Question
JPMC
US
Last activity: 8 Dec 2015 11:42 EST
pega.getAuthenticationHandle().performAuthentication() doesnt work as expected
Hi All ..... I am trying to authenticate userid and credentials passed in a REST service - in service activity I am using pega.getAuthenticationHandle().performAuthentication (userid, pwd) in a java step but it is returning true all the time irrespective of whether password is correct or not. While same method works fine in HTTP service activity. Can someone please help me understand its behavior or am I making some mistake the way it should be used.
-
Like (0)
-
Share this page Facebook Twitter LinkedIn Email Copying... Copied!
Accepted Solution
PEG
IN
Do you want to Basic authentication or customer authentication like LDAP, SSO etc. You can enable the Authentication checkbox at Service Package level as mentioned by Phani Sahukaru and dry run the "Service-REST" rule using "Initialize Service Requestor Context"
Pegasystems Inc.
IN
would it be convincing to try applying credentials at Data-Admin-ServicePackage? please share your thoughts/comments, Thank you!
Pegasystems
US
>>> pega.getAuthenticationHandle().performAuthentication (userid, pwd)
Instrument it to the hilt. By that I mean:
1) Check that pega contains what you expect. Print it out if any doubt.
2) Check return value from getAuthenticationHandle compared with what documentation says it should contain.
3) If documentation says getAuthenticationHandle can thrown an exception, use try-catch and do a log-message if the exception is thrown.
4) Check that userid contains what you expect. Print it out. Try example with good userid and with bad one to make sure you get an error with bad one.
5) Check that pwd contains what you expect. Print it out. Try an example with good pwd and with bad one, and make sure you get an error with bad one.
6) Check that performAuthentication returns the value documentation says it should.
7) If documentation says performAuthentication can throw an exception, use try-catch and do a log-message if exception is thrown. If possible, set up a bad case to make sure you actually see the log-message in the bad case.
/Eric
JPMC
US
Thank you Eric Osman! for your responnse! I did use logging and code is in already in try catch block and return \value I am holding in a Boolean local variable which in tern I am using in java step transition to check whether the authentication was successful or not, all the values needed are also present and ?I can see in tracer as well. I am just puzzled that how come performAuthentication method returns true all the time. Is there any thing else I can do to debug it
Pegasystems
US
The answer is not yet clear to me yet either. However, looking at "? - > APis - > Engine . . .", I see that there is a getAuthorizationHandle method in PublicAPI. Would this one be useful ? /Eric
JPMC
US
Thanks Eric Osman for your response! AuthorizationHandle wont be helpful for my scenario as I cant get any role or privilege without authenticating it. right?
pega.getAuthenticationHandle().performAuthentication (userid, pwd) API should work fine. In your service package, do you have Requires Authentication checkbox checked? Then you should point your activity which have Java step with call to pega.getAuthenticationHandle().performAuthentication (userid, pwd) API inside the Authentication Service.
JPMC
US
Thank you Aditya Sirohi!! I did try this method with and without authentication checked at package level, but nothing seems working, this method always returns true whether supplied password is correct or not.
JPMC
US
Thank you Phani Sahukaru for your response! We did try to Basic Authentication at package level, but could not make it work. Could you provide some reference guide to use Authentication at package level?
Accepted Solution
PEG
IN
Do you want to Basic authentication or customer authentication like LDAP, SSO etc. You can enable the Authentication checkbox at Service Package level as mentioned by Phani Sahukaru and dry run the "Service-REST" rule using "Initialize Service Requestor Context"
JPMC
US
Thank you Gangababu Gollapalli!! Current we are using pega's native authentication so I tested with Basic authentication, though we are moving to sso very soon in next couple of months.
It did work when I ran the service rule in Initialize service requestor context mode with basic authentication option in package. So could you please answer my below queries :
--> Currently this service is supposed to be consumed by another java application as a REST service with json as a response. so How do we achieve this because when I try to test from Mozilla rest client this service asks for credentials, so how do we supply credentials from java program(Tried passing UserID and Password as header but didn't work), and secondly with authentication at package level if authentication fails it returns below response on REST client side:
Thank you Gangababu Gollapalli!! Current we are using pega's native authentication so I tested with Basic authentication, though we are moving to sso very soon in next couple of months.
It did work when I ran the service rule in Initialize service requestor context mode with basic authentication option in package. So could you please answer my below queries :
--> Currently this service is supposed to be consumed by another java application as a REST service with json as a response. so How do we achieve this because when I try to test from Mozilla rest client this service asks for credentials, so how do we supply credentials from java program(Tried passing UserID and Password as header but didn't work), and secondly with authentication at package level if authentication fails it returns below response on REST client side:
- Status Code: 401 Unauthorized
- Content-Length: 1468
- Content-Type: text/html; charset=UTF-8
- Date: Mon, 07 Dec 2015 16:42:01 GMT
- WWW-Authenticate: Basic realm="PegaRULES"
- X-Powered-By: Servlet/2.5 JSP/2.1
Can you please help me resolve the issue. The ultimate goal is to implement authentication for this new REST service.
pega.getAuthenticationHandle().performAuthentication() method is working fine with HTTP services but not working with REST as it returns true all the time irrespective of pwd is correct or not.
PEG
IN
Hello,
Please find the below screenshots to provide authentication from Mozilla Rest client.
Hope this helps!
PEG
IN
PEG
IN
JPMC
US
Thank you Gangababu Gollapalli!! I tried passing the credentials they way you suggested and it worked. Could you please help me with steps to be followed or some document link on pdn to implement authentication for services once we move to SSO?
PEG
IN
I think it would be better to raise a separate thread for SSO implementation and you can close this thread.
If you are using PRPC7 worth checking below thread.
https://pdn.pega.com/forums/security/sso-implementation-pega7
JPMC
US
Sure Gangababu! Thanks for the suggestion! Actually my previous question was related to service authentication once we move to SSO.