Question
Booz Allen Hamilton
US
Last activity: 10 Sep 2019 10:02 EDT
Reading Header Attribute information - get CN works in non-Pega app, but doesn't work in Pega app
I have loaded Pega Personal Edition (tomcat installation) and we have deployed two apps. The first app is able to read the header to get the user CN. The pega app is not able to obtain the user CN.
First application (java code)
X509Certificate[] certs = null;
try {
Object objCertificates = request.getAttribute("javax.servlet.request.X509Certificate");
certs = (X509Certificate[])objCertificates;
} catch (Exception e) {
System.out.println("ERROR: Calling x509 certificate ... " + e.getMessage());
}
if (certs != null) {
X509Certificate cert = certs[0];
Principal p = cert.getSubjectDN();
// display user cn from cac, set session attributes
String CN = p.getName().substring(3, p.getName().indexOf(",", 0));
System.out.println("~~ CN = " + CN);
System.out.println("~~ caCertO = " + cert.getIssuerDN().toString());
}
… and when we access the java web application, the java console show:
~~ CN = BL*****.M*****.A.129012345
~~ cacCertO = CN=DOD ID CA-24, OU=PKI, OU=DoD, O=U.S. Government, C=US
In the second (Pega) application, we modified the Web-Login page to include similar java code:
I have loaded Pega Personal Edition (tomcat installation) and we have deployed two apps. The first app is able to read the header to get the user CN. The pega app is not able to obtain the user CN.
First application (java code)
X509Certificate[] certs = null;
try {
Object objCertificates = request.getAttribute("javax.servlet.request.X509Certificate");
certs = (X509Certificate[])objCertificates;
} catch (Exception e) {
System.out.println("ERROR: Calling x509 certificate ... " + e.getMessage());
}
if (certs != null) {
X509Certificate cert = certs[0];
Principal p = cert.getSubjectDN();
// display user cn from cac, set session attributes
String CN = p.getName().substring(3, p.getName().indexOf(",", 0));
System.out.println("~~ CN = " + CN);
System.out.println("~~ caCertO = " + cert.getIssuerDN().toString());
}
… and when we access the java web application, the java console show:
~~ CN = BL*****.M*****.A.129012345
~~ cacCertO = CN=DOD ID CA-24, OU=PKI, OU=DoD, O=U.S. Government, C=US
In the second (Pega) application, we modified the Web-Login page to include similar java code:
<pega:choose>
<pega:when test="pyUnsupportedBrowsers" >
<pega:include name='pyUnsupportedBrowserLoginMessage' type='Rule-HTML-Fragment'/>
</pega:when>
<pega:otherwise>
<%
System.out.println("---------------------------------------------------------");
System.out.println("-- Checking for Certificates!");
System.out.println("---------------------------------------------------------");
java.security.cert.X509Certificate[] certs = null;
try {
if (request != null) {
System.out.println("-- 3");
}
String requestUrl = (request.getRequestURL()).toString();
System.out.println("-- Checking for Certificates 00 - requestURL = " + requestUrl);
System.out.println("-- Checking for Certificates 01");
Object objCertificates = request.getAttribute("javax.servlet.request.X509Certificate");
if (objCertificates != null) {
System.out.println("-- Checking for Certificates 02 - objCertificates is not null");
}
certs = (java.security.cert.X509Certificate[])objCertificates;
System.out.println("-- Checking for Certificates 03");
} catch (Exception e) {
System.out.println("ERROR: Calling x509 certificate ... " + e.getMessage());
}
if (certs != null) {
System.out.println("~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~");
System.out.println("~~ WE FOUND CERTS");
System.out.println("~~");
java.security.cert.X509Certificate cert = certs[0];
java.security.Principal p = cert.getSubjectDN();
// display user cn from cac, set session attributes
String CN = p.getName().substring(3, p.getName().indexOf(",", 0));
System.out.println("~~ CN = " + CN);
System.out.println("~~ caCertO = " + cert.getIssuerDN().toString());
System.out.println("~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~");
} else {
System.out.println("-- We did not find any certificates ...");
}
///////////////////////////////////////
// Start of original Web-Login code
///////////////////////////////////////
...
When we access the Pega login screen, the tomcat console shows:
---------------------------------------------------------
-- Checking for Certificates!
---------------------------------------------------------
-- Checking for Certificates 00 - requestURL = /Non_Interactive_Session_No_Context/NonInteractive
-- Checking for Certificates 01
-- Checking for Certificates 03
-- We did not find any certificates ...
Booz Allen Hamilton
US
I apologize for the above post - i realize it is very hard to read. I am looking for examples of reading HttpServletRequest object from the Pega "Web-Login" HTML page.
I also found a similar post where the solution was found by using javascript code (but they didn't post a sample of the javascript code) - https://collaborate.pega.com/question/not-able-read-http-header-information
Does anyone have sample code to read header information? If so, please post the sample. Thanks!