Skip to main content

This content is closed to future replies and is no longer being maintained or updated.
Links may no longer function. If you have a similar request, please write a new post.

Question

 Anurag Nedunuri (anuragn4)
Couloir Technology Group
Pega Senior System Architect
Couloir Technology Group
US
anuragn4 Member since 2017 7 posts
Couloir Technology Group
Posted: Jan 27, 2020
Last activity: Jan 28, 2020
Posted: 27 Jan 2020 12:02 EST
Last activity: 28 Jan 2020 9:44 EST
Closed

Fail error during Single Sign On using built on application

We have a SSO implementation using custom authentication activity. The requestor type is mapped to an unauthenticated access group with PegaRULES:Guest-Maximum as user role. The AG is mapped to an application A whose rule sets have the authentication service and the authentication activity. The authentication activity invokes a connect-http service which is also in rulesets belonging to application A.

Due to some changes, we have created an other application B and added application A as built on to B. Now, we are referring B in the earlier mentioned Unauthenticated AG. We are seeing error during the execution of the connect-http service. I error we see is:

Only authenticated client may start this activity: RULE-OBJ-ACTIVITY RULE-OBJ-REPORT-DEFINITION PXRETRIEVEREPORTDATA #20160614T132614.161 GMT ReqID=HF4B40208D8E3C8E194ABCD195572BF74
com.pega.pegarules.pub.PRRuntimeException: Error: You lack access required to execute RULE-OBJ-ACTIVITY RULE-OBJ-REPORT-DEFINITION PXRETRIEVEREPORTDATA #20160614T132614.161 GMT.

This error does not happen when we directly map application A to the unauthenticated AG. I can understand that PegaRULES:Guest-Maximum does not have access to the class Rule-Obj-Reportdefinition and hence I can see this error. However, Can some one help with this issue to understand why Pega is trying to run a RD when application B is mapped and used as built - on to A.

Attached log for further information

***Edited by Moderator Marissa to update platform capability tags****

To see attachments, please log in.
Pega Platform
Security

Posted: 4 years ago
Posted: 28 Jan 2020 3:21 EST
Anthony Gourtay (Anthony_Gourtay)
Proximus
Expert Engineer - PEGA Application Management
Proximus
BE

Hello,
in which application is located your custom activity?
I think it should be either a standalone one or in B. 
If in A, since you're not yet authenticated, I guess you cannot yet access it.
If it's a standalone SSO application, then in Advanced tab of prpc:unauthenticated you should mention it in the Production Ruleset. As such unauthenticated can yet still execute activity from your SSO package.
Regards
Anthony 

To see attachments, please log in.
Posted: 4 years ago
Posted: 28 Jan 2020 9:44 EST
Anurag Nedunuri (anuragn4)
Couloir Technology Group
Pega Senior System Architect
Couloir Technology Group
US

The custom activity is in application A which is stand - alone and built on PegaRules. I am able to access all rules in A except that I am seeing the error while running the connect-http rule. Since, this application is a build - on for application B, which is mapped to the unauthenticated AG, there shouldn't be any issue. More analysis of logs revealed that the issue is with one model rule that is circumstanced to load the data page that holds the end points for the connect - http rule.  Not sure why this error occurs when using A as built - on to B.

To see attachments, please log in.

We'd prefer it if you saw us at our best.

Pega Collaboration Center has detected you are using a browser which may prevent you from experiencing the site as intended. To improve your experience, please update your browser.

Close Deprecation Notice