System Maintenance Page for OAuth2 configuration
Hello,
Following this great instructional document, https://collaborate.pega.com/discussion/authenticating-pega-miniorange-using-oidc-protocol, (Thank you @Jarek.Cora). I was wondering how one would configure a "System is under maintenance" capability. The
Obviously, you would never want to do that but as you know, unforeseen circumstances happen.
I am trying to determine how/where you could control that (preauthentication check or postauthentication check). I found references to pySSOPreAuthenticationActivity or pySSOPostAuthenticationActivity but all they result in is hard, user unfriendly, message or success. User Consent policy, default, shows user consent to accept going forward and can be accepted but cannot be controlled from the post authentication activity.
And, how would you set the appropriate values to make sure further processing is disabled and the user is presented a more usable friendly message besides, "Login terminated because a post-authentication activity or policy failed."
Using Pega Platform 8.x
thank you
Rob
***Edited by Moderator Marissa to update Platform Capability tags****
Accepted Solution
Updated: 7 May 2020 19:45 EDT
Serialized Solutions Inc
CA
I am glad that I could help out.
Also, that error message that shows up. Thanks to a colleague of mine, he found this activity: pzShowAuthPolicyError. Look at the Java step(step 2, I believe)
The custom error message can be changed with better text for a specific failure by doing a Property-Set in the error handling part of your post-authentication activity as follows:
Param.pyPostAuthErrorFieldLabel = "Error processing request. We were unable to obtain the appropriate token information. Please contact System Adminsitrator"
(it's a localized text of type pyMessageLabel)
cheers!
Inovar
IN
Dear Rob,
for what reasons do we see "Login terminated because a post-authentication activity or policy failed", I'm seeing this error when i configure OPEN ID with post processing activity.
Serialized Solutions Inc
CA
Hi @asmathullashaik
Oh, in learning about this, I saw that way too often. What it means is that your post-authentication activity is doing one of two things.
1. Failing the logic for whatever reason (something missing, not checked in, any number of reasons)
2. More importantly, if your activity is successful, you MUST finish off or have it included in the successful path, the following Java step:
/** This entry needs to be in two spots as parameter passing for this entry results in policy errors thrown by Pega **/ tools.getRequestor().getRequestorPage().putString("pyAuthenticationPolicyResult", "true");
If you don't specifically do this, Pega treats the activity as having failed; regardless if your activity executes properly or not.
If that still doesn't work, you are most likely going to need to trace your request to see what is failing and where.
hope that helps
Rob
Accepted Solution
Updated: 7 May 2020 19:45 EDT
Serialized Solutions Inc
CA
I am glad that I could help out.
Also, that error message that shows up. Thanks to a colleague of mine, he found this activity: pzShowAuthPolicyError. Look at the Java step(step 2, I believe)
The custom error message can be changed with better text for a specific failure by doing a Property-Set in the error handling part of your post-authentication activity as follows:
Param.pyPostAuthErrorFieldLabel = "Error processing request. We were unable to obtain the appropriate token information. Please contact System Adminsitrator"
(it's a localized text of type pyMessageLabel)
cheers!
Serialized Solutions Inc
CA
In Pages & classes, define your Page name and class. Say, MyDataStruct
On step page of a Property-Set, set it to MyDataStruct
in the value part of the Property-Set, specify this: @(Pega-RULES:Page).pxConvertStringToPage(tools, myStepPage, Param.jsonString,"json")
and your MyDataStruct should be populated
or
(learned this from a colleague)
If you don't want to physically create the data structure (as it's temporary), define your MyDataStruct of class type $ANY and the clipboard page will be created and there will be no data structure value validations.
so after running the Property-Set, you could refer to your first property as MyDataStruct.at_hash
hope that helps
Inovar
IN
Dear Rob, Thanks for your response.
I tried with this function already but it didn't work as the page is not in exact json format,
then i wrote some java code like below,
try { Object map = tools.findPage("D_pzSSOAttributes").getObject("pyAttrList");
oLog.error("get class"+map.getClass()+"@@"); Map<String,String> claimsMap = (Map<String, String>) map; myStepPage.putAll(claimsMap); }
{
------
}
after that did the property-set. my step page is TempPage,
@(Pega-RULES:Page).pxConvertStringToPage(tools, Trainings, .Trainings,"json")
it worked!!.