Question
Accenture
IN
Last activity: 28 Jun 2016 2:17 EDT
LDAPAuthentication
Hi Guys,
Need some info regarding LDAPAuthentication.
We configured LDAPAuthentication in our application means, we defined authentication service rule with necessary details. But i have no idea what needs to be done in order to use LDAPAuthentication.
How & when the rule will be executed, i mean in which scenario?
Any inputs will be appreciated
Updated: 8 Jun 2016 9:55 EDT
Pegasystems Inc.
US
Hello Chenna,
This is a good place to start - https://docs-previous.pega.com/controlling-web-access-through-ldap
Just to give a basic overview, while defining an authentication service rule, you must have chosen a servlet name like "WebLDAP1" (something like below)
This servlet WebLDAP1 will have a corresponding URL param in prweb's web.xml as below
<servlet-mapping>
<servlet-name>WebLDAP1</servlet-name>
<url-pattern>/PRWebLDAP1/*</url-pattern>
In order to use LDAP Authentication, you should be using the corresponding custom servlet's URL pattern like http://localhost:8080/prweb/PRWebLDAP1, this will show you the regular login page.
Hello Chenna,
This is a good place to start - https://docs-previous.pega.com/controlling-web-access-through-ldap
Just to give a basic overview, while defining an authentication service rule, you must have chosen a servlet name like "WebLDAP1" (something like below)
This servlet WebLDAP1 will have a corresponding URL param in prweb's web.xml as below
<servlet-mapping>
<servlet-name>WebLDAP1</servlet-name>
<url-pattern>/PRWebLDAP1/*</url-pattern>
In order to use LDAP Authentication, you should be using the corresponding custom servlet's URL pattern like http://localhost:8080/prweb/PRWebLDAP1, this will show you the regular login page.
After you provide login credentials and submit, the request goes to the Auth service and the authentication service's AuthenticationLDAP activity does the look-up in specified LDAP directory to authenticate any user.
LDAP server directory details will be specified in Auth service and for more info - https://community.pega.com/sites/default/files/help_v72/procomhelpmain.htm
BR//
Harish
Accenture
IN
HI Harish,
Thanks for the inputs.
When we hit the LDAPAuthentication URL, it is not showing any styles / images, it is showing simple useraname / pasword form.
We don't have ' /Authentication/RedirectGuests' entry in prconfig.xml.
Could you please help me on this?
Updated: 25 May 2016 21:15 EDT
Pegasystems Inc.
US
Hi Chenna,
Have you customized the OOTB login screen ? Can you show the screenshot of the username & password form?
Also capture the fiddler trace before you hit the LDAPAuthenticaiton URL and share it here?
BR//
Harish
Accenture
IN
Hi Harish,
I sent you a private message with screenshots of LDAP login screen & Fidler logs as the screenshots and results having hostnames and IP addresses
could you please take a look and let me know what needs to be done.
Pegasystems Inc.
US
Hi Chenna,
I may not be able to help you with the complete LDAP implementation/design part. It would be good if you can check with your prof services(SSA or LSA?)
Or else let me know what has been done till now as part of your LDAP setup and where you are blocked. I will try to help.
Thanks,
Harish
Accenture
IN
Hi Harish,
We configured LDAPAuthentication service and values in it.
When i hit the LDAPAuthentication URLin browser, i don't see any UI effects except username & password login options.
I traced it with fiddler, and this is the URL out come.
i don't this (desktopbase_13829658809.css!!.css) particular css file in out application.
Accenture
IN
Hi Guys,
Now I'm facing the below error while trying to login into application using LDAPAuthentication.
Any suggestions?
