Skip to main content

This content is closed to future replies and is no longer being maintained or updated.
Links may no longer function. If you have a similar request, please write a new post.

Question

 Nagendra Babu Pasam (Nagendra Babu)
Nike
Senior Software Developer
Nike
IN
Nagendra Babu Member since 2022 1 post
Nike
Posted: Mar 21, 2025
Last activity: Mar 21, 2025
Posted: 21 Mar 2025 14:31 EDT
Last activity: 21 Mar 2025 15:54 EDT
Closed

How can i pass Dynamic values in Authentication profile (ClintID and Secret)

We are currently working on an OAuth 2.0 authentication profile in Pega and need to dynamically pass the client ID and secret. We have stored the client ID and secret in a data page (e.g., D_AuthDetails.clientid and D_AuthDetails.Secret). However, when we try to pass these values using pages and classes (e.g., D_page.client_id and D_page.client_secret), it is taking static values instead of the dynamic ones.

Could you please advise on the best approach to retrieve these values from the data page and pass them dynamically in the authentication profile?

Thanks for advance

To see attachments, please log in.
Pega Platform '23.1.3
Pega Platform
Pega Cloud
Manufacturing
Senior System Architect

Posted: 1 year ago
Updated: 1 year ago
Posted: 21 Mar 2025 15:42 EDT
Updated: 21 Mar 2025 15:49 EDT
Durai Sankar Ramasubbu (duraisankar)
Capgemini
Senior System Architect
Capgemini
NO

@Nagendra Babu Hi,

I understand you’re trying to pass the client ID and secret dynamically, likely for different environments or applications. However, storing the client secret unmasked in a database table is not recommended and is considered a security violation in most organizations. Pega stores the secrets in the Authentication Profile rule as per industry standard encryption and masking.

To achieve a dynamic authentication profile:

  1. Create multiple Authentication Profile rules for each client ID and secret, and add these to a new Application Setting rule. This Application Setting rule can then be referenced in connectors, allowing the system to pick the correct values based on the environment.
  2. For more control over authentication profiles within a single environment, you can pass dynamic values to the Application Setting using a DataPage with the syntax =DATAPAGE.PROPERTY. Here, you would only store the Authentication Profile rule name in the database table and pass it dynamically to the connector via Application Settings.

Let me know if you need more information on this approach.

To see attachments, please log in.
Posted: 1 year ago
Posted: 21 Mar 2025 15:54 EDT
Nagendra Babu Pasam (Nagendra Babu)
Nike
Senior Software Developer
Nike
IN

@duraisankar my approach is different 

At our organisation, Cerberus is the preferred tool of choice for any kind of password/Secret management.

 

We are trying to do a poc to do the same in Pega for the secret used in Authentication Profiles related to any Downstream API calls from Pega.

We have hit a roadblock as we are not able to pass parameterized ClientID or ClientSecret in Authentication profiles rules.

 

The team tried some options, but it seems only constant values are allowed in these fields.

To see attachments, please log in.

We'd prefer it if you saw us at our best.

Pega Collaboration Center has detected you are using a browser which may prevent you from experiencing the site as intended. To improve your experience, please update your browser.

Close Deprecation Notice