Question

Displaying Login Page for SSO Login

Hi,

We are using SSO Login for our application. But still users are routed to the Pega Login Page Screen even after providing the correct SSO Details. Can you please help on what are the changes to be made to skip pega login page while logging with SSO specified service url-pattern.

Thanks,
Varun

***Edited by Moderator Marissa to update platform capability tags****

Comments

Keep up to date on this post and subscribe to comments

Pega
February 25, 2019 - 1:34pm

If you configured your SSO in Pega using Authentication Service, your end-users need to login by accessing the URL listed as "Login URL" in the authentication service configuration. This URL typically has the format https://{host}/prweb/PRAuth/{alias} where alias is the name you gave to the authentication service. Going to this URL would redirect users to the Idenity  Provider login page instead of Pega login.

Note: If your SSO solution does not use Authentication Service, please disregard this tip.

February 26, 2019 - 4:05am
Response to Jarek.Cora

Hi Cora,

Thanks for the quick response.

We are using Authentication Service and the users are logging using the URL listed in the authentication service. As you mentioned Going to this URL users are also redirected to the Identity  Provider login page and on providing details there, we are redirected back to PEGA login page. (it should actually take us to the portal but we are redirected to the pega login page in our case).
 

I have checked the Authentication service activities (Time out activity and Authentication activity). But I don’t see anything related to skipping login screen in those activities

So my question is where are we specifying that it should skip the PEGA login page when I am using SSO Authentication Service or is there a way to trace this ?

Thanks,

Varun

Pega
February 26, 2019 - 9:13am
Response to VarunC72

Hi Varun,

You are correct, after successful login to Identity Provider, the user should be redirected to a portal and not to Pega login page.

If you are using OpenID Connect (OIDC) protocol for SSO, then the first thing to check is configuration of your Identity Provider, in particular the value of  "Redirect URI". This should match the redirect URI in your Authentication Service.

If you are using SAML protocol for SSO, you should make sure that "Assertion Consumer Service (ACS)" in your  Identity Provider matches the "Assertion Consumer Service (ACS)" in your Authentication Service.

February 28, 2019 - 5:54am
Response to Jarek.Cora

Hi Cora,

We are using "Custom" Authentication Service type and i don't think we will have either "Redirect URL" or "ACS" mentioned anywhere in Custom Service Type.

 

Pega
February 28, 2019 - 6:24am
Response to VarunC72

Unfortunately the only use of "Custom" Authentication Service I'm aware of is when credentials are entered in Pega login screen and then verified against some external directory of users, for example LDAP / ActiveDirectory. I have no experience with using "Custom" Authentication Service in a scenario when credentials are entered  in an external Identity Provider and do not reach Pega. 

Maybe other community members can help here.