EladA603 Member since 2016 4 posts
Posted: 8 months ago
Last activity: 7 months 3 weeks ago

Service REST rules and Custom/Kerberos Authentication

Hi Pega Community,

I am trying to setup Kerberos authentication for my REST Service rules.

I already have a working Kerberos Authentication Service Rule + properly configured Tomcat/SPNEGO SourceForge/Web.xml for Web/Portal SSO login.

For the REST Services I did a "Save As" for my existing Authentication Service and created a new one of type "Custom" running the same activity, and configured my Service Package to "Custom" authentication and chose my new Authentication Service - "ServiceKerberos".

However I think I might be missing in my web.xml configuration. I configured a new servlet called "ServiceKerberos1" which is basically copied from the my working (delivered) WebKerberos1 servlet. What I did change/add was these params (taken from the "WebRestService" servlet):

		<!-- Indicate that R-S-REST never handles static content-->

I also obviously added a new Servlet Mapping for my Servlet like so: "/PRServiceKerberos1/*"

My problem is this:

I am trying to invoke my REST service through this URL:

I am prompted for a User/Pass and after successfully logging in I get an HTTP 500 with this exception in the log:

Caused by: Failed to retrieve Rule-Service-HTTP instance myPackage.v1.myService using service package access group APP:APPAdmin

I am sure the user I am logging has this Access Group and when I turn off "Use External Authentication" and revert the Service Package back to "Basic" authentication I can successfully invoke the service.

It's a tough one, anyone have any ideas? Is my approach correct? What am I missing?



Low-Code App Development Security System Administration Low-Code App Development Installation and Deployment
Share this page LinkedIn