Skip to main content


         This documentation site is for previous versions. Visit our new documentation site for current releases.      
 

Authenticating Pega Robot Manager users through Kerberos

Updated on January 31, 2022

Comply with your security policy by configuring Pega Robot Manager operators to use Kerberos to authenticate across multiple applications with a single set of credentials.

Kerberos is an open authentication standard that uses a ticketing system, which provides faster authentication and enables authentication delegation. By using Kerberos, you can dynamically provision operators as they log in to Pega Platform.

To ensure that the communication happens explicitly over HTTP, you can configure Pega Platform to support Kerberos with third-party SPNEGO (Simple and Protected GSSAPI Negotiation Mechanism) libraries, or you can use any other Kerberos validation method to authenticate the traffic to Pega Robot Manager. The following figure provides a Kerberos/SPNEGO authentication mechanism for Pega Robot Manager users:

Authenticating Pega Robot Manager users by using Kerberos with SPNEGO
You can configure Kerberos with SPNEGO libraries to enable the client-server negotiation mechanism when authenticating Pega Robot Manager users.
Note:
  • Pega Robot Manager does not provide the SPNEGO libraries. You must download the libraries separately. For more information, see SPNEGO documentation.
  • You can only authenticate attended robots by using Kerberos.
What to do next: Follow these steps to configure single sign-on authentication through Kerberos for Pega Robot Manager users:
  1. Configuring Pega Robot Manager to use Kerberos authentication

    Configure the RoboticsSSO service packages in Pega Robot Manager to support Kerberos for robot authentication.

  2. Selecting the Kerberos method for authenticating Pega Robot Manager users

    Determine the Kerberos method for authenticating traffic to Pega Robot Manager by configuring the EnableDefaultKerberosAuthenticationForRobotManger dynamic system setting.

  3. Updating the robotics configuration files for single sign-on authentication through Kerberos

    Update the common configuration settings to authenticate attended robots and package publish requests in Pega Robot Manager through Kerberos.

  • Previous topic Updating the robotics configuration files for SSO authentication through OAuth with SAML bearer
  • Next topic Configuring Pega Robot Manager to use Kerberos authentication

Have a question? Get answers now.

Visit the Support Center to ask questions, engage in discussions, share ideas, and help others.

Did you find this content helpful?

Want to help us improve this content?

We'd prefer it if you saw us at our best.

Pega.com is not optimized for Internet Explorer. For the optimal experience, please use:

Close Deprecation Notice
Contact us