Question
Trace SSO/SAML authentication service and authentication activity
Hey everyone,
we are working on Pega Platform 8.3.3, we have set up a Auth Service, seems to be working fine, but we need to manipulate the user to be set as a model operator.
I have tried to trace the unauthenticated requestor, but I can't see any of the rules specified in the auth service.
I have created an unauth AG for the unauth requestors, and set the rules in that ruleset.
Wondering if I am missing something, I'll appreciate your help.
Thanks,
***Edited by Moderator: Pallavi to change category from General to Product***
Hey Angel,
thanks for the quick response, I am currently using a DP to set the operator, please see attachment.
So I am getting a group attribute in the D_SAMLAssertionDataPage, the requirement is to based on those groups I need to add Access groups to the operator.
Thanks in advance!
Hi,
To get the SAML request and response, can use https://chrome.google.com/webstore/detail/saml-message-decoder/mpabchoaimgbdbbjjieoaeiibojelbhm add-on for chrome.
Thanks
Hi,
Without knowing more details of your current issue it is difficult to provide more accurate help, but you seem to be on the right track.
The D_SAMLAssertionDataPage provides you with all the data in the SAML response payload. If you can see the groups there it's a question of setting these in the operator. The challenge you may have is that you may need to provide logic in the Data Page you're using to determine which model operator to load based on the groups received. You could also use a data transform what would provide you more control over the groups and properties to set and you could also use the data page from there.
Do you have a specific error or something that it is not working for you?
Thanks,
Angel
Accepted Solution
Thank you both, the issue I had was trying to trace post activity and also the Data Page that sets the name of the Model Operator. I went and made all the changes in the post authentication activity to remove and add the access groups I needed and all worked.
Tracing the whole thing would have helped me a lot more but it worked.
Thanks!
Hi,
How the model operator is used is determined by the authentication service that you are using. Which type of authentication service are did you create?.
There are two possible behaviours:
a) The model operator is determined by the Unit (Org-Div-Unit) you are logging it to.
b) The model is one of the parameters you receive
Regards,
Angel