Posted: 13 Mar 2017 14:34 EDT Last activity: 22 Mar 2017 10:32 EDT
SAML2 SSO Url questions
I am using Pega 7.2.0. I am trying to configure Pega with Siteminder. I've read a few Pega security docs and posts, but still had a a few questions:
- If i use the built-in SAMLAuth web servlet context that maps to url /prweb/sso, does that just apply SSO for resources at that /prweb/sso URL (ie. what about a request to just /prweb) ? How does that relate to access to PRPC if i entered url /prweb or wanted to apply SSO when accessing PRPC?
- one pega resource mentioned something about creating a PRPC access group for SSO users by copying PRPC:Unauthenticated and creating SSO:Unauthenticated. Is that required to make SSO work?
1) I think sso only works with /prweb/sso. You cant only use /prweb. If you wanted to use /prweb only and want sso as well, you could configure all /prweb request to /prweb/sso (may be load balancer will help.
2)Yes, i think that is required. Actually, we need some accessgroup to first talk to PRPC.
It appears that with SSO integration in a websphere environment, there is a plugin that must be installed on websphere to integrate/intercept requests between the SSO server (siteminder) and WS. I will add more information once i confirm. If anyone has had a similar experience, i would appreciate your input.