|
|
You can configure your Process Commander system to authenticate users in one of several ways:
The publication 
Authentication in PegaRULES Process
Commander, a document available on the Pega Developer Network,
provides an in-depth description of how authentication works, including
how Process Commander interacts with external authentication
implementations. This document also provides instructions for configuring
each authentication option.
Authentication and timeout activities have the Code-Security class as the Applies To key part. Otherwise, you cannot access the activity on the Service tab of the Authentication Service form.
The standard LDAP authentication and timeout activities are LDAPAuthentication and LDAPAuthenticationTimeout. When you run the Authentication accelerator, it uses these two activities for the generated authentication service.
Process Commander records log-in failures from any requestor type as an instance of the Log-SecurityAudit class. To obtain information about failed log-in attempts, run the standard list view rule named Log-SecurityAudit.ListOfLoginFailures. For each failed attempt, the ListOfLoginFailures report lists the time of the attempt, the server name and IP address of the system the attempt was made from, the Operator ID (if available), and the message that was returned.C-2399 The pyRemoteHost property identifies the workstation or other system attempting log-in, and the pyRemoteID identifies the IP address.
The Process Commander portlet service (based on JSR 168) provides access to a portlet Web application that your developers create. Your portlet application gathers and processes content from Process Commander and displays the content and the processing results in a portlet window on a portal page in a Web browser.
A portal server manages the authentication of its users. Therefore, when a Process Commander portlet is invoked, a user is already identified and there is no reason for that user to identify himself again to Process Commander. The user credentials and identity are available, but this data must be transferred from the portal server to Process Commander. The Process Commander single sign-on feature manages the transfer of credentials.
Single sign-on is implemented through the authentication service
feature. For portlets, single sign-on is implemented by default through a
portlet authentication service named PRPortletService.
When you build portlets, you can use the initially supplied portlet authentication service to manage the identification of the portlet users. To do so, change the default settings to values appropriate for your system and modify the authentication activities as necessary. If the initial portlet authentication service does not meet your needs, you can configure a custom single sign-on or authentication scheme.
For more information, see Building Portlet
Services, a document available on the Pega Developer Network.
If your authentication scheme uses Microsoft's HTTP Negotiation
extension and SPNEGO (Simple and Protected GSS-API Negotiation
Mechanism), see Pega Developer Network article PRKB-24115 How to implement single sign-on using SPNEGO and
JAAS.
|
JNDI, LDAP-based authentication, portlet |
|
About
JNDI Server data instances About Operator ID data instances About Organization Units |
More about Authentication Service data instances
About Authentication
Service data instances