Passing credentials to Pega Authentication via formdata instead of querystring.
We currently use a redirect via one of our other applications to login to pega via SSO using login credentials in querystring. For example
This was brought up as a security finding during one of our recent audits. We are researching how to move the data from querystring to formdata.
Has anyone attempted this? My test have shown that pega does accept formdata parameters but doesn't seem to map them to anything on the clipboard on temporary pages. I am trying to find any other spot where this might be stored.
Keep up to date on this post and subscribe to comments
- How to pass a file and metadata as form-data in Connect-REST post method body
- How to access the querystring parameters outside of authentication activity?
- Use Windows Authentication (Pega Login) credentials to invoke connectors
- After logging in to Pega with respective SSO credentials, How to validate SSO Authentication again performing some action.
- 'querystring' syntax for data-pega-query