Question

1
Replies
67
Views
Sudipta Biswas (SudiptaB7860)
Tech Mahindra Ltd

Tech Mahindra Ltd
CA
SudiptaB7860 Member since 2018 7 posts
Tech Mahindra Ltd
Posted: November 2, 2020
Last activity: January 27, 2021
Posted: 2 Nov 2020 18:57 EST
Last activity: 27 Jan 2021 20:26 EST

SSO log in issue with HTTP Post

Hi ,

We are using pega 7.1.7 where users logs into the application using SSO. According to our requirement our users first logs into an non-pega application , and then gets redirected to Pega using HTML post method. 

That Non pega application has a button and upon submission of the button , HTTP post method(for security purpose , that other app can not pass any http header request parameters appended in URL) gets called which inurns supposed to open Pega.  Example code used:


<!DOCTYPE html>
<html>
<body>

<form method ="POST" action="http://PegaURL/prweb/PRServletCustom>
   <br><br>
  <input type="submit" value="Submit">
</form>

</body>
</html>

 

In pega we have customized the authentication activity and are reading cookie informations to authenticate the users using the below JAVA code:

 

Hi ,

We are using pega 7.1.7 where users logs into the application using SSO. According to our requirement our users first logs into an non-pega application , and then gets redirected to Pega using HTML post method. 

That Non pega application has a button and upon submission of the button , HTTP post method(for security purpose , that other app can not pass any http header request parameters appended in URL) gets called which inurns supposed to open Pega.  Example code used:

<!DOCTYPE html>
<html>
<body>

<form method ="POST" action="http://PegaURL/prweb/PRServletCustom>
   <br><br>
  <input type="submit" value="Submit">
</form>

</body>
</html>

 

In pega we have customized the authentication activity and are reading cookie informations to authenticate the users using the below JAVA code:

 

Javax.servlet.http.HttpServletRequest req = null;

Try {
Req = (javax.servlet.http.HttpServletRequest) tools.getRequestor (). GetRequestorPage (). GetObject ("pxHTTPServletRequest");

If (req.getUserPrincipal () == null)
{
String errorMessage = "User Principal not passed to PEGA, Please contact System Administrator";
Tools.putParamValue ("Status", "fail");
Tools.putParamValue ("errMsg", errorMessage);
Tools.putParamValue ("pyChallenge", errorMessage);
Throw new PRRuntimeException (errorMessage);
}
Javax.servlet.http.Cookie [] cookies = req.getCookies ();

String token = null;
If (cookies! = Null) {
For (int i = 0; i <cookies.length; i ++) {

//oLog.infoForced("cookie ---> "+ cookies [i] .getName ());
If (cookies [i] .getName () .equals ("LtpaToken2"))
Token = cookies [i] .getValue ();

}
}

Tools.putParamValue ("LTPA", token);
} Catch (Exception e)
{
Throw new PRRuntimeException ("Exception:" + e.getMessage ());
}

 

After implementing the above code whenever users are redirected to pega they are getting the below error:

User Principal not passed to PEGA, please contact System Administrator

If the other non pega application uses HTTP get method(e.g. window.open("http://PegaURL/prweb/PRServletCustom")) instead of POST the same JAVA code works fine and user are successfully authenticated.

Question:  1. Does pega support HTTP POST for authentication and log in purpose or is that only GET is supported? 2. How does pega engine code populates the pxHTTPServletRequest property ? From the error message it seems when the JAVA code is trying to parse the pxHTTPServletRequest property , it is failing.

Pega Platform 7.1.7 Security Financial Services Solutions Engineer