Question

Authentication LDAP service. Developed authentication and timeout activities doesn't work

Hi!
I configured WebLDAP1 authentication service. For field "Authentication activity" and "Timeout activity" I want use my own developed activities. For now my activities is exactly the same as AuthenticationLDAP and AuthenticationLDAPTimeout. But difference in one thing: AuthenticationLDAP and AuthenticationLDAPTimeout activities saved in Pega-RULES:07-10-01 ruleset, and my activities saved in MY ruleset (to be able to changing a steps). And when I specify MY activities in WebLDAP1 service it doesn't work, because RuleNotFoundException has appear. I attach LOG-file. So in which RuleSet I need to save MY activities?

Attempted Solutions

1) Adding our ruleset to "Application rulesets" list at first position, but error has appear (Supply password to update: Incorrect password specified.);
2) Save activities in available ruleset, but I can't do this (all available rulesets locked).

P.S. Current RulesetList (in LOG) seems like RulesetList for AccessGruop PRPC:Unauthenticated which based on PRPC application.
Thank you!

Here a LOG message:

Caused by:
com.pega.pegarules.pub.generator.RuleNotFoundException: Failed to find a 'RULE-OBJ-ACTIVITY' with the name 'EXCHANGEAUTHENTICATION' that applies to 'Code-Security'. There were 1 rules with this name in the rulebase, but none matched this request. The 1 rules named 'EXCHANGEAUTHENTICATION' defined in the rulebase are:
1 related to applies-to class 'Code-Security', but were defined in rulesets which are not in your rulesetlist: 'bveb:01-02-21'.

Current RulesetList:
Pega-ProcessCommander:07-10,
Pega-LP-ProcessAndRules:07-10,
Pega-LP-Integration:07-10,
Pega-LP-Reports:07-10,
Pega-LP-SystemSettings:07-10,
Pega-LP-UserInterface:07-10,
Pega-LP-OrgAndSecurity:07-10,
Pega-LP-DataModel:07-10,
Pega-LP-Application:07-10,
Pega-LP:07-10,
Pega-UpdateManager:07-10,
Pega-SecurityVA:07-10,
Pega-Feedback:07-10,
Pega-AutoTest:07-10,
Pega-AppDefinition:07-10,
Pega-ImportExport:07-10,
Pega-LocalizationTools:07-10,
Pega-RuleRefactoring:07-10,
Pega-ProcessArchitect:07-10,
Pega-Portlet:07-10,
Pega-Content:07-10,
Pega-BigData:07-10,
Pega-IntegrationArchitect:07-10,
Pega-SystemArchitect:07-10,
Pega-Desktop:07-10,
Pega-EndUserUI:07-10,
Pega-Social:07-10,
Pega-API:07-10,
Pega-EventProcessing:07-10,
Pega-Reporting:07-10,
Pega-UIDesign:07-10,
Pega-Gadgets:07-10,
Pega-UIEngine:07-10,
Pega-ProcessEngine:07-10,
Pega-SearchEngine:07-10,
Pega-IntegrationEngine:07-10,
Pega-RulesEngine:07-10,
Pega-Engine:07-10,
Pega-ProCom:07-10,
Pega-IntSvcs:07-10,
Pega-WB:07-10,
Pega-RULES:07-10

at com.pega.pegarules.generation.internal.vtable.ruleres.VirtualTableResolver.throwDetailedRuleNotFoundException(VirtualTableResolver.java:726)
at com.pega.pegarules.generation.internal.vtable.ruleres.VirtualTableResolver.resolveToContainer(VirtualTableResolver.java:401)
at com.pega.pegarules.generation.internal.vtable.ruleres.VirtualTableResolver.resolveRule(VirtualTableResolver.java:155)
at com.pega.pegarules.generation.internal.vtable.VirtualTableImpl.resolveRule(VirtualTableImpl.java:309)
at com.pega.pegarules.generation.internal.PRGenProviderImpl.get(PRGenProviderImpl.java:474)
at com.pega.pegarules.session.internal.mgmt.Executable.doActivity(Executable.java:3488)
at com.pega.pegarules.session.internal.mgmt.authentication.AuthenticationUtil.runActivity(AuthenticationUtil.java:208)
at com.pega.pegarules.session.internal.mgmt.authentication.SchemePRCustom.authenticateOperator(SchemePRCustom.java:701)
... 62 more

**Moderation Team has archived post**

This post has been archived for educational purposes. Contents and links will no longer be updated. If you have the same/similar question, please write a new post.

