Question
Wüstenrot & Württembergische Informatik
DE
Last activity: 15 May 2024 9:27 EDT
Authentication Service Error Handling
Hi Community,
we developed a custom authentication service, which we use to secure our application specific REST service endpoints. The activity uses the pxProcessJWT Activity to validate and parse the received JWT.
If a wrong token is supplied (e.g. issued by a wrong IDP) the authentication fails (which is expected), the following error is logged by com.pega.pegarules.integration.engine.internal.services.ServiceAPI and the http status 500 is returned (which ideally should be 401):
Hi Community,
we developed a custom authentication service, which we use to secure our application specific REST service endpoints. The activity uses the pxProcessJWT Activity to validate and parse the received JWT.
If a wrong token is supplied (e.g. issued by a wrong IDP) the authentication fails (which is expected), the following error is logged by com.pega.pegarules.integration.engine.internal.services.ServiceAPI and the http status 500 is returned (which ideally should be 401):
com.pega.pegarules.pub.services.ServiceException: Service requestor could not be authenticated
at com.pega.pegarules.integration.engine.internal.services.ServiceAPI.handleAuthentication(ServiceAPI.java:1770)
at com.pega.pegarules.integration.engine.internal.services.RESTServiceAPI.handleAuthentication(RESTServiceAPI.java:227)
at com.pega.pegarules.session.external.engineinterface.service.EngineAPI.activityExecutionProlog(EngineAPI.java:628)
at com.pega.pegarules.session.external.engineinterface.service.EngineAPI.processRequestInner(EngineAPI.java:454)
at jdk.internal.reflect.GeneratedMethodAccessor175.invoke(Unknown Source)
[...]
Caused by: com.pega.pegarules.pub.PRRuntimeException: No failure response set by custom authentication activity
at com.pega.pegarules.session.internal.mgmt.authentication.SchemePRCustom.onAuthenticationFailure(SchemePRCustom.java:1091)
at com.pega.pegarules.session.internal.mgmt.authentication.Authentication.doAuthentication(Authentication.java:740)
at com.pega.pegarules.integration.engine.internal.services.ServiceAPI.handleAuthentication(ServiceAPI.java:1735)
... 56 more
Especially the "No failure response set by custom authentication activity" makes us wonder, what the correct way to handle an authentication failure would be.
We tried setting param.pyFailMessage as suggested in PRRuntimeException: No failure response set by custom authentication activity but with no effect.
Pegasystems Inc.
GB
@FlorianB1448 In your custom authentication activity, you should handle the failure scenario by setting the appropriate failure response. This can be done by using the 'Fail' method in your activity to set a failure message. This message will then be used by the authentication service to generate the appropriate HTTP response. If no failure response is set, Pega will throw a PRRuntimeException, as you're seeing in your logs. Please ensure that your custom authentication activity handles all possible failure scenarios and sets appropriate failure responses.
⚠ This is a GenAI-powered tool. All generated answers require validation against the provided references.
JWT Processing using pxProcessJWT - Custom Authentication
JWT validation in REST Service
NullPointerException while reading header in Custom Authentication for Service P