Question

Read HTTPHeaderRequest

We are trying to capture the users unique identifier so that we can log the user into the application as the X509 certificate's unique ID (ten digit number).

We have configured Tomcat with a secure key store and trust store where the system prompts for the user's certificate and PIN. The browser passes the attributes to the application in the HTTPHeaderRequest; however, I cannot get the Pega code to read the http header request object.We have the following java code in our authentication activity (called from /PRWebLDAP1).

The output from the code below is the following:

111
222
444
Request is not null
Request = com.pega.pegarules.priv.authentication.RequestFacade@4fc53f6a
ERROR: Calling x509 certificate ... Attributes not available in the ETier
333

It appears to bomb on "request.getRemoteUser()". How can I get information from the request object?

  1. //java.security.cert.X509Certificate.X509Certificate[] certs = null;
  2. System.out.println(" 111 ");
  3. javax.servlet.http.HttpServletRequest request = (javax.servlet.http.HttpServletRequest)tools.getRequestor().getRequestorPage().getObject("pxHTTPServletRequest");
  4. try {
  5. System.out.println(" 222 ");
  6. java.lang.Object objCertificates = null;
  7. java.lang.Object objCertificates2 = null;
  8. System.out.println(" 444 ");
  9. if (request != null) {
  10. System.out.println("Request is not null");
  11. System.out.println("Request = " + request);
  12. System.out.println("Request.getRemoteUser() = " + request.getRemoteUser());
  13. } else {
  14. System.out.println("Request IS null");
  15. }
  16. objCertificates2 = request.getAttributeNames();
  17. System.out.println(" 555 ");
  18. System.out.println(" 555 attributes = " + objCertificates2);
  19. objCertificates = request.getAttribute("javax.servlet.request.X509Certificate");
  20. System.out.println(" 666 ");
  21. // certs = (X509Certificate[])objCertificates;
  22. System.out.println("We are able to read the javax.servlet.request.X509Certificate");
  23. } catch (Exception e) {
  24. System.out.println("ERROR: Calling x509 certificate ... " + e.getMessage());
  25. }

Comments

Keep up to date on this post and subscribe to comments

Pega
November 26, 2019 - 11:26pm

Hi,

The Pega Platform has two tiers, the web tier and the engine tier (Etier). 

When you're using the pxRequestor.pxHttpServletRequest object it's actually this class:

com.pega.pegarules.priv.authentication.RequestFacade

At the web tier level we populate this class with contents from the actual HttpServletRequest object and some content is simply not added, including attributes.  The methods for request attributes are defined in RequestFacade but they throw exception as not implemented. 

That is why you get the "Attributes not available in the ETier" error.

I don't have another solution for you. 

--Chris

 

December 4, 2019 - 9:51am

I should rename this topic from "Read HttpHeaderRequest" to "Problem reading certificate credentials from CAC and log user into Pega".

 

I have added some more detail in the attached word document.

1. I have configured tomcat with the <connector> where we specify the keystore and the truststore (with passwords)

2. When I access https://localhost:8443/abssConnect or https://localhost:8443/prweb/PRWebLDAP1/ the system will prompt for my certificate and my PIN.  After successfully validating my certificate and pin, the system continues on to the web page.

3.  I am able to grab the user credentials (lastname.firstname.mi.1234567890) from the /abssConnect url (b/c it reads from getAttributes); however, I cannot get the user credentials from the /prweb/PRWebLDAP1/ url

Does pega store the recorded CAC CN anywhere during the authentication process?

Thanks!