Skip to main content

This content is closed to future replies and is no longer being maintained or updated.
Links may no longer function. If you have a similar request, please write a new post.

Question

 Lyndon Samson (LyndonS1)
SMS Management and Technology

SMS Management and Technology
AU
LyndonS1 Member since 2012 3 posts
SMS Management and Technology
Posted: Jul 24, 2018
Last activity: Aug 2, 2018
Posted: 24 Jul 2018 4:05 EDT
Last activity: 2 Aug 2018 8:23 EDT
Closed

Pega Provided MASSL Services

Hi All

There is an old article from 2015 ( https://community1.pega.com/community/pega-product-support/question/mutual-ssl-service-rest ) that documents how to configure tomcat/pega to support Client Cert Auth/MASSL in Tomcat.

I think the pega configuration has changed a bit since then, and probably makes that article no longer valid.

Specifically I have found this servlet mapping in web.xml

  <servlet-mapping>
                <servlet-name>WebStandard</servlet-name>
                <url-pattern>/*</url-pattern>
        </servlet-mapping>

Seems to override the web.xml settings to enable CLIENT-CERT authentication


<security-constraint>
  <web-resource-collection>
    <web-resource-name>DemoApp</web-resource-name>
    <url-pattern>/api/*</url-pattern>
    <url-pattern>/DiagnosticData</url-pattern>
  </web-resource-collection>
  <auth-constraint>
    <role-name>needcert</role-name>
  </auth-constraint>
</security-constraint>
<login-config>
  <auth-method>CLIENT-CERT</auth-method>
</login-config>
<security-role>
  <role-name>needcert</role-name>
</security-role>

Has anyone got this working on Pega 7.2/7.3 + ?

Thanks

Lyndon

Show More

Hi All

There is an old article from 2015 ( https://community1.pega.com/community/pega-product-support/question/mutual-ssl-service-rest ) that documents how to configure tomcat/pega to support Client Cert Auth/MASSL in Tomcat.

I think the pega configuration has changed a bit since then, and probably makes that article no longer valid.

Specifically I have found this servlet mapping in web.xml

  <servlet-mapping>
                <servlet-name>WebStandard</servlet-name>
                <url-pattern>/*</url-pattern>
        </servlet-mapping>

Seems to override the web.xml settings to enable CLIENT-CERT authentication


<security-constraint>
  <web-resource-collection>
    <web-resource-name>DemoApp</web-resource-name>
    <url-pattern>/api/*</url-pattern>
    <url-pattern>/DiagnosticData</url-pattern>
  </web-resource-collection>
  <auth-constraint>
    <role-name>needcert</role-name>
  </auth-constraint>
</security-constraint>
<login-config>
  <auth-method>CLIENT-CERT</auth-method>
</login-config>
<security-role>
  <role-name>needcert</role-name>
</security-role>

Has anyone got this working on Pega 7.2/7.3 + ?

Thanks

Lyndon


Show Less
To see attachments, please log in.
Data Integration

Posted: 6 years ago
Posted: 2 Aug 2018 4:41 EDT
Aruna Pyla (pylaa) Principal Technical Solutions Engineer
Pegasystems Inc.
IN

Hope this below blog will helps you.

if clientAuth is true then not required to override the existing web.xml but client authentication will use for all connections.

https://twoguysarguing.wordpress.com/2009/11/03/mutual-authentication-with-client-cert-tomcat-6-and-httpclient/

To see attachments, please log in.

We'd prefer it if you saw us at our best.

Pega Collaboration Center has detected you are using a browser which may prevent you from experiencing the site as intended. To improve your experience, please update your browser.

Close Deprecation Notice