Question
Tech Mahindra Ltd
CA
Last activity: 27 Jan 2021 20:27 EST
SSO log in issue with HTTP Post
Hi ,
We are using pega 7.1.7 where users logs into the application using SSO. According to our requirement our users first logs into an non-pega application , and then gets redirected to Pega using HTML post method.
That Non pega application has a button and upon submission of the button , HTTP post method(for security purpose , that other app can not pass any http header request parameters appended in URL) gets called which inurns supposed to open Pega. Example code used:
<!DOCTYPE html>
<html>
<body>
<form method ="POST" action="http://PegaURL/prweb/PRServletCustom>
<br><br>
<input type="submit" value="Submit">
</form>
</body>
</html>
In pega we have customized the authentication activity and are reading cookie informations to authenticate the users using the below JAVA code:
Hi ,
We are using pega 7.1.7 where users logs into the application using SSO. According to our requirement our users first logs into an non-pega application , and then gets redirected to Pega using HTML post method.
That Non pega application has a button and upon submission of the button , HTTP post method(for security purpose , that other app can not pass any http header request parameters appended in URL) gets called which inurns supposed to open Pega. Example code used:
<!DOCTYPE html>
<html>
<body>
<form method ="POST" action="http://PegaURL/prweb/PRServletCustom>
<br><br>
<input type="submit" value="Submit">
</form>
</body>
</html>
In pega we have customized the authentication activity and are reading cookie informations to authenticate the users using the below JAVA code:
Javax.servlet.http.HttpServletRequest req = null;
Try {
Req = (javax.servlet.http.HttpServletRequest) tools.getRequestor (). GetRequestorPage (). GetObject ("pxHTTPServletRequest");
If (req.getUserPrincipal () == null)
{
String errorMessage = "User Principal not passed to PEGA, Please contact System Administrator";
Tools.putParamValue ("Status", "fail");
Tools.putParamValue ("errMsg", errorMessage);
Tools.putParamValue ("pyChallenge", errorMessage);
Throw new PRRuntimeException (errorMessage);
}
Javax.servlet.http.Cookie [] cookies = req.getCookies ();
String token = null;
If (cookies! = Null) {
For (int i = 0; i <cookies.length; i ++) {
//oLog.infoForced("cookie ---> "+ cookies [i] .getName ());
If (cookies [i] .getName () .equals ("LtpaToken2"))
Token = cookies [i] .getValue ();
}
}
Tools.putParamValue ("LTPA", token);
} Catch (Exception e)
{
Throw new PRRuntimeException ("Exception:" + e.getMessage ());
}
After implementing the above code whenever users are redirected to pega they are getting the below error:
User Principal not passed to PEGA, please contact System Administrator
If the other non pega application uses HTTP get method(e.g. window.open("http://PegaURL/prweb/PRServletCustom")) instead of POST the same JAVA code works fine and user are successfully authenticated.
Question: 1. Does pega support HTTP POST for authentication and log in purpose or is that only GET is supported? 2. How does pega engine code populates the pxHTTPServletRequest property ? From the error message it seems when the JAVA code is trying to parse the pxHTTPServletRequest property , it is failing.
Updated: 27 Jan 2021 20:27 EST
Boehringer Ingelheim
JP
@SudiptaB7860
Have you solved this? I am having similar requirement where I need to use POST for authentication for Pega Platform.