Skip to main content

This content is closed to future replies and is no longer being maintained or updated.
Links may no longer function. If you have a similar request, please write a new post.

Question

 Michael Blust (MichaelB9860) Booz Allen Hamilton Solutions Developer
Booz Allen Hamilton
US
MichaelB9860 Member since 2018 15 posts
Booz Allen Hamilton
Posted: Nov 26, 2019
Last activity: Dec 4, 2019
Posted: 26 Nov 2019 14:47 EST
Last activity: 4 Dec 2019 9:51 EST
Closed

Read HTTPHeaderRequest

We are trying to capture the users unique identifier so that we can log the user into the application as the X509 certificate's unique ID (ten digit number).

We have configured Tomcat with a secure key store and trust store where the system prompts for the user's certificate and PIN. The browser passes the attributes to the application in the HTTPHeaderRequest; however, I cannot get the Pega code to read the http header request object.We have the following java code in our authentication activity (called from /PRWebLDAP1).

The output from the code below is the following:

111
222
444
Request is not null
Request = com.pega.pegarules.priv.authentication.RequestFacade@4fc53f6a
ERROR: Calling x509 certificate ... Attributes not available in the ETier
333

It appears to bomb on "request.getRemoteUser()". How can I get information from the request object?

Show More

We are trying to capture the users unique identifier so that we can log the user into the application as the X509 certificate's unique ID (ten digit number).

We have configured Tomcat with a secure key store and trust store where the system prompts for the user's certificate and PIN. The browser passes the attributes to the application in the HTTPHeaderRequest; however, I cannot get the Pega code to read the http header request object.We have the following java code in our authentication activity (called from /PRWebLDAP1).

The output from the code below is the following:

111
222
444
Request is not null
Request = com.pega.pegarules.priv.authentication.RequestFacade@4fc53f6a
ERROR: Calling x509 certificate ... Attributes not available in the ETier
333

It appears to bomb on "request.getRemoteUser()". How can I get information from the request object?

//java.security.cert.X509Certificate.X509Certificate[] certs = null;
System.out.println(" 111 ");
javax.servlet.http.HttpServletRequest request = (javax.servlet.http.HttpServletRequest)tools.getRequestor().getRequestorPage().getObject("pxHTTPServletRequest");
try {
	System.out.println(" 222 ");
	java.lang.Object objCertificates = null;
	java.lang.Object objCertificates2 = null;
	System.out.println(" 444 ");
  if (request != null) {
    System.out.println("Request is not null");
    System.out.println("Request = " + request);
    System.out.println("Request.getRemoteUser() = " + request.getRemoteUser());
  } else {
    System.out.println("Request IS null");
  }
  objCertificates2 = request.getAttributeNames();
	System.out.println(" 555 ");
	System.out.println(" 555 attributes = " + objCertificates2);
  objCertificates = request.getAttribute("javax.servlet.request.X509Certificate");
	System.out.println(" 666 ");
//	certs = (X509Certificate[])objCertificates;
	System.out.println("We are able to read the javax.servlet.request.X509Certificate");
} catch (Exception e) {
	System.out.println("ERROR: Calling x509 certificate ... " + e.getMessage());
}

Show Less
Java and Activities
Posted: 4 years ago
Posted: 26 Nov 2019 23:26 EST
Chris Koyl (ChrisKoyl) PEGA Senior Fellow, Technical Support, Runtime Engine
Pegasystems Inc.
US

Hi,

The Pega Platform has two tiers, the web tier and the engine tier (Etier). 

When you're using the pxRequestor.pxHttpServletRequest object it's actually this class:

com.pega.pegarules.priv.authentication.RequestFacade

At the web tier level we populate this class with contents from the actual HttpServletRequest object and some content is simply not added, including attributes.  The methods for request attributes are defined in RequestFacade but they throw exception as not implemented. 

That is why you get the "Attributes not available in the ETier" error.

I don't have another solution for you. 

--Chris

 
Posted: 3 years ago
Posted: 4 Dec 2019 9:51 EST
Michael Blust (MichaelB9860) Booz Allen Hamilton Solutions Developer
Booz Allen Hamilton
US

I should rename this topic from "Read HttpHeaderRequest" to "Problem reading certificate credentials from CAC and log user into Pega".

 

I have added some more detail in the attached word document.

1. I have configured tomcat with the <connector> where we specify the keystore and the truststore (with passwords)

2. When I access https://localhost:8443/abssConnect or https://localhost:8443/prweb/PRWebLDAP1/ the system will prompt for my certificate and my PIN.  After successfully validating my certificate and pin, the system continues on to the web page.

3.  I am able to grab the user credentials (lastname.firstname.mi.1234567890) from the /abssConnect url (b/c it reads from getAttributes); however, I cannot get the user credentials from the /prweb/PRWebLDAP1/ url

Does pega store the recorded CAC CN anywhere during the authentication process?

Thanks!

We'd prefer it if you saw us at our best.

Pega Collaboration Center has detected you are using a browser which may prevent you from experiencing the site as intended. To improve your experience, please update your browser.

Close Deprecation Notice