Skip to main content

This content is closed to future replies and is no longer being maintained or updated.
Links may no longer function. If you have a similar request, please write a new post.

Question

 Rajasekhar U (RajasekharU0829)
CGI

CGI
IN
RajasekharU0829 Member since 2013 102 posts
CGI
Posted: Jun 30, 2016
Last activity: Oct 4, 2018
Posted: 30 Jun 2016 6:15 EDT
Last activity: 4 Oct 2018 13:54 EDT
Closed
Solved

Urgent: How to log IP address of user trying to login the system from SSO

Hi,

We have user story to log the IP address of user trying to login the system using SSO.

It should capture for success and failure login attempt.

How can we get IP address of user trying to login the system in SSO activity.

Thanks in Advance!

Best Regards

U Rajasekhar


**Moderation Team has archived post**


This post has been archived for educational purposes. Contents and links will no longer be updated. If you have the same/similar question, please write a new post.

To see attachments, please log in.
Security

  • Guangri Liang

Accepted Solution

Posted: 8 years ago
Updated: 8 years ago
Posted: 25 Jul 2016 9:31 EDT
Updated: 25 Jul 2016 9:32 EDT
Chris Koyl (ChrisKoyl)
PEGA
Senior Fellow, Technical Support, Runtime Engine
Pegasystems Inc.
US

Hi,

In your SSO authentication activity you can access a HTTPServletRequest facade object and access HTTP Request headers and general request object methods. This can be used to get the client IP address. However, it depends on other infrastructure in place between the client browser and PRPC.

It's very unlikely that you will have clients connecting right to the PRPC JVM. You will probably have many JVM nodes and web servers and load balancers in front of PRPC. For example:

Browser->Cisco F5->Web Server(More than 1)->PRPC Node(More than 1)

What you don't want to get is the IP address of the middleware components between the client browser and PRPC.

For example:

request.getRemoteAddr()

This will return the IP address of the incoming connection that could be the web server or load balancer IP address.  In the example above the getRemoteAddr method would return the IP address of the web server.

As the middleware components route the traffic to the JVM they can and usually will add a HTTP header containing the client ip address.

Update your login activity and the following code to a new Java step right at the top of the activity:

Show More

Hi,

In your SSO authentication activity you can access a HTTPServletRequest facade object and access HTTP Request headers and general request object methods. This can be used to get the client IP address. However, it depends on other infrastructure in place between the client browser and PRPC.

It's very unlikely that you will have clients connecting right to the PRPC JVM. You will probably have many JVM nodes and web servers and load balancers in front of PRPC. For example:

Browser->Cisco F5->Web Server(More than 1)->PRPC Node(More than 1)

What you don't want to get is the IP address of the middleware components between the client browser and PRPC.

For example:

request.getRemoteAddr()

This will return the IP address of the incoming connection that could be the web server or load balancer IP address.  In the example above the getRemoteAddr method would return the IP address of the web server.

As the middleware components route the traffic to the JVM they can and usually will add a HTTP header containing the client ip address.

Update your login activity and the following code to a new Java step right at the top of the activity:

javax.servlet.http.HttpServletRequest request =    (javax.servlet.http.HttpServletRequest)tools.getRequestor().getRequestorPage().getObject("pxHTTPServletRequest");
/* Debug only, comment out when done testing */
oLog.infoForced("Incoming headers for login:");
java.util.Enumeration e = request.getHeaderNames();
String header = null;
while (e.hasMoreElements()) {
      header = (String) e.nextElement();
      oLog.infoForced(header + ": " + request.getHeader(header));      
}

This will output to the logfile all the HTTP headers of the incoming request.

Make sure the login activity is checked in and test the login. 

Get the logfiles and look to see if you have the  client IP address contained in one of the headers?

Yes:

Easy, you just need to get the header value. Not sure what you need to do with it so just putting it in a local variable defined in the activity.

  1. Define a local string variable on the Parameters tab of the activity: clientIP

  2. Comment out the logging for the output of all header.

  3. Set clientIP from the http header:

javax.servlet.http.HttpServletRequest request =    (javax.servlet.http.HttpServletRequest)tools.getRequestor().getRequestorPage().getObject("pxHTTPServletRequest");
/* Debug only, comment out when done testing 
oLog.infoForced("Incoming headers for login:");
java.util.Enumeration e = request.getHeaderNames();
String header = null;
while (e.hasMoreElements()) {
      header = (String) e.nextElement();
      oLog.infoForced(header + ": " + request.getHeader(header));      
}
*/

clientIP = request.getHeader(“<headerName>”);

Now you can you use this variable for other processing in the activity. (Local.clientIP)

No:

If you don’t see a header with the client value then it's time to send an email to the owners of the middleware components and ask them to add the client IP address to a HTTP header. It’s important that you contact the right team. In the example above you would need to contact the Cisco F5 admin to get the client IP added. Why? Because it’s the first middleware component the browser talks to.

 

Hope this helps.


Show Less
To see attachments, please log in.
Posted: 8 years ago
Posted: 1 Jul 2016 9:32 EDT
Santanu Bhattacherjee (Santanu) Senior Manager, Cloud Engineering, Management Plane Services
Pegasystems Inc.
IN

Hello

For successful log in we can definitely find out the client IP address from clipboard page.

pxRequestor.pxReqRemoteAddr or pxRequestor.pxReqRemoteHost can give you the client IP add.

However, i am not sure how to track the IP address for failed log in ?

Rajeev Ranjan any thoughts ?