Correct Answer
December 27, 2016 - 6:24am

1. Create separate ruleset something like, AppUnauthenticated.

2. Put only rules required for authentication into that ruleset. Like, auth activity, any html rule.

3. find your system name.

4.  Create access group as App; unauthenticated. Available role should be PegaRULES:Guest.

5. go to requestor type as browser for that system name.

6. Change the access group the one created.

 

Now test the functionality. it should work as expected.

 

Comments

Keep up to date on this post and subscribe to comments

Pega
December 1, 2016 - 7:33am

Thanks for sharing the log file, in there I can see the error is coming for 'EXCHANGEAUTHENTICATION' activity and applied to Code-Security.

Is there any specific reason here as you have created the above activity applied to 'EXCHANGEAUTHENTICATION'?

 

December 2, 2016 - 2:27am
Response to HabeebBaig

Thanks for answer!

Yes, I have a reason. I want to implement some enterprise log-in logic in second step of AuthenticationLDAPVerifyCredentials (this is the Java-step). In our Microsoft AD there is no information about organization. So I can't map the values to .pyOrgUnit, .pyOrgDivision and .pyOrganization. I want to fill this properties following some logic. Also I want to validate .pyUserIdentifier.

December 2, 2016 - 1:30pm

Do you have screenshot or see any error in the log when you perform below?  I think adding bveb:01-02-21 to your application ruleset stack is the solution to the problem but need to figure out why password is required.

1) Adding our ruleset to "Application rulesets" list at first position, but error has appear (Supply password to update: Incorrect password specified.);

December 5, 2016 - 1:33am
Response to WaikeiKwok_GCS

I attach the screenshot. I don't know which password I need to enter. It is not the password to the bveb:01-02-21, because I need to use bveb:01-02

December 5, 2016 - 1:35am

December 5, 2016 - 6:52pm

Hi,

The requestor is still in the unauthenticated access group when the activity tries to run. You are trying to change the PegaRULES application rule to add your local ruleset, but no-one knows that password. Find the pegarules:unauthenticated access group, i expect the application being run is "PegaRules". create a new appln rule which has application ruleset which you can save rules into and is built upon PegaRules 07.10. This way you can save you custom rules and don't need to change the base rules. see attachment for screenshots.

December 8, 2016 - 1:13am
Response to PATONE01

Hi!

I did as you recommended, but I do not create the role QBE:ADC-Guest, because I did not understand which parameters I need to add to this role. So now when I try to log-in AuthorizationException has appear. I attach text file with logs and docx file contained screenshots.

What I need to do to resolve this problem? I change available portal to WorkUser, but it still not working and same exception has appear in logs.

Thank you!

December 16, 2016 - 12:59am

So I deleted the available portals and has added some available roles (see attachment file) and it's began to working!

But there was the one problem. For operator record only one access group was added, so only one application must be available for user. But when I hover the mouse on the "Application > Switch application" I can change current application to PegaRULES app (see the OperatorID_Record.png attachment). What I need to do to resolve this problem?

Thank you!

December 23, 2016 - 3:01am

Hi!

Anyone can give me some advice? Thank you!

Pega
December 27, 2016 - 6:24am

1. Create separate ruleset something like, AppUnauthenticated.

2. Put only rules required for authentication into that ruleset. Like, auth activity, any html rule.

3. find your system name.

4.  Create access group as App; unauthenticated. Available role should be PegaRULES:Guest.

5. go to requestor type as browser for that system name.

6. Change the access group the one created.

 

Now test the functionality. it should work as expected.

 

January 4, 2017 - 4:31am
Response to ranjr

Thanks for answer!

I do 1,2 and 4 paragraphs. But... where I can find system name? In DSS hostname is:"PegaRULES"|"indexing/hostname"|"LOCALHOST.LOCALDOMAIN". Maybe I need to do some in SMA?

Exuse me, I don't understand 3 and 5 paragraphs.

Can you explain how exactly i need to do this?

Thank you very much

DSS:

SMA: