Securely authenticating in Deployment Manager
Deployment Manager 5 now supports an OAuth 2.0 token-based authentication process for a more secure operator experience within the orchestrator and candidate environments. This authentication and authorization model provides many benefits, including the ability to audit user operations within Deployment Manager, as all actions are now connected to an operator ID instead of a generic authentication profile, such as DMReleaseAdmin.
Keystore and truststore setupEnabling encryption between nodes secures the data that is transferred across nodes so that an unauthorized host cannot access the data. Create a keystore.jks for the private key and the associated certificate or certificate chain. Ensure that you have your keystore.jks and truststore.jks files readily available for upload before beginning this step.
Ensure that you save the alias and passwords used to create the JKS files as they are used to setup Deployment Manager. For more information on creating these files, see Creating the keystore.jks and truststore.jks files.
Deployment Manager establishes secure token-based communication with the Deployment Manager Service APIs. The key store and trust store configuration is setup to ensure the portal functions correctly.
On the orchestrator:
- In the navigation pane of Dev Studio, click .
- Open the DMKeyStore rule to upload the keystore and update the keystore password.
- Click Save.
- To enable communication from Deployment Manager:
- From Dev studio, open Token Profile from the Records menu and Security sub menu.
- Open the DeploymentManagerClientJWTProfile token profile rule.
- Under the Security section, ensure that the keystore refers to DMKeyStore.
- Update the alias that you defined when creating the keystore, and update the password to the password that you set when setting up the truststore.
- Click Save.
- To establish communication between non-trusted systems:
- Create and configure the DMKeyStore as you did on the orchestrator.
- Update PegaDeploymentManagerIntegrations TrustStore dynamic system setting to DMKeyStore.
- What should I do if deployments are stuck INPROGRESS with
java.lang.IllegalArgumentException: Empty keyerror in the logs?
- This is a known issue in Pega Platform 8.5.2 related to
OAuth 2.0. As a workaround, perform the following steps.
Note: This has been resolved in Pega Platform 8.5.2 as part of Hotfix-69607.
- Log in to Deployment Manager with the SUPERADMIN role.
- From the navigation pane, click .
- Open DeploymentManagerClient client registration.
- Click Revoke access and refresh token.
- This is a known issue in Pega Platform 8.5.2 related to OAuth 2.0. As a workaround, perform the following steps.
Previous: Setting up candidate environments
Previous topic Setting up candidate environments Next topic Configuring an application