Skip to main content

         This documentation site is for previous versions. Visit our new documentation site for current releases.      

This content has been archived and is no longer being updated.

Links may not function; however, this content may be relevant to outdated versions of the product.

Authentication in PRPC

Updated on September 10, 2021

This presentation is part of the Authentication Overview Self-Study Course.


There is an excellent 100+ page tech note on the PDN titled Authentication in PegaRULES Process Commander.  This tech note describes five different ways for authentication in a PegaRULES-based application.

In a native PRPC solution, internal authentication is accomplished using plain text or via secure socket layer.  This option is rarely used in a production environment.  Why not?  Because it would require maintaining the PRPC security database separately, and to keep the PRPC Operator ID’s and passwords in sync as they are added, deleted, and changed in the corporate security repository.

In a Web Access Managementsolution, PegaRULES is deployed as a web application and accessed via an Internet browser.  The URL of the PRPC Servlet can be protected using any off-the-shelf Web Access Management solution such as Tivoli Access Manager or CA eTrust SiteMinder.

In a Container-managed solution, PRPC runs inside the servlet container of commercial application servers such as IBM WebSphere or BEA WebLogic.  IBM and BEA have implemented their own specific version of the Java Authentication and Authorization Service (JAAS) standard to provide container-managed security.  PRPC applications can easily “piggy back” on this form of security.

In a custom corporate solution, corporations may have developed their own centralized Sign-In application that provides a unified way to authenticate with a corporate LDAP directory.  Such a sign-in application also typically implements corporate password policies by enforcing password strengths and password expiration, and provides a way to reset the password in case a user has forgotten it.

The last three options are used in one form or the other and will be discussed in more detail.

Have a question? Get answers now.

Visit the Support Center to ask questions, engage in discussions, share ideas, and help others.

Did you find this content helpful?

Want to help us improve this content?

We'd prefer it if you saw us at our best. is not optimized for Internet Explorer. For the optimal experience, please use:

Close Deprecation Notice
Contact us