How to use security policy on PRCustom authentication acitivity
My project use Pega cloud 2 and PRPC 7.2.
And there is a requirement to whitelist of Client IP address.
On pega cloud 2 , I can't get client IP by RemoteAddr so I need to get x-forwared-for of HTTP Header.
To achieve this I have to use PRCustom authentication activity to get x-forwared-for but it seems that PRCustom authentication activity can't use security policy.
For example, I can't use account lock, password failed penalty function of security policy.
Is there any way to use security policy functions on PRCustom authentication activity?
***Updated by moderator: Lochan to add SR details***
Accepted Solution
Areteans
IN
Pegasystems Inc.
IN
Hi Kim,
We see that your query is being addressed on an SR with Pega Support. The SR looks active and ongoing so we recommend continuing that route of investigation. Do let us know for any updates!
Thank you!
Pegasystems Inc.
JP
Hi Lochana,
You are right, this SR is related to SR-B36429 which I ask to update server.xml by using RemoteIpValve to get RemoteAddr, but there are possibility this doesn't work well.
So I asked same query with this post on SR-B39021 and I got reply that this query is out of scope of GCS and should be posted to Product Support Community.
Pegasystems Inc.
IN
Hi Kim,
Thank you for providing this information. Having this background helps! I will try to reach out internally to see how best to help you with your query.
Regards,
Pegasystems Inc.
IN
Hi Kim,
I see that this is now being handled by reopening the earlier SR. We will track that through this post until resolution.
Thank you!
Accepted Solution
Areteans
IN
Hi,
Here is the explanation for reported issue, "External authentication does not use the PRPC security policy. When a user has "External Authentication" flag set on their Data-Admin-Operator-ID record the Password stored in the same record is not used to authentication within PRPC. For example with LDAP the password the user provided on the PRPC SSO Login page, provided by configuration in the Data-Admin-AuthService, is just passed to the LDAP server for verification. The LDAP server security policies take affect. Same with other third part security software like Siteminder, WebSEAL as these require authentication before even being allowed to access any resource on site they are protecting. These have their own security policies etc."
Please check the below post for reference,
Hi,
Here is the explanation for reported issue, "External authentication does not use the PRPC security policy. When a user has "External Authentication" flag set on their Data-Admin-Operator-ID record the Password stored in the same record is not used to authentication within PRPC. For example with LDAP the password the user provided on the PRPC SSO Login page, provided by configuration in the Data-Admin-AuthService, is just passed to the LDAP server for verification. The LDAP server security policies take affect. Same with other third part security software like Siteminder, WebSEAL as these require authentication before even being allowed to access any resource on site they are protecting. These have their own security policies etc."
Please check the below post for reference,
https://collaborate.pega.com/question/does-pega-password-policy-security-policy-applicable-operators-external-authentication