Skip to main content

This content is closed to future replies and is no longer being maintained or updated.
Links may no longer function. If you have a similar request, please write a new post.

Question

 John Healey (healj)
PEGA
Principal System Architect
Pegasystems Inc.
GB
healj Member since 2011 19 posts
PEGA
Posted: Sep 11, 2023
Last activity: Sep 12, 2023
Posted: 11 Sep 2023 7:02 EDT
Last activity: 12 Sep 2023 14:45 EDT
Closed

SAML Authentication - support for the application-specific URL

Our client is on a modernisation journey and are moving multiple applications from separate production environments into a shared VPC in Pega Cloud. 

Previously they had a launchpad web page with distinct URLs per application endpoint, and created an operator record in each with access set specifically for that application (SSO integration was provided by IBM WebSEAL and LDAP). In the new configuration users will have access rights to one or more applications in the environment, and access will be added to the operator according to an aggregate of their roles.  SSO integration will with Okta verify via SAML. Does the application-specific URL pattern work with SAML? 

Will the user (or launchpad) be able to nominate the application to access, or will the authentication service redirect them to the application according to their default Access Group? 

Will we have to create an authentication service for each application?

***Edited by Moderator Rupashree to add Capability tags***
To see attachments, please log in.
Pega Platform 8.8.3
Pega Cloud
DevOps

Posted: 1 year ago
Posted: 11 Sep 2023 11:46 EDT
Marije Schillern (MarijeSchillern)
MOD
Senior Knowledge Management Specialist
Pegasystems Inc.
GB

@healj  our AI-bot search provided the following response:

"Yes, the application-specific URL pattern works with SAML. Users can access specific applications using the URL pattern

https://sample.pega.com/prweb/PRAuth/app/<application alias>/<authentication service alias>.

You do not need to create an authentication service for each application.

Instead, create a single SAML SSO authentication service and use it with different application aliases in the URL pattern. Ensure proper configuration of the SAML SSO authentication service, including mapping attributes and configuring optional features".

Reference: Authentication in mashups > URL patterns

@jastg  @tents can either of you comment further on the above question?

To see attachments, please log in.
Posted: 1 year ago
Updated: 1 year ago
Posted: 12 Sep 2023 14:44 EDT
Updated: 12 Sep 2023 14:45 EDT
Suman Gumudavelly (SUMAN_GUMUDAVELLY)
Ford Motor Company
Pega Operations, CoE and Administration
Ford Motor Company
US

@healj  If you observe a sample Pega instance urls till /prweb/PRAuth [ I used one of the PDC URL: https://pdc-external.pegacloud.com/prweb/PRAuth], it will list all the SAML/OIDC login options  appltions that are avaiable with in the Environment. 

Post PRAuth, Usually it will populate the Application Alias Name if you really wanted to give the access to application rule directly, otherwise PRAuth URL can act as your launch pad and depending on the Authentication mentioned for each of the Auth Rule + Operator ID's default access group, users can be switched between apps and able to login to the Application without any issue. 

To see attachments, please log in.

We'd prefer it if you saw us at our best.

Pega Collaboration Center has detected you are using a browser which may prevent you from experiencing the site as intended. To improve your experience, please update your browser.

Close Deprecation Notice