Skip to main content

This content is closed to future replies and is no longer being maintained or updated.
Links may no longer function. If you have a similar request, please write a new post.

Question

 Ashokkumar Thangaiah (Ashok Thangaiah)
Coforge
Ashokkumar Thangaiah
Coforge
IN
Ashok Thangaiah Member since 2020 3 posts
Coforge
Posted: Sep 10, 2020
Last activity: Sep 14, 2020
Posted: 10 Sep 2020 2:33 EDT
Last activity: 14 Sep 2020 23:10 EDT
Closed

Public url to access Pega Work Object

Hi - We have a requirement to access a Pega Work Object as a Public url. We thought of using the Pega Web Mashup, and passing the operator id & password as parameters in index.html of the server. We want to know if any other approach exists to achieve this. Requirement is when user clicks a url, it should open a work object without asking login information, and collect some details from visitors who launched the url and pass back them to Pega. 

Appreciate if any one can help us in this design.

Thanks

To see attachments, please log in.
Pega Platform 8.4
Case Management
Insurance
Lead System Architect

Posted: 4 years ago
Posted: 10 Sep 2020 3:50 EDT
Praveen Kumar Mankala (PraveenMankala)
PEGA
Senior Principal Engineer, Technical Support
Pegasystems Inc.
IN

Hello Ashok,

You can use snapstart URL for the same. Kindly refer below article for more information about it:

https://community.pega.com/sites/default/files/help_v72/procomhelpmain.htm#mobile/concepts/mob-use-snapstart-module-outside-sdk-con.htm

Regards,

Praveen 

To see attachments, please log in.
Posted: 4 years ago
Posted: 14 Sep 2020 23:10 EDT
Braam Smith (BraamSmithCLSA)
PEGA
Partner Success Tech Lead - APAC
Pegasystems Inc.
AU

Please avoid any design that results in passwords being published either in HTML, Javascript content or a URL like snapstart. This is a major security breach.

Any interaction to a Pega server that should be in some way restricted needs to know who the user is and what they are authorized to do must challenge the user to authenticate themselves. If you are using Mashup, then ideally your hosting website has already done this and can channel through an access token to Pega where an Authentication Service - perhaps specifically for this Mashup channel - determines the user. 

FYI Pega Infinity has introduced a "URL Mappings" feature that allows you to create a case-type-specific URL for directly accessing a single work item instance, if your Pega instance is internet-facing. See Enable search by third-party search engines for more details. Again, the user will still need to be authorized to open instances of that type and will still therefore need to be authenticated.

If viewing the details of the work object is genuinely unrestricted, I recommend using a dedicated Authentication Service to this channel that authenticates to a default user - associated to an extremely locked down access group - that has no more access control than it needs to accomplish the public operations.

To see attachments, please log in.

We'd prefer it if you saw us at our best.

Pega Collaboration Center has detected you are using a browser which may prevent you from experiencing the site as intended. To improve your experience, please update your browser.

Close Deprecation Notice