What is the best way to authenticate a call to an activity from html form?
Hi All - I have couple of scenarios where I have to call pega activity from html form directly to create a case. This html form is available to all the users of a department on sharepoint but not all users are operators in pega. I am having hard time to decide how to implement authentication around it before executing activity. I thought of using a common ID irrespective of whoever submits the form but in that case I have to store corresponding password in plain text either in html form or in pega which is never a good practice. Any suggestion would be highly appreciated.
Accepted Solution
Pegasystems Inc.
JP
Hope this article helps
https://pdn.pega.com/user-interface/how-to-create-snapstart-urls-for-desktop-integration
JPMC
US
Thank you Chunzhi for this link!! This is what I am looking for. After going through this article it seems its applicable for 5.x I am not sure, First if this approach of using base 64 encoded password will work in pega 7.x because here password are hashed and salted using MD5/SHA-1/256. Secondly password in query string is also not good Idea. Someone commented on article that if we use external authentication like SSO then we can use PRServletContainerAuth. Can you please provide some document around how and when to use PRServletContainerAuth?
Pegasystems Inc.
JP
Pega7 supports snap start and SSO based authentication, however implementation details are highly depends on the SSO softwares you are using. Below is only one example.
https://pdn.pega.com/security/how-to-implement-single-sign-on-using-spnego-and-jaas
JPMC
US
Thank you Chunzhi for your help! I tried SnapStart approach and this seems working fine with pepa 7.x as you already mentioned. But my security team does not want anything related to id or password in query string or hidden variables. we are planning for SSO in future early next year. For now I am thinking to go for Auth key approach and will see if it works.