Question

5
Replies
293
Views
Close popover
JC Romero (JC_Romero)
Hoverstate
Lead System Architect
Hoverstate
US
View Profile
JC_Romero Member since 2012 12 posts
Hoverstate
Posted: May 29, 2020
Last activity: June 1, 2020
Solved

Trace SSO/SAML authentication service and authentication activity

Hey everyone,

we are working on Pega Platform 8.3.3, we have set up a Auth Service, seems to be working fine, but we need to manipulate the user to be set as a model operator. 

I have tried to trace the unauthenticated requestor, but I can't see any of the rules specified in the auth service.

I have created an unauth AG for the unauth requestors, and set the rules in that ruleset.

Wondering if I am missing something, I'll appreciate your help.

 

Thanks,

***Edited by Moderator: Pallavi to change category from General to Product***

Pega Platform 8.3.3 System Administration Lead System Architect
Close popover
Posted: 7 months ago
Close popover
Angel Hermira (HERMA)
PEGA
Product Manager, Robotics
Pegasystems
GB
View Profile

Hi,

How the model operator is used is determined by the authentication service that you are using. Which type of authentication service are did you create?.

There are two possible behaviours:

  a) The model operator is determined by the Unit (Org-Div-Unit) you are logging it to. 

  b) The model is one of the parameters you receive

Regards,

Angel

Posted: 7 months ago
Close popover
JC Romero (JC_Romero)
Hoverstate
Lead System Architect
Hoverstate
US
View Profile

Hey Angel,

 

thanks for the quick response, I am currently using a DP to set the operator, please see attachment.

So I am getting a group attribute in the D_SAMLAssertionDataPage, the requirement is to based on those groups I need to add Access groups to the operator. 

 

Thanks in advance!

 

 

Posted: 7 months ago
Close popover
Angel Hermira (HERMA)
PEGA
Product Manager, Robotics
Pegasystems
GB
View Profile

Hi,

Without knowing more details of your current issue it is difficult to provide more accurate help, but you seem to be on the right track.

The D_SAMLAssertionDataPage provides you with all the data in the SAML response payload. If you can see the groups there it's a question of setting these in the operator. The challenge you may have is that you may need to provide logic in the Data Page you're using to determine which model operator to load based on the groups received. You could also use a data transform what would provide you more control over the groups and properties to set and you could also use the data page from there.

Do you have a specific error or something that it is not working for you?

Thanks,

Angel

Accepted Solution

Posted: 7 months ago
Updated: 7 months ago
Close popover
JC Romero (JC_Romero)
Hoverstate
Lead System Architect
Hoverstate
US
View Profile

Thank you both, the issue I had was trying to trace post activity and also the Data Page that sets the name of the Model Operator. I went and made all the changes in the post authentication activity to remove and add the access groups I needed and all worked.

Tracing the whole thing would have helped me a lot more but it worked.

 

Thanks!
Share this page Share via LinkedIn Copying...
Copied!