Substitute a third-party service
Third-party CAPTCHA services provide extensive user guidance: review the documentation of the service you wish to use.
Here is how to implement Google's reCAPTCHA service (http://www.google.com/recaptcha) on your Pega Platform login page in place of SimpleCaptcha.
- Obtain an account for the third-party service. As reCAPTCHA is now part of Google, you must use a (free) Google account to access reCAPTCHA.
- Create a reCAPTCHA key. By default, the reCAPTCHA key is restricted to a domain you associate; however, this poses problems as the domain for Pega Platform in development may be different from its domain in the testing environment and from where it is deployed in production. Choose a global key that is not tightly tied to a domain.
- The key is in two parts, a public key and a private key. The public key is used in the code in the Pega Platform login screen; the private key is what Pega Platform shares with the reCAPTCHA server.
- Customize the required rules:
- pyCustomCaptchaHead:
This HTML fragment rule contains the scripts that are embedded in the <head> tag of the login page (Web-login.htm). For reCAPTCHA add the following:
<style> #recaptcha_widget { background: none repeat scroll 0 0 #FFFFFF; border: 1px solid #97C7E7; margin: 16px; padding: 10px; } #recaptcha_widget a { margin: 5px 0px; color: #31669A; text-decoration: none; } #recaptcha_widget a:hover { text-decoration: underline; } </style> <script type="text/javascript"> var RecaptchaOptions = { theme : 'custom', custom_theme_widget: 'recaptcha_widget' }; </script> Refer to the reCAPTCHA website to see the other themes you can choose instead of "custom".
- pyCustomCaptchaBody:
This HTML fragment rule contains the custom code to send the public key to the third-party server. For reCAPTCHA add the following. Include the registered public key you received in the two lines indicated:
<div id="recaptcha_widget" style="display:none"> <div id="recaptcha_image"></div> <div class="recaptcha_only_if_incorrect_sol" style="color:red">Incorrect please try again</div> <span class="recaptcha_only_if_image">Enter the words above: </span> <span class="recaptcha_only_if_audio">Enter the numbers you hear:</span> <input type="text" id="recaptcha_response_field" name="recaptcha_response_field" /> <div style="padding: 10px; text-align: center; font-family: tahoma; font-size: 11px;"><a href="/javascript:Recaptcha.reload()">Reload CAPTCHA | <a href="/javascript:Recaptcha.switch_type('audio')" class="recaptcha_only_if_image">Get an audio CAPTCHA</a><a class="recaptcha_only_if_audio" href="/javascript:Recaptcha.switch_type('image')">Get an image CAPTCHA</a> | <a href="/javascript:Recaptcha.showhelp()">Help</a> </div> </div> <script type="text/javascript" src= "http://www.google.com/recaptcha/api/challenge?k=YourPublicKey"> </script> <noscript> <iframe src= "http://www.google.com/recaptcha/api/noscript?k=YourPublicKey" height="300" width="500" frameborder="0"></iframe> <br /> <textarea name="recaptcha_challenge_field" rows="3" cols="40"> </textarea> <input type="hidden" name="recaptcha_response_field" value="manual_challenge"> </noscript>
- pyValidateCustomCaptcha:
When the user enters login credentials and a CAPTCHA answer and clicks the Login button, the system passes the parameters submitted on the login screen, plus other parameters the service requires, to this activity. For reCAPTCHA, the additional parameters are recaptcha_challenge_field and recaptcha_response_field, referenced in pyCustomCaptchaBody. The activity connects to the third-party server to verify whether the user's response matches the CAPTCHA challenge. If they match, the activity sets the value of pyIsValidCaptcha to true; otherwise the activity sets it to false. On the Parameters tab, select pyIsValidCaptcha:
- On the Steps tab in Step 1, set a parameter and four
properties in the class Code-Security to hold connector-related
information.
Property Value param.pyFailMessage "" pyPrivateKey Provide the registered private key you obtained. pyResponseCaptcha param.recaptcha_response_field pyChallenge param.recaptcha_challenge_field pyRemoteip pxRequestor.pxReqRemoteAddr - Provide the private key you obtained from the third-party service as the value for .pyPrivateKey.
- In Step 2, invoke pyCustomCaptchaConnector (see below):
- In Step 3, set pyIsValidCaptcha, making sure the precondition (pyUserIdentifier is present) is enabled:
- On the Steps tab in Step 1, set a parameter and four
properties in the class Code-Security to hold connector-related
information.
- pyCustomCaptchaConnector:
The connector connects to the ReCAPTCHA service to verify the CAPTCHA answer. This is required for reCAPTCHA; other third-party solutions may have differing requirements. On the Service tab, fill in the fields as follows:
Field Value Endpoint URL Provide the URL your third-party service specifies. For reCAPTCHA, enter http://www.google.com/recaptcha/api/verify HTTP Method POST HTTP Version Select the version your third-party service specifies. For reCAPTCHA, select 1.1. Allow Redirects Selected Response Timeout 0000 Status Value Property .pyStatusValue Status Message Property .pyStatusMessage Error Handler Flow Connection Problem Intended for Immediate execution On the Request tab, set the query string parameters:
Name Map From Map From Key privatekey Clipboard pyPrivateKey remoteip Clipboard pyRemoteip challenge Clipboard pyChallenge response Clipboard pyResponseCaptcha On the Response tab, map the response from the service to the property pyUserIdentifier on the clipboard.
When all modifications are complete, the login page uses reCAPTCHA instead of SimpleCaptcha.
Your third-party CAPTCHA solution may allow for extensive customizations. For reCAPTCHA, customization information is available at https://developers.google.com/recaptcha.
- pyCustomCaptchaHead:
Previous topic Substituting another service for the default CAPTCHA Next topic Substitute a solution developed in-house