Question
Infosys Ltd
IN
Last activity: 21 Oct 2020 5:18 EDT
Displaying Login Page for SSO Login
Hi,
We are using SSO Login for our application. But still users are routed to the Pega Login Page Screen even after providing the correct SSO Details. Can you please help on what are the changes to be made to skip pega login page while logging with SSO specified service url-pattern.
Thanks,
Varun
***Edited by Moderator Marissa to update platform capability tags****
-
Like (0)
-
Share this page Facebook Twitter LinkedIn Email Copying... Copied!
Pegasystems Inc.
PL
If you configured your SSO in Pega using Authentication Service, your end-users need to login by accessing the URL listed as "Login URL" in the authentication service configuration. This URL typically has the format https://{host}/prweb/PRAuth/{alias} where alias is the name you gave to the authentication service. Going to this URL would redirect users to the Idenity Provider login page instead of Pega login.
Note: If your SSO solution does not use Authentication Service, please disregard this tip.
Infosys Ltd
IN
Hi Cora,
Thanks for the quick response.
We are using Authentication Service and the users are logging using the URL listed in the authentication service. As you mentioned Going to this URL users are also redirected to the Identity Provider login page and on providing details there, we are redirected back to PEGA login page. (it should actually take us to the portal but we are redirected to the pega login page in our case).
I have checked the Authentication service activities (Time out activity and Authentication activity). But I don’t see anything related to skipping login screen in those activities
So my question is where are we specifying that it should skip the PEGA login page when I am using SSO Authentication Service or is there a way to trace this ?
Thanks,
Varun
Pegasystems Inc.
PL
Hi Varun,
You are correct, after successful login to Identity Provider, the user should be redirected to a portal and not to Pega login page.
If you are using OpenID Connect (OIDC) protocol for SSO, then the first thing to check is configuration of your Identity Provider, in particular the value of "Redirect URI". This should match the redirect URI in your Authentication Service.
If you are using SAML protocol for SSO, you should make sure that "Assertion Consumer Service (ACS)" in your Identity Provider matches the "Assertion Consumer Service (ACS)" in your Authentication Service.
Infosys Ltd
IN
Hi Cora,
We are using "Custom" Authentication Service type and i don't think we will have either "Redirect URL" or "ACS" mentioned anywhere in Custom Service Type.
Pegasystems Inc.
PL
Unfortunately the only use of "Custom" Authentication Service I'm aware of is when credentials are entered in Pega login screen and then verified against some external directory of users, for example LDAP / ActiveDirectory. I have no experience with using "Custom" Authentication Service in a scenario when credentials are entered in an external Identity Provider and do not reach Pega.
Maybe other community members can help here.
Department of Environment
IN
Hi Jarek,
Does the PRAuth in the url format is required? or is there a way to get rid of it from the Login URL.
Becuase currently we are using "https://nswpe-dt1.pegacloud.io/prweb/IAC" url for pega login. Now we are implementing the OpenID connect SSO. So when ever i enter "Authentication service alias" as IAC the URL forming as "https://nswpe-dt1.pegacloud.io/prweb/PRAuth/IAC". But all the end users might have book marked the old URL which will still redirect to the pega login page. How to do this?
Updated: 26 Nov 2019 0:23 EST
Pegasystems Inc.
IN
Hi @VarunC72 -
Could you please let us know the root cause if your issue has been resolved?
Thank you,
Abhishek Goel
Pegasystems Inc.
IN
Hi,
The issue seems to be with PRAuth. The network should be traced and it might be using host:port/prweb instead to host:port/prweb/PRAuth while redirecting whenever the first GET request hits on browser with SSO URL.
In order to fix the issue, web.xml file should be updated with <servlet-mappings> and PRAuth should be configured as below.
Hi,
The issue seems to be with PRAuth. The network should be traced and it might be using host:port/prweb instead to host:port/prweb/PRAuth while redirecting whenever the first GET request hits on browser with SSO URL.
In order to fix the issue, web.xml file should be updated with <servlet-mappings> and PRAuth should be configured as below.