Skip to main content


         This documentation site is for previous versions. Visit our new documentation site for current releases.      
 

Configuring login using a custom authentication service

Updated on June 30, 2021

Specify the appropriate fields based on how users will be authenticated in the custom authentication service. If using a directory, specify binding information for your directory. To access this service, you will also need to specify the activities used to validate user credentials, the alias name, and alias URL pattern.

  1. In the navigation pane of Dev Studio click RecordsSysAdminAuthentication Service.
  2. Select an existing custom authentication service from the instance list, or create a custom authentication service.
  3. Click the Service tab.
  4. In the Login configuration section:
    1. In the Authentication service alias field, enter the application service alias you want to use for this Authentication service.

      The Authentication service alias is used for hitting the authorization endpoint.

      For example: Enter ClientLogin in the Authentication service alias field.
    2. In the URL pattern field, enter the servlet name mapped in web.xml for this authentication service.

      In this example, when viewing the web.xml, the LDAP authentication service has the PRWebLDAP1 servlet, which is mapped to the WebLDAP1 authentication service.

      For example: Enter WebLDAP1 in the URL pattern field and the following URL will generate Login URL: https://company.com/prweb/PRWebLDAP1
  5. In the Custom Authentication Activity section, in the Authentication Activity field, press the Down Arrow key and select the authentication activity.
    The activity must have Code-Security as the Applies To key part.
    Note: In this example, you would select the AuthenticationLDAP activity because this is for an LDAP authentication. However, you could create your own activity to support a custom authentication service, then select it here.
  6. In the JNDI Binding Parameters section, in the Initial context factory field, enter the Java class name of the JNDI initial context factory that you want to use to connect to the directory server, for example, enter com.sun.jndi.ldap.LdapCtxFactory.
  7. In the Directory field, enter an explicit URL or a JNDI entry that represents a directory located on the LDAP server. This approach enables you to relocate servers without having to reconfigure the application.
    For an explicit URL, use the following format: ldap[s]://[ servername ]:[ portnumber ] .
    For a JNDI entry, the syntax is dependent upon the server environment.
  8. In the Trust store field, press the Down Arrow key and select the truststore record that contains the server certificates.
  9. In the Bind distinguished name field, enter the credentials of the bind user who is allowed to search the directory tree for the credentials of a user who is attempting to log in.
    The standard LDAP authentication activities authenticate with the directory server as this user so it can then search the directory for users.
  10. To enter a password for the bind user, click Set Bind Password.
  11. In the Search Parameters section, in the Directory context field, enter the directory context that defines the branch in the Directory Information Tree (DIT) that holds information about the users who can be authenticated by this authentication server. For example, enter OU=people, DC=yourco, DC=com.
  12. Click Save.
  13. To check the connectivity to the server and verify that the configuration JNDI binding parameters are correct, click Test connectivity.
  • Previous topic Configuring custom or Kerberos login authentication
  • Next topic Identifying the operator for custom authentication services

Have a question? Get answers now.

Visit the Support Center to ask questions, engage in discussions, share ideas, and help others.

Did you find this content helpful?

Want to help us improve this content?

We'd prefer it if you saw us at our best.

Pega.com is not optimized for Internet Explorer. For the optimal experience, please use:

Close Deprecation Notice
Contact us