Question

2
Replies
711
Views
ShrutiM0986 Member since 2016 7 posts
Aegis
Posted: 3 years ago
Last activity: 3 years 2 months ago
Closed

Windows login with no Authentication

Problem statement - User logs in through usual windows authentication. Opens an IE session and then enters a URL(could be saved in favorites) - say http://XX-sr-pega01:root/prweb/TestSSO and wishes to be logged in directly. They do not want to enter any ID/password. They wish to use their windows ID as the pega operator ID.

I don't want any kind of authentication. Neither LDAP/SAML/Third party

So I created a Auth Sevice with Authentication Activity say "SSOSampleAuthActivity". In this Activity I am doing a page-new of Data-Admin-Operator-ID. Setting pyUserName (hardcoding to test),pyAccessGroup,pyOrganization,pyOrgDivision,pyOrgUnit.

And next I am calling below function to validate through java step. Below code is used in default LDAP pega activity to authenticate user.

PRAuthentication auth = pega.getAuthenticationHandle();
ClipboardPage operPage = tools.findPage("OperPage");

if (!auth.setUserSecurityProfile(pega, tools.getParamValue("UserIdentifier"), operPage)) {
String errorMsg = "Failed to set security profile for " + UserIdentifier + ": ";
ClipboardPage errorPage = tools.findPage("LoginError");
if (errorPage!=null) {
errorMsg += errorPage.getString("pxErrorMessage");
}

I am getting PRSecurityException: Invalid request error on this java step.

Does anybody know if I can bypass password entry to log in to pega? Has anybody implemented something like this?

***Moderator Edit: Vidyaranjan | Updated Categories***

Low-Code App Development Security
Moderation Team has archived post
Share this page LinkedIn