To see attachments, please log in.
Posted: 8 years ago
Posted: 1 Jul 2016 9:43 EDT
Rajeev Ranjan (ranjr)
PEGA
Principal Technical Solutions Engineer
PEG
PL

For failed case also, we can get that but we have to extract from the authentication activity. We could log that value then and there.

To see attachments, please log in.
Posted: 8 years ago
Posted: 1 Jul 2016 9:50 EDT
Rajasekhar U (RajasekharU0829)
CGI

CGI
IN

Hi Rajeev

Can you share

  1. the code to get IP address in SSO authentication activity.
  2. After which step in SSO authentication activity we have to write the code.

Thanks & Regards

U Rajasekhar

To see attachments, please log in.
Posted: 8 years ago
Posted: 9 Jul 2016 2:24 EDT
Rajasekhar U (RajasekharU0829)
CGI

CGI
IN

I am not getting IP address in SSO authentication activity.

Can someone guide us

  1. the code to get IP address in SSO authentication activity.
  2. After which step in SSO authentication activity we have to write the code.

Thanks & Regards

U Rajasekhar

To see attachments, please log in.
Posted: 8 years ago
Posted: 23 Jul 2016 0:21 EDT
Rajasekhar U (RajasekharU0829)
CGI

CGI
IN

I am not getting IP address in SSO authentication activity.

Can someone guide us

  1. the code to get IP address in SSO authentication activity.
  2. After which step in SSO authentication activity we have to write the code.

Thanks & Regards

U Rajasekhar

To see attachments, please log in.

Accepted Solution

Posted: 8 years ago
Updated: 8 years ago
Posted: 25 Jul 2016 9:31 EDT
Updated: 25 Jul 2016 9:32 EDT
Chris Koyl (ChrisKoyl)
PEGA
Senior Fellow, Technical Support, Runtime Engine
Pegasystems Inc.
US

Hi,

In your SSO authentication activity you can access a HTTPServletRequest facade object and access HTTP Request headers and general request object methods. This can be used to get the client IP address. However, it depends on other infrastructure in place between the client browser and PRPC.

It's very unlikely that you will have clients connecting right to the PRPC JVM. You will probably have many JVM nodes and web servers and load balancers in front of PRPC. For example:

Browser->Cisco F5->Web Server(More than 1)->PRPC Node(More than 1)

What you don't want to get is the IP address of the middleware components between the client browser and PRPC.

For example:

request.getRemoteAddr()

This will return the IP address of the incoming connection that could be the web server or load balancer IP address.  In the example above the getRemoteAddr method would return the IP address of the web server.

As the middleware components route the traffic to the JVM they can and usually will add a HTTP header containing the client ip address.

Update your login activity and the following code to a new Java step right at the top of the activity:

Show More

Hi,

In your SSO authentication activity you can access a HTTPServletRequest facade object and access HTTP Request headers and general request object methods. This can be used to get the client IP address. However, it depends on other infrastructure in place between the client browser and PRPC.

It's very unlikely that you will have clients connecting right to the PRPC JVM. You will probably have many JVM nodes and web servers and load balancers in front of PRPC. For example:

Browser->Cisco F5->Web Server(More than 1)->PRPC Node(More than 1)

What you don't want to get is the IP address of the middleware components between the client browser and PRPC.

For example:

request.getRemoteAddr()

This will return the IP address of the incoming connection that could be the web server or load balancer IP address.  In the example above the getRemoteAddr method would return the IP address of the web server.

As the middleware components route the traffic to the JVM they can and usually will add a HTTP header containing the client ip address.

Update your login activity and the following code to a new Java step right at the top of the activity:

javax.servlet.http.HttpServletRequest request =    (javax.servlet.http.HttpServletRequest)tools.getRequestor().getRequestorPage().getObject("pxHTTPServletRequest");
/* Debug only, comment out when done testing */
oLog.infoForced("Incoming headers for login:");
java.util.Enumeration e = request.getHeaderNames();
String header = null;
while (e.hasMoreElements()) {
      header = (String) e.nextElement();
      oLog.infoForced(header + ": " + request.getHeader(header));      
}

This will output to the logfile all the HTTP headers of the incoming request.

Make sure the login activity is checked in and test the login. 

Get the logfiles and look to see if you have the  client IP address contained in one of the headers?

Yes:

Easy, you just need to get the header value. Not sure what you need to do with it so just putting it in a local variable defined in the activity.

  1. Define a local string variable on the Parameters tab of the activity: clientIP

  2. Comment out the logging for the output of all header.

  3. Set clientIP from the http header:

javax.servlet.http.HttpServletRequest request =    (javax.servlet.http.HttpServletRequest)tools.getRequestor().getRequestorPage().getObject("pxHTTPServletRequest");
/* Debug only, comment out when done testing 
oLog.infoForced("Incoming headers for login:");
java.util.Enumeration e = request.getHeaderNames();
String header = null;
while (e.hasMoreElements()) {
      header = (String) e.nextElement();
      oLog.infoForced(header + ": " + request.getHeader(header));      
}
*/

clientIP = request.getHeader(“<headerName>”);

Now you can you use this variable for other processing in the activity. (Local.clientIP)

No:

If you don’t see a header with the client value then it's time to send an email to the owners of the middleware components and ask them to add the client IP address to a HTTP header. It’s important that you contact the right team. In the example above you would need to contact the Cisco F5 admin to get the client IP added. Why? Because it’s the first middleware component the browser talks to.

 

Hope this helps.


Show Less
To see attachments, please log in.

We'd prefer it if you saw us at our best.

Pega Collaboration Center has detected you are using a browser which may prevent you from experiencing the site as intended. To improve your experience, please update your browser.

Close Deprecation Notice