Question
a2a
IT
Last activity: 11 Jul 2017 11:25 EDT
Pega Basic Authentication Compliance
Hi,
I would ask information about Pega Basic Authentication, is it possible to use it in Production Environment and is it compliance to an international standard?
Thanks,
Andrea
Virtusa IT Consulting
AE
Hi Andrea,
It is possible to use 'basic authentication' from authentication service rule, However I am not sure about the production environment if that's a good practice, probably not. It depends on your business requirement as how you want users to get authenticated in different situations.
Thanks,
Habeeb
a2a
IT
Hi Habeeb,
in our scenario we are compliant with customer requirement with basic auth, but in order to provide that solution we need official communication from Pega about the usage of that capability in production, could you help me?
Virtusa IT Consulting
AE
Hi Andrea,
If you have such a business scenario, you can select basic authentication from your SAML/custom authentication service rule. Mostly basic authentication in prpc comes in scenarios like when there is a authentication timeout or any kind of challenge you face in authenticating user. Please check the custom tab of authentication service rule, it should give you more idea to handle the authentication challenges using basic authentication.
Thanks,
Habeeb Baig
Pegasystems Inc.
IN
Hi Andrea,
I don't find any problem in using basic authentication until the Users/Applications connects to a web server (website) secured with SSL. In case you are using payment gateway in your system, you have to provide more security as per the standard like PCI compliance and similar organization.
Thank you - Anuj