Question
HCLTech
US
Last activity: 9 Jul 2025 20:08 EDT
LDAP authentication in Web Embeds
Did anyone try LDAP in webembeds? can you let me know how the sample script will look like with LDAP.
sample script for basic authentication is given below, is there any additional elements to be passed for LDAP
<script src='https://<your-domain>/prweb/PRRestService/c11nsvc/v1/pega-embed.js'></script>
<pega-embed id='theEmbed' action='createCase' caseTypeID='<<your-case-type-id>>' themeID='<<your-theme-id>>' casePage='assignment' assignmentHeader='false' appAlias='<<your-app-alias>>' pegaServerUrl='https://<your-domain>/prweb/' autoReauth='true' authService='<<your-auth-service>>'
grantType='authCode' clientId='<<your-client-id>>' style='width:100%'> </pega-embed>
Note: LDAP is configured and works fine
Silent authentication
Web embeds support a number of configurations to obtain authentication without displaying a challenge screen:
Did anyone try LDAP in webembeds? can you let me know how the sample script will look like with LDAP.
sample script for basic authentication is given below, is there any additional elements to be passed for LDAP
<script src='https://<your-domain>/prweb/PRRestService/c11nsvc/v1/pega-embed.js'></script>
<pega-embed id='theEmbed' action='createCase' caseTypeID='<<your-case-type-id>>' themeID='<<your-theme-id>>' casePage='assignment' assignmentHeader='false' appAlias='<<your-app-alias>>' pegaServerUrl='https://<your-domain>/prweb/' autoReauth='true' authService='<<your-auth-service>>'
grantType='authCode' clientId='<<your-client-id>>' style='width:100%'> </pega-embed>
Note: LDAP is configured and works fine
Silent authentication
Web embeds support a number of configurations to obtain authentication without displaying a challenge screen:
- grantType="authCode" with WebLDAP
- You can use a WebLDAP1, WebLDAP2, or WebLDAP3 custom authentication service with the authorization code grant flow.
In this scenario, you can configure the authentication service Rule to include an Activity that takes in inputs to the request, such as cookies, and maps them to a specific dynamic operator or rejects the request. This Activity must be included in a Ruleset that is explicitly listed in the PEGA!BROWSER:Unauthenticated Access Group of the current requestor type.
In addition, the Source of operator credentials field in the authentication service must be set to Use Credentials Stored in PegaRULES.
Finally, you must ensure that security settings on any of the servers are not blocking the OAuth 2.0 client redirects in a hidden iframe. The redirects need to be configured to succeed in a specified interval, with the default interval set to five seconds. If the redirects fail in the iframe, a pop-up window might appear and disappear because the web embed expects the challenge, but the IDP returns the authentication code immediately, which causes the web embed to close the window.
HCA Healthcare
US
To use LDAP in Web Embeds, you can follow a setup similar to basic authentication but with a few changes. You need to use grantType='authCode' and provide your LDAP authentication service name in the authService field, like WebLDAP1. Make sure the LDAP authentication service is correctly configured in Pega and is working fine. Your embed script should include the correct clientId, appAlias, and pegaServerUrl. No extra parameters are needed in the script itself for LDAP. Ensure that the LDAP service is set to use credentials stored in Pega, and any required activity in the auth service should be part of the unauthenticated access group. Also, browser settings should allow silent authentication via iframe redirects. Below is a sample script using LDAP for reference.