SSO, SPNEGO and IBM WebSphere
Our team is currently working with Pega 8.4.2 and IBM WebSphere and we are implementing SSO using the SPNEGO filter and mechanisms provided by IBM WebSphere. We cannot use the SourceForge SPNEGO filter (as eluded to in Pega web.xml file) because it does not work with the IBM JDK, this is because of settings that are needed that are not supported in the login.conf file rekated to class com.ibm.security.auth.module.Krb5LoginModule. We have a custom Authentication Service that relies on the user's token being available on the Servlet, ie:
javax.servlet.http.HttpServletRequest request
= (javax.servlet.http.HttpServletRequest)tools.getRequestor().getRequestorPage().getObject("pxHTTPServletRequest");
userName = request.getRemoteUser();
We are seeing the username coming over in the logs but we seem to be missing something in IBM WebSphere or in our Pega code or Pega web.xml to finalize our solution. We met with a people from Pega a few weeks ago and I think we are headed on the right track, we would just like some guidance on how we are doing things with Pega 8.4 and IBM WebSphere.