Close popover
Sudipta Biswas (SudiptaB7860)
Tech Mahindra Ltd

Tech Mahindra Ltd
SudiptaB7860 Member since 2018 6 posts
Tech Mahindra Ltd
Posted: November 2, 2020
Last activity: January 27, 2021

SSO log in issue with HTTP Post

Hi ,

We are using pega 7.1.7 where users logs into the application using SSO. According to our requirement our users first logs into an non-pega application , and then gets redirected to Pega using HTML post method. 

That Non pega application has a button and upon submission of the button , HTTP post method(for security purpose , that other app can not pass any http header request parameters appended in URL) gets called which inurns supposed to open Pega.  Example code used:

<!DOCTYPE html>

<form method ="POST" action="http://PegaURL/prweb/PRServletCustom>
  <input type="submit" value="Submit">



In pega we have customized the authentication activity and are reading cookie informations to authenticate the users using the below JAVA code:


Javax.servlet.http.HttpServletRequest req = null;

Try {
Req = (javax.servlet.http.HttpServletRequest) tools.getRequestor (). GetRequestorPage (). GetObject ("pxHTTPServletRequest");

If (req.getUserPrincipal () == null)
String errorMessage = "User Principal not passed to PEGA, Please contact System Administrator";
Tools.putParamValue ("Status", "fail");
Tools.putParamValue ("errMsg", errorMessage);
Tools.putParamValue ("pyChallenge", errorMessage);
Throw new PRRuntimeException (errorMessage);
Javax.servlet.http.Cookie [] cookies = req.getCookies ();

String token = null;
If (cookies! = Null) {
For (int i = 0; i <cookies.length; i ++) {

//oLog.infoForced("cookie ---> "+ cookies [i] .getName ());
If (cookies [i] .getName () .equals ("LtpaToken2"))
Token = cookies [i] .getValue ();


Tools.putParamValue ("LTPA", token);
} Catch (Exception e)
Throw new PRRuntimeException ("Exception:" + e.getMessage ());


After implementing the above code whenever users are redirected to pega they are getting the below error:

User Principal not passed to PEGA, please contact System Administrator

If the other non pega application uses HTTP get method(e.g."http://PegaURL/prweb/PRServletCustom")) instead of POST the same JAVA code works fine and user are successfully authenticated.

Question:  1. Does pega support HTTP POST for authentication and log in purpose or is that only GET is supported? 2. How does pega engine code populates the pxHTTPServletRequest property ? From the error message it seems when the JAVA code is trying to parse the pxHTTPServletRequest property , it is failing.

Pega Platform 7.1.7 Security Financial Services Solutions Engineer