/PRAuth/sso

as per the article it recommends the following

"Select one of the names: SAMLAuth, SAMLAuth1, or SAMLAuth2 to use the built-in web contexts sso, sso1, or sso2, respectively"

but when we try to launch the URL we are getting following error

PegaRULES Web Application Error

Message: An has occurred processing this request. Please contact your system administrator.

PegaRULES 7.40 (PRPC-7.4.0-185)

when we change the URL to https://XXXXXXX:53490/<context root>/sso

we get the following error

Caught exception: com.pega.pegarules.pub.PRRuntimeException: Custom authentication failed: invalid Data-Admin-AuthService instance: SAMLAuth

Below are the setting in web.xml for sso

<servlet>
<servlet-name>sso</servlet-name>
<display-name>sso</display-name>
<description>sso</description>
<servlet-class>com.pega.pegarules.internal.web.servlet.WebStandardBoot</servlet-class>
<init-param>
<param-name>PegaEtierClass</param-name>
<!-- COMPONENTS: This was previously com.pega.pegarules.services.HttpAPI -->
<param-value>com.pega.pegarules.session.internal.engineinterface.service.HttpAPI</param-value>
</init-param>
<init-param>
<param-name>AuthenticationType</param-name>
<param-value>PRCustom</param-value>
</init-param>
<init-param>
<param-name>StatusPage</param-name>
<param-value>/diagnostic/status.jsp</param-value>
</init-param>
<init-param>
<param-name>AuthService</param-name>
<param-value>SAMLAuth</param-value>
</init-param>
<init-param>
<param-name>RuntimeServletName</param-name>
<param-value>sso</param-value>
</init-param>
<init-param>
<param-name>SecureServletName</param-name>
<param-value>sso</param-value>
</init-param>
</servlet>
Also, the servlet mapping for SSO is follows.
<servlet-mapping>
<servlet-name>sso</servlet-name>
<url-pattern>/sso</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>sso</servlet-name>
<url-pattern>/sso/*</url-pattern>
</servlet-mapping>
Can you please suggest what is the AuthenticationType to be used in web.xml?
Also, can you please explain while creating the SAML type Auth service why is pega auto generating the URL with PRAuth servlet?
As per the web xml PRAuth servlet it mapped as follows.
<servlet>
<servlet-name>PRAuth</servlet-name>
<display-name>PRAuth</display-name>
<description>PRAuth</description>
<servlet-class>com.pega.pegarules.internal.web.servlet.WebStandardBoot</servlet-class>
<init-param>
<param-name>PegaEtierClass</param-name>
<!-- COMPONENTS: This was previously com.pega.pegarules.services.HttpAPI -->
<param-value>com.pega.pegarules.session.internal.engineinterface.service.HttpAPI</param-value>
</init-param>
<init-param>
<param-name>AuthenticationType</param-name>
<param-value>PegaAuthentication</param-value>
</init-param>
<init-param>
<param-name>StatusPage</param-name>
<param-value>/diagnostic/status.jsp</param-value>
</init-param>
<init-param>
<param-name>RuntimeServletName</param-name>
<param-value>PRAuth</param-value>
</init-param>
<init-param>
<param-name>SecureServletName</param-name>
<param-value>PRAuth</param-value>
</init-param>
</servlet>
Servlet mapping for PRAuth
<servlet-mapping>
<servlet-name>PRAuth</servlet-name>
<url-pattern>/PRAuth</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>PRAuth</servlet-name>
<url-pattern>/PRAuth/*</url-pattern>
</servlet-mapping>
***Edited by Moderator: Pallavi to update platform capability tags***
Security Low-Code App Development Installation and Deployment
Moderation Team has archived post
Share this page LinkedIn