2016-06-21 11:36:20,464 [fault (self-tuning)'] [ STANDARD] [ ] [ PegaRULES:07.10] ( internal.access.Saver) ERROR sz1064.app.gen.local|xxxxxxx - You are not authorized to save instance DATA-ADMIN-ORGUNIT !CM!S&I CIF FIX SOW ACCENTURE, of class Data-Admin-OrgUnit
2016-06-21 11:36:20,495 [fault (self-tuning)'] [ STANDARD] [ ] [ PegaRULES:07.10] (ngineinterface.service.HttpAPI) ERROR sz1064.app.gen.local|xxxxxxx - xxxxxxx: com.pega.pegarules.pub.PRRuntimeException
com.pega.pegarules.pub.PRRuntimeException: No failure response set by custom authentication activity
at com.pega.pegarules.session.internal.mgmt.authentication.SchemePRCustom.onAuthenticationFailure(SchemePRCustom.java:950)
at com.pega.pegarules.session.internal.mgmt.authentication.Authentication.doAuthentication(Authentication.java:623)
at com.pega.pegarules.session.internal.engineinterface.service.HttpAPI.handleAuthentication(HttpAPI.java:2168)
at com.pega.pegarules.session.external.engineinterface.service.EngineAPI.activityExecutionProlog(EngineAPI.java:547)
at com.pega.pegarules.session.external.engineinterface.service.EngineAPI.processRequestInner(EngineAPI.java:382)
Hi Guys,
Now I'm facing the below error while trying to login into application using LDAPAuthentication.
Any suggestions?
2016-06-21 11:36:20,464 [fault (self-tuning)'] [ STANDARD] [ ] [ PegaRULES:07.10] ( internal.access.Saver) ERROR sz1064.app.gen.local|xxxxxxx - You are not authorized to save instance DATA-ADMIN-ORGUNIT !CM!S&I CIF FIX SOW ACCENTURE, of class Data-Admin-OrgUnit
2016-06-21 11:36:20,495 [fault (self-tuning)'] [ STANDARD] [ ] [ PegaRULES:07.10] (ngineinterface.service.HttpAPI) ERROR sz1064.app.gen.local|xxxxxxx - xxxxxxx: com.pega.pegarules.pub.PRRuntimeException
com.pega.pegarules.pub.PRRuntimeException: No failure response set by custom authentication activity
at com.pega.pegarules.session.internal.mgmt.authentication.SchemePRCustom.onAuthenticationFailure(SchemePRCustom.java:950)
at com.pega.pegarules.session.internal.mgmt.authentication.Authentication.doAuthentication(Authentication.java:623)
at com.pega.pegarules.session.internal.engineinterface.service.HttpAPI.handleAuthentication(HttpAPI.java:2168)
at com.pega.pegarules.session.external.engineinterface.service.EngineAPI.activityExecutionProlog(EngineAPI.java:547)
at com.pega.pegarules.session.external.engineinterface.service.EngineAPI.processRequestInner(EngineAPI.java:382)
at sun.reflect.GeneratedMethodAccessor209.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at com.pega.pegarules.session.internal.PRSessionProviderImpl.performTargetActionWithLock(PRSessionProviderImpl.java:1188)
at com.pega.pegarules.session.internal.PRSessionProviderImpl.doWithRequestorLocked(PRSessionProviderImpl.java:926)
at com.pega.pegarules.session.internal.PRSessionProviderImpl.doWithRequestorLocked(PRSessionProviderImpl.java:811)
at com.pega.pegarules.session.external.engineinterface.service.EngineAPI.processRequest(EngineAPI.java:330)
at com.pega.pegarules.session.internal.engineinterface.service.HttpAPI.invoke(HttpAPI.java:839)
at com.pega.pegarules.session.internal.engineinterface.etier.impl.EngineImpl._invokeEngine_privact(EngineImpl.java:315)
at com.pega.pegarules.session.internal.engineinterface.etier.impl.EngineImpl.invokeEngine(EngineImpl.java:263)
at com.pega.pegarules.session.internal.engineinterface.etier.ejb.EngineBean.invokeEngine(EngineBean.java:225)
at sun.reflect.GeneratedMethodAccessor163.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at com.pega.pegarules.internal.bootstrap.PRBootstrap.invokeMethod(PRBootstrap.java:338)
at com.pega.pegarules.internal.bootstrap.PRBootstrap.invokeMethodPropagatingThrowable(PRBootstrap.java:379)
at com.pega.pegarules.boot.internal.extbridge.AppServerBridgeToPega.invokeMethodPropagatingThrowable(AppServerBridgeToPega.java:216)
at com.pega.pegarules.boot.internal.extbridge.AppServerBridgeToPega.invokeMethodPropagatingException(AppServerBridgeToPega.java:238)
at com.pega.pegarules.internal.etier.ejb.EngineBeanBoot.invokeEngine(EngineBeanBoot.java:168)
at sun.reflect.GeneratedMethodAccessor162.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at com.bea.core.repackaged.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:310)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)
at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)
at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at com.oracle.pitchfork.spi.MethodInvocationVisitorImpl.visit(MethodInvocationVisitorImpl.java:34)
at weblogic.ejb.container.injection.EnvironmentInterceptorCallbackImpl.callback(EnvironmentInterceptorCallbackImpl.java:54)
