Skip to main content

         This documentation site is for previous versions. Visit our new documentation site for current releases.      

Testing login authentication services

Updated on March 15, 2022

You can test and debug an authentication service in a development or staging environment by setting the appropriate log level.

  1. Set the logger to debug. For performance and security reasons, do not use this setting in a production environment.
    • For a SAML authentication service, the logger is com.pega.pegarules.integration.engine.internal.util.PRSAMLv2Utils.
    • For an OIDC authentication service, the loggers are:
      • com.pega.pegarules.integration.engine.internal.auth.oidc.NimbusOIDCClientHandler
      • com.pega.pegarules.integration.engine.internal.auth.oidc.OIDCClientHandler
  2. Optional: For an OIDC authentication service, get the claim values by using remote tracing.
    1. Open a browser window to the application login screen and proceed to the login screen for your identity provider. Do not log in yet.
    2. In a separate browser window for Dev Studio, do the following steps:
      1. In the developer toolbar, click Tracer.
      2. From the Tracer dialog, click Settings, and under Pages to Trace, enter D_pzSSOAttributes. Click Add, and then click OK.
      3. From the Tracer dialog, click Remote Tracer, select the ID of the unauthenticated requestor, and click OK.
  3. Attempt to log in by authenticating with the identity provider.
  4. Examine the console log by clicking ConfigureSystemOperationsLogsLog files and selecting the Pega log.
  5. Use a third-party tool to decode the Base64-encoded assertion from the log.
  • Previous topic Mapping additional operator information for custom or Kerberos authentication services
  • Next topic Transport Layer Security (TLS) best practices

Have a question? Get answers now.

Visit the Support Center to ask questions, engage in discussions, share ideas, and help others.

Did you find this content helpful?

Want to help us improve this content?

We'd prefer it if you saw us at our best. is not optimized for Internet Explorer. For the optimal experience, please use:

Close Deprecation Notice
Contact us