Question

PRPCServiceUtils/Jenkins Security Options

I have a client who wants to use LDAP authentication for Jenkins rather than using user accounts with basic Pega authentication for their dev ops jobs. Is that an option? If not, are there other more secure alternatives?

***Edited by Moderator Marissa to update SR Details***

Group Tags

Comments

Keep up to date on this post and subscribe to comments

Pega
October 30, 2019 - 5:06am

Hi Chris,

We can achieve this requirement through the customized code.

Please try the below steps.

  1. Save as the LDAP authentication service in your application ruleset and add step 1 as Java step.

      Add the below Java code:

com.pega.pegarules.priv.authentication.RequestFacade req = (com.pega.pegarules.priv.authentication.RequestFacade)tools.findPage("pxRequestor").getObject("pxHTTPServletRequest");

String authorization = req.getHeader("Authorization");

//String authorization = "YWR0bHNfZGV2X3N2YzpHcmVlbkYhZWxkUHJvZA==";

//oLog.infoForced("Authorization header "+authorization);

if (authorization != null) {

String base64Credentials = authorization.substring("Basic".length()).trim();

     String credentials = Base64Util.decode(base64Credentials);

     final String[] values = credentials.split(":", 2);

     if(values[0].toString() != null && values[1].toString() != null){

       tools.putParamValue("UserIdentifier", values[0].toString());

       tools.putParamValue("Password", values[1].toString());

     }

  // oLog.infoForced("user===>" + tools.getParamValue("UserIdentifier") + "pass===>" + tools.getParamValue("Password"));

}

else{

tools.putParamValue("pyChallenge", PropertyInfo.TYPE_TEXT, PRAuthentication.GENERATED_CHALLENGE_STREAM);

ClipboardPage pg = tools.getRequestor().getRequestorPage();

javax.servlet.http.HttpServletResponse servletResponse = (javax.servlet.http.HttpServletResponse) pg.getObject("pxHTTPServletResponse");

if (servletResponse != null) {

//Set WWW-Authenticate header

String serverName = tools.getRequestor().getRequestorPage().getString("pxReqServer");

if (serverName == null || serverName.length() == 0) {

serverName = "(PegaRULES)";

}

String wwwAuthenticate = "Basic realm="+ serverName;

servletResponse.setHeader("WWW-Authenticate", wwwAuthenticate);

tools.getProperty("pxRequestor.pyHTTPResponseHeaders").getPageValue().putString("pxResultStatus", String.valueOf(401));

}else {

oLog.error("Servlet response not available!");

}

}

  1. Use this activity in your SystemManagement service package

  1. From Jenkins pass the LDAP credentials.
  2. Your application access group should match with the Service access group of service package(SystemManagement)

November 8, 2019 - 8:17am

We are still having issues making that work from PRPC Utils.  Can we get a call set up to go over the issues?