at com.oracle.pitchfork.spi.EnvironmentInterceptor.invoke(EnvironmentInterceptor.java:42)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at com.bea.core.repackaged.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:89)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)
at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at com.bea.core.repackaged.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
at com.sun.proxy.$Proxy56.invokeEngine(Unknown Source)
at com.pega.pegarules.internal.etier.ejb.EngineBMT_h449u3_ELOImpl.__WL_invoke(Unknown Source)
at weblogic.ejb.container.internal.SessionLocalMethodInvoker.invoke(SessionLocalMethodInvoker.java:39)
at com.pega.pegarules.internal.etier.ejb.EngineBMT_h449u3_ELOImpl.invokeEngine(Unknown Source)
at com.pega.pegarules.priv.context.JNDIEnvironment.invokeEngineInner(JNDIEnvironment.java:278)
at com.pega.pegarules.priv.context.JNDIEnvironment.invokeEngine(JNDIEnvironment.java:223)
at com.pega.pegarules.web.impl.WebStandardImpl.makeEtierRequest(WebStandardImpl.java:485)
at com.pega.pegarules.web.impl.WebStandardImpl.doPost(WebStandardImpl.java:290)
at sun.reflect.GeneratedMethodAccessor206.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at com.pega.pegarules.internal.bootstrap.PRBootstrap.invokeMethod(PRBootstrap.java:338)
at com.pega.pegarules.internal.bootstrap.PRBootstrap.invokeMethodPropagatingThrowable(PRBootstrap.java:379)
at com.pega.pegarules.boot.internal.extbridge.AppServerBridgeToPega.invokeMethodPropagatingThrowable(AppServerBridgeToPega.java:216)
at com.pega.pegarules.boot.internal.extbridge.AppServerBridgeToPega.invokeMethod(AppServerBridgeToPega.java:265)
at com.pega.pegarules.internal.web.servlet.WebStandardBoot.doPost(WebStandardBoot.java:118)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:301)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:184)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrapRun(WebAppServletContext.java:3732)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3696)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2273)
at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2179)
at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1490)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:256)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)
PEG
PL
If you could share the complete custom authentication screenshot, that might help to figure out the issue.
Just a small check... are you using code-security to write the custom activity? We need to use that class.
Accenture
IN
Hi Rajeev,
Yes, we used Code-Security class for custom activity in LDAPAuthentication.
I sent you a private message with complete screenshots of custom activity.
Take a look and let me know for further info
Accenture
IN
Hi Rajeev / All,
LDAPAuthenticaion is working when I invoke Custom activity with LDAP credentials within Pega. It is creating user, and other required rules like organization / division / unit.
Even I'm able to login into application using LDAPAuthentication URL, when the user and it's related rules are created within application by invoking custom activity.
But I'm not able to login into Application directly using LDAPAuthentication URL.
I mean.... I'm not able to login into Application using LDAPAuthentication URL with new credentials.
I'm getting error while trying to login using LDAP as mentioned in attached file.
Any suggestions how can i avoid this error?
Accenture
IN
Hi Guys, thanks for the info, suggestions & guidance. I'm able to trace Authentication related rules.
Here i have an issue. When I'm trying to authenticate into application via LDAP, I'm getting " You are not authorized to create, modify, or lock instance DATA-ADMIN-ORGUNIT " error while trying to save Data-Admin-OrgUnit record as per the client records.
Any suggestions how can i resolve this ?
Accenture
IN
Harish Gunneri, Rajeev Ranjan, Pega Product Support, Marissa Rogers, Lochana DurgadaVijayakumar, Arvind Malav
Could you guys help me on this issue?
Updated: 28 Jun 2016 2:17 EDT
Pegasystems Inc.
US
This looks like a complete design requirement for me, even if you analyze/address one error, you may see a new error. Designing complete LDAP Authentication may require some expert assistance, were you able to seek Professional services help on this?
If all the configurations are in place w.r.t to LDAP authentication and if you feel product is behaving incorrectly, We would request you to raise one SR to get the collaborative assistance over the call/screen-share. There are quite a few things w.r.t to your LDAP setup which requires further validation in order to troubleshoot the errors.