Skip to main content

This content is closed to future replies and is no longer being maintained or updated.
Links may no longer function. If you have a similar request, please write a new post.

Question

 Adrian C (AdrianC0584)
Accenture

Accenture
SG
AdrianC0584 Member since 2017 2 posts
Accenture
Posted: Mar 23, 2018
Last activity: Apr 10, 2018
Posted: 23 Mar 2018 12:02 EDT
Last activity: 10 Apr 2018 6:02 EDT
Closed
Solved

Unable to connect to Pega PRWebLDAP1 if operator account does not exist

Hi,

I'm trying to configure LDAP authentication to login to Pega. I've come to a stage that I am able to login Users in the correct OU to connect to Pega via LDAP authentication, provided I have created their operator accounts.

I've created a Model User in LDAP as well as an Operator ID.

I set AuthenticationLDAPTimeout for Timeout activity and AuthenticationLDAPTimeout for Authentication activity.

How can I allow a user without an operator ID to login to Pega and take after the Model User's template?

Thank you.

To see attachments, please log in.
System Administration

Posted: 6 years ago
Posted: 23 Mar 2018 12:16 EDT
Mohammad Asif Hasan (Mohammad_Asif_Hasan)
EPAM Systems, Inc.
Mohammad Asif Hasan
EPAM Systems, Inc.
ES

Hi AdrianC0584,

Thanks for posting on PSC.

I was going through an article on PDN with the similar use-case.It has detailed implementation information. Please read it once as well.

Possible Solution:

PRCUSTOM - For LDAP authentication (Use Externally Stored Credentials)

PRCUSTOM - For standard login for admin users. (Use Credential Stored in PegaRULES)

There is a setting on the Data-Admin-AuthService on the Custom tab for "Source of Operator Credentials" that can be set to "Use Credential Stored in PegaRULES" or "Use Externally Stored Credentials". This will allow you to separate your two authentication types while having greater control on the admin logins. The admin users can still have passwords kept in PRPC and the login activity is very simple.

Hope it help, kindly notify if it does by marking this post as answered.

Regards,

Asif

To see attachments, please log in.
Posted: 6 years ago
Posted: 25 Mar 2018 11:15 EDT
Adrian C (AdrianC0584)
Accenture

Accenture
SG

Hi Asif,

Thanks for your reply. 

"There is a setting on the Data-Admin-AuthService on the Custom tab for "Source of Operator Credentials" that can be set to "Use Credential Stored in PegaRULES" or "Use Externally Stored Credentials" -> May I know where can I find this Custom Tab in the Data-Admin-AuthService? The closest I could find was Operator ID > Security Tab > Use External Authentication.

I'm using Pega 7.3.1. In the Class Data-Admin-AuthService, I see the following tabs, as attached. Thank you.

 

 

 

 

To see attachments, please log in.
Posted: 6 years ago
Posted: 25 Mar 2018 22:27 EDT
Adrian C (AdrianC0584)
Accenture

Accenture
SG

Hi Asif,

I found the "Use Externally Stored Credentials" in the Custom tab of PRWebLDAP1 instead. I guess my authentication settings are correct? 

I'm looking at my Mapping attributes. I have to set "ou" in 2 of the attributes. Is this feasible? This is because in Microsoft AD, my DN values are OU=xxx, OU=xxx. Have attached this as well. 

To see attachments, please log in.

Accepted Solution

Posted: 6 years ago
Posted: 10 Apr 2018 6:01 EDT
Lochana Durgada Vijayakumar (Lochan_DV)
PEGA
Senior Manager, Knowledge Management
Pegasystems Inc.
IN

Hello,

@AdrianC0584 let us know that they have managed to resolve this issue by controlling access to Pega by manually creating Operator IDs for users.

Thanks!

To see attachments, please log in.

We'd prefer it if you saw us at our best.

Pega Collaboration Center has detected you are using a browser which may prevent you from experiencing the site as intended. To improve your experience, please update your browser.

Close Deprecation Notice