Application URL patterns for various authentication service types
Authentication services other than Custom and Kerberos use the PRAuth servlet by default. However, for backward compatibility with earlier versions of Pega Platform, you can authenticate by explicitly specifying PRServlet in the application URL instead of PRAuth, or by removing the servlet name.
Web logins are in the format https://
<hostname> :
<port> /
<context> /
<servlet
name> . The following table shows the context and servlet portions
of the URL for various authentication service types, for various releases of Pega Platform.
Authentication type | URL pattern for 8.2 and later | URL pattern prior to 8.2 |
Authentication service selection screen (if more than one service exists), or default authentication (if only Platform Authentication service exists) | /prweb/PRAuth (8.1 and later) | Not available prior to 8.1 |
Default platform authentication | See listing for Basic credentials service type | /prweb or
/prweb/PRServlet |
Basic credentials and Anonymous authentication services | /prweb/PRAuth/pega | Not available |
OpenID Connect and SAML 2.0 authentication services | /prweb/PRAuth/<service
alias> | /prweb/PRAuth/<service
alias> or for SAML in 7.x,
/prweb/sso* |
Custom authentication service | /prweb/<as configured in
web.xml> | /prweb/<as configured in
web.xml> |
Kerberos authentication service | /prweb/PRWebKerberos (The default servlet name
can be replaced with a different servlet name.) | /prweb/PRWebKerberos (The default servlet name
can be replaced with a different servlet name.) |
Container-based authentication | /prweb/PRServletContainerAuth (The default
servlet name can be replaced with a different servlet name.) | /prweb/PRServletContainerAuth (The default
servlet name can be replaced with a different servlet name.) |
Customizing the PRAuth servlet name
To
customize the PRAuth servlet name that appears in the authentication URL, add code
similar to the following example to your web.xml
file. Do not
remove the existing PRAuth
mapping.
<servlet-mapping>
<servlet-name>PRAuth</servlet-name>
<url-pattern>/PRAuth</url-pattern>
</servlet-mapping>
If you customize the PRAuth servlet name that appears in the authentication URL, you will need to create a dynamic system setting. The authorization code flow always uses PegaAuthentication type, therefore modifying the URL pattern means you must manually change the activity.
You will need to create a dynamic system setting with the following attributes:
Purpose - pegaauthentication/servletnname.
Ruleset – Pega-IntegrationEngine.
Value - By default, this value should be PRAuth.
For more information, see Creating a dynamic system setting.Previous topic Authentication services and security policies Next topic Adding custom error messages in a post-authentication activity