Skip to main content

This content is closed to future replies and is no longer being maintained or updated.
Links may no longer function. If you have a similar request, please write a new post.

Question

 Imranullah Mohammed DawoodBasha (Imranullah-db)
Coforge
Imranullah Mohammed DawoodBasha
Coforge
US
Imranullah-db Member since 2023 39 posts
Coforge
Posted: Nov 6, 2020
Last activity: Jan 6, 2021
Posted: 6 Nov 2020 13:40 EST
Last activity: 6 Jan 2021 10:06 EST
Closed
Solved

Issue with two authentication services on same server [error defaults to one]

Here is something different happening to us in prod. We have two applications that are running on the Pega cloud and authenticated using Okta. Assume the two apps to have authentication URL using SP as  https://division.organization.com/prweb/PRAuth/App1 https://division.organization.com/prweb/PRAuth/App2

We have two authentication services setups, the service activity has been written in such a way that even if the operator exists, they remove the current access group and add the required access based on the authentication service. One thing to say is App2 was released into prod after App1 and there are users who are common to both the applications. For these types of users [in order]

  1. When they log in to App2 (works properly).
  2. When they log in to App1 (works properly). 
  3. When they try to access App2 (doesn't work as expected). Logs the user into the App1. 

 

We must delete the operator id to allow the user to login to App2 again. 

Has anyone in the Pega realm has encountered this issue.

***Edited by Moderator Kayla to update Content Type from Discussion to Question***

To see attachments, please log in.
Pega Platform 8.3.1
Security
Lead System Architect

Accepted Solution

Posted: 3 years ago
Posted: 6 Jan 2021 8:42 EST
Imranullah Mohammed DawoodBasha (Imranullah-db)
Coforge
Imranullah Mohammed DawoodBasha
Coforge
US

Well, this issue was solved by making the changes to the access group to the operator and saving the operator id explicitly with obj-save write now. 

Since it was post-authentication activity, not authentication activity that was the way to go. 

To see attachments, please log in.
Posted: 4 years ago
Updated: 4 years ago
Posted: 6 Nov 2020 20:06 EST
Updated: 9 Nov 2020 1:02 EST
Imranullah Mohammed DawoodBasha (Imranullah-db)
Coforge
Imranullah Mohammed DawoodBasha
Coforge
US

One more additional finding on this. 

  1. Users logs into app 2 (https://division.organization.com/prweb/PRAuth/App2)
  2. The user then logs into app 1 (https://division.organization.com/prweb/PRAuth/App1)
  3. Login to the admin studio and clear off all the requestors by using a terminate requestor.  
  4. Then try to login to app 2 (https://division.organization.com/prweb/PRAuth/App2)
  5. Works perfectly this time. 

So, if without killing the requestor if I try it picks up from passivation. Btw in app 1 "Use access-group timeout" is set. 

To see attachments, please log in.

Accepted Solution

Posted: 3 years ago
Posted: 6 Jan 2021 8:42 EST
Imranullah Mohammed DawoodBasha (Imranullah-db)
Coforge
Imranullah Mohammed DawoodBasha
Coforge
US

Well, this issue was solved by making the changes to the access group to the operator and saving the operator id explicitly with obj-save write now. 

Since it was post-authentication activity, not authentication activity that was the way to go. 

To see attachments, please log in.

We'd prefer it if you saw us at our best.

Pega Collaboration Center has detected you are using a browser which may prevent you from experiencing the site as intended. To improve your experience, please update your browser.

Close Deprecation Notice