Question

7
Replies
4961
Views
Azhar Hussein Syed (AzharHussein)
Cognizant Technology Solutions

Cognizant Technology Solutions
GB
AzharHussein Member since 2012 2 posts
Cognizant Technology Solutions
Posted: September 13, 2018
Last activity: February 17, 2021
Posted: 13 Sep 2018 9:31 EDT
Last activity: 17 Feb 2021 10:12 EST
Closed
Solved

SAML 2.0 SSO Implementation in 7.4

Hi, We are trying to implement SSO using SAML 2.0 authentication in Pega 7.4

We have referred to Pega help and also the below link

https://community.pega.com/knowledgebase/articles/configuring-pega-7-platform-service-provider-sp

we have created a 'SAMLAuth' Authentication rule which has autogenerated the following URL

https://XXXXXXX:53490/<context root>/PRAuth/sso

as per the article it recommends the following

"Select one of the names: SAMLAuth, SAMLAuth1, or SAMLAuth2 to use the built-in web contexts sso, sso1, or sso2, respectively"

but when we try to launch the URL we are getting following error

PegaRULES Web Application Error

Message: An has occurred processing this request. Please contact your system administrator.

PegaRULES 7.40 (PRPC-7.4.0-185)

when we change the URL to https://XXXXXXX:53490/<context root>/sso

we get the following error

Caught exception: com.pega.pegarules.pub.PRRuntimeException: Custom authentication failed: invalid Data-Admin-AuthService instance: SAMLAuth

Below are the setting in web.xml for sso

<servlet>
<servlet-name>sso</servlet-name>
<display-name>sso</display-name>
<description>sso</description>
<servlet-class>com.pega.pegarules.internal.web.servlet.WebStandardBoot</servlet-class>
<init-param>
<param-name>PegaEtierClass</param-name>
<!-- COMPONENTS: This was previously com.pega.pegarules.services.HttpAPI -->
<param-value>com.pega.pegarules.session.internal.engineinterface.service.HttpAPI</param-value>
</init-param>
<init-param>
<param-name>AuthenticationType</param-name>
<param-value>PRCustom</param-value>
</init-param>
<init-param>
<param-name>StatusPage</param-name>
<param-value>/diagnostic/status.jsp</param-value>
</init-param>
<init-param>
<param-name>AuthService</param-name>
<param-value>SAMLAuth</param-value>
</init-param>
<init-param>
<param-name>RuntimeServletName</param-name>
<param-value>sso</param-value>
</init-param>
<init-param>
<param-name>SecureServletName</param-name>
<param-value>sso</param-value>
</init-param>
</servlet>
Also, the servlet mapping for SSO is follows.
<servlet-mapping>
<servlet-name>sso</servlet-name>
<url-pattern>/sso</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>sso</servlet-name>
<url-pattern>/sso/*</url-pattern>
</servlet-mapping>
Can you please suggest what is the AuthenticationType to be used in web.xml?
Also, can you please explain while creating the SAML type Auth service why is pega auto generating the URL with PRAuth servlet?
As per the web xml PRAuth servlet it mapped as follows.
<servlet>
<servlet-name>PRAuth</servlet-name>
<display-name>PRAuth</display-name>
<description>PRAuth</description>
<servlet-class>com.pega.pegarules.internal.web.servlet.WebStandardBoot</servlet-class>
<init-param>
<param-name>PegaEtierClass</param-name>
<!-- COMPONENTS: This was previously com.pega.pegarules.services.HttpAPI -->
<param-value>com.pega.pegarules.session.internal.engineinterface.service.HttpAPI</param-value>
</init-param>
<init-param>
<param-name>AuthenticationType</param-name>
<param-value>PegaAuthentication</param-value>
</init-param>
<init-param>
<param-name>StatusPage</param-name>
<param-value>/diagnostic/status.jsp</param-value>
</init-param>
<init-param>
<param-name>RuntimeServletName</param-name>
<param-value>PRAuth</param-value>
</init-param>
<init-param>
<param-name>SecureServletName</param-name>
<param-value>PRAuth</param-value>
</init-param>
</servlet>
Servlet mapping for PRAuth
<servlet-mapping>
<servlet-name>PRAuth</servlet-name>
<url-pattern>/PRAuth</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>PRAuth</servlet-name>
<url-pattern>/PRAuth/*</url-pattern>
</servlet-mapping>
***Edited by Moderator: Pallavi to update platform capability tags***
Security System Administration Installation and Deployment
Moderation Team has archived post, This thread is closed to future replies. Content and links will no longer be updated. If you have the same/similar Question, please write a new Question.