Skip to main content

This content is closed to future replies and is no longer being maintained or updated.
Links may no longer function. If you have a similar request, please write a new post.

Question

 Engincan Yildiz (EngincanY)
EIB
Software Engineer
EIB
PL
EngincanY Member since 2018 85 posts
EIB
Posted: Aug 8, 2019
Last activity: Aug 9, 2019
Posted: 8 Aug 2019 9:43 EDT
Last activity: 9 Aug 2019 1:58 EDT
Closed

Session expire with LDAP auth

Hi,

We use LDAP authentication in our applications and we also would like to set a session expire time. I tried to set an expire time in access group. Then I chose"Use PegaRULES Timeout" in auth service. When I tested, session expired as I expected and simple login screen appeared as in the attachment. But I couldn't login using my LDAP credentials. It says "information was not recognized". Is this normal ?

Thanks.

To see attachments, please log in.
Pega Platform
Low-Code App Development
Data Integration
Security

Posted: 5 years ago
Posted: 8 Aug 2019 10:50 EDT
Chris Koyl (ChrisKoyl)
PEGA
Senior Fellow, Technical Support, Runtime Engine
Pegasystems Inc.
US

Hi,

What version of PRPC are you on? 

In PRPC 7.x there this problem were the password needs to be  base64 encoded at the UI level because the engine is expecting it to be encoded when it gets. So the engine is trying to decode it before the timeout activity is called causing the Password parameter sent to the LDAP server to be wrong. 

To solve this issue follow this: https://community.pega.com/support/support-articles/time-out-session-password-not-encrypted-correctly

(I need to change this as it's not encryption but encoding)

Hope this helps,

--Chris

 

 

 

To see attachments, please log in.
Posted: 5 years ago
Posted: 8 Aug 2019 11:41 EDT
Engincan Yildiz (EngincanY)
EIB
Software Engineer
EIB
PL

Thank you for your comment. I tried that local change but after I submitted the from with my credentials, the page has been routed to "url:port/PRWebLdap1/prweb" and the page error was displayed. However when I opened the "url:port/prweb", I was be able to continue my work. I think Pega verified my credentials.

But we are just using "url:port/prweb" for ldap authentication. After the form is submitted, it should route to "url:port/prweb". How can I configure this ?

To see attachments, please log in.
Posted: 5 years ago
Posted: 8 Aug 2019 12:25 EDT
Chris Koyl (ChrisKoyl)
PEGA
Senior Fellow, Technical Support, Runtime Engine
Pegasystems Inc.
US

Hi,

I have never seen that issue before. The URI used for the form post is coming from pxThread.pxReqURI. So .. what is that value on the clibpoard. 

--Chris

 

 

 

To see attachments, please log in.
Posted: 5 years ago
Posted: 9 Aug 2019 1:58 EDT
Engincan Yildiz (EngincanY)
EIB
Software Engineer
EIB
PL

Value is /prweb/oujENJg8_ugf9gQ0u_JF0cJ2WVqDM5kL-c68FN8Z2lM%5B*/!STANDARD which is matching with the current url on the browser. But when the form is submitted url is changing to /PRWebLDAP1/prweb/oujENJg8_ugf9gQ0u_JF0cJ2WVqDM5kL-c68FN8Z2lM[*/!STANDARD?pyActivity=CheckServerConnection&Close=true&pzPostData=2115076906

Thus I get http 400 error. When I manually go to the only "/prweb" url, it redirects me to /prweb/oujENJg8_ugf9gQ0u_JF0cJ2WVqDM5kL-c68FN8Z2lM%5B*/!STANDARD and I continue my work as I logged in. 

To see attachments, please log in.

We'd prefer it if you saw us at our best.

Pega Collaboration Center has detected you are using a browser which may prevent you from experiencing the site as intended. To improve your experience, please update your browser.

Close Deprecation Notice