Authentication failing if used accessgroup is other than Administrator
Hi All... I have a weired issue in one of my http service/activity which is called by a java code from outside pega. I am using java step to authenticate user using below 2 lines of code:
com.pega.pegarules.pub.context.PRAuthentication auth = pega.getAuthenticationHandle();
auth.performAuthentication (userid, pwd)
This performAuthentication method authenticates user which has Administrator AccessGroup only, If I clone Administrator Accessgroup and create another access group (lets say ABC AG) then now If I change the access group of user from administrator to ABC access group the this authentication method returns false instead of true. I am using v7.1.5
So my question is why is this method tightly coupled with Administrator access group or am I making some mistake?
Accepted Solution
JPMC
US
Sorry guys for updating this post so late. It was an issue with service package - It seems access group at service package and user id should be same. After updating access group at service level to ABC as user access group, things seems working fine.
Pegasystems Inc.
US
From the help...
performAuthentication(java.lang.String aUserIdentifier, java.lang.String aPassword)
Perform the standard PegaRULES authentication on the supplied username and (cleartext) password pair.
So I don't think this is coupled with the Administrator. I think Chunzhi's suggestion is a good one. Can the username/password supplied log in directly? If not, it's a problem with the operator. If so, I might try with other OOTB operators to see if it's something to do with your operator and http service in concert or if the method is truly not behaving as described above.
JPMC
US
Thank you Chunzhi Hong and Mike Townsend for your response!
Yes this operator works fine from all other perspective with ABC access group. After deleting old closed role to object instances and recreating new closed access role object no authentication is working fine with ABC accessGroup, but now I am getting same old problem which we have with pega v6.x - i.e.
My service fails and the reason is the below exception in pegarules log:
"Only authenticated client may start this activity: RULE-OBJ-ACTIVITY CODE-SECURITY SETUSERTYPE #20130919T000418.759 GMT"
This error we get while executing OOTB activities which have "Requires Authentication to run" checked. As per my understanding this issue is already fixed in pega 7.x but then why I am getting this exception in log for the service which is using this user id who have similar access as an Admin. Can you guys help me understand this issue?
JPMC
US
*******Corrected typo version comment***************
Yes this operator works fine from all other perspective with ABC access group. After deleting old role to object instances and recreating new access role object no authentication is working fine with ABC accessGroup, but now I am getting same old problem which we have with pega v6.x - i.e.
My service fails and the reason is the below exception in pegarules log:
"Only authenticated client may start this activity: RULE-OBJ-ACTIVITY CODE-SECURITY SETUSERTYPE #20130919T000418.759 GMT"
This error we get while executing OOTB activities which have "Requires Authentication to run" checked. As per my understanding this issue is already fixed in pega 7.x but then why I am getting this exception in log for the service which is using this user id who have similar access as an Admin. Can you guys help me understand this issue?
Pegasystems Inc.
US
Does SetUserType have the "Requires Authentication to run" check box checked? If so, then that tells us the system thinks your service is not authenticated. One would assume performAuthentication() would result in you having an authenticated requestor. I don't know anything about the change you're refering to so I can't really comment on its inclusion in Pega 7. Can we take a quick step back and talk about why you're using that java method to authenticate and not using something else? This isn't really my area of expertise, but possibly there is another way to do this that someone would know about that would avoid all of these complications.
JPMC
US
Hi Mike..Thanks for your response!
I have a http service which is called from outside pega by a java code and we have given them(java team) a SnapStart URL as recommended by pega.
My UseCase Desc - My pega application has to give some provision to external java program to call our activity on a external schedule basis (not using pega agents).
Issue Update - I dig in more and logged step by step progress and found that now everything goes fine i.e. authentication and executing service activity everything goes fine. but just after completing service call pega seems internally calling some OOTB SETUSERTYPE activity automatically and that is when I get "Only authenticated client may start this activity: RULE-OBJ-ACTIVITY CODE-SECURITY SETUSERTYPE #20130919T000418.759 GMT" error I log.
Due to this exception external java program reports job failure and this happens only when user id is associated with any access group other than Administrator access group.
JPMC
US
Thank you Chunzhi Hong for your suggestions. I will try to create SR for this issue.
Accepted Solution
JPMC
US
Sorry guys for updating this post so late. It was an issue with service package - It seems access group at service package and user id should be same. After updating access group at service level to ABC as user access group, things seems working fine.