LinkedIn
Copied!

Table of Contents

Securely authenticating in Deployment Manager

Version:

Only available versions of this content are shown in the dropdown

Deployment Manager 5 now supports an OAuth 2.0 token-based authentication process for a more secure operator experience within the orchestrator and candidate environments. This authentication and authorization model provides many benefits, including the ability to audit user operations within Deployment Manager, as all actions are now connected to an operator ID instead of a generic authentication profile, such as DMReleaseAdmin.

Keystore and truststore setup

Enabling encryption between nodes secures the data that is transferred across nodes so that an unauthorized host cannot access the data. Create a keystore.jks for the private key and the associated certificate or certificate chain. Ensure that you have your keystore.jks and truststore.jks files readily available for upload before beginning this step.

Ensure that you save the alias and passwords used to create the JKS files as they are used to setup Deployment Manager. For more information on creating these files, see Creating the keystore.jks and truststore.jks files.

Deployment Manager establishes secure token-based communication with the Deployment Manager Service APIs. The key store and trust store configuration is setup to ensure the portal functions correctly.

On the orchestrator:

  1. In the navigation pane of Dev Studio, click Records Security Keystore .
  2. Open the DMKeyStore rule to upload the keystore and update the keystore password.
  3. Click Save.
  4. To enable communication from Deployment Manager:
    1. From Dev studio, open Token Profile from the Records menu and Security sub menu.
    2. Open the DeploymentManagerClientJWTProfile token profile rule.
    3. Under the Security section, ensure that the keystore refers to DMKeyStore.
    4. Update the alias that you defined when creating the keystore, and update the password to the password that you set when setting up the truststore.
    5. Click Save.
On candidate environments
  1. To establish communication between non-trusted systems:
    • Create and configure the DMKeyStore as you did on the orchestrator.
    • Update PegaDeploymentManagerIntegrations TrustStore dynamic system setting to DMKeyStore.

Troubleshooting

  1. What should I do if deployments are stuck INPROGRESS with a java.lang.IllegalArgumentException: Empty key error in the logs?
    • This is a known issue in Pega Platform 8.5.2 related to OAuth 2.0. As a workaround, perform the following steps.
      This has been resolved in Pega Platform 8.5.2 as part of Hotfix-69607.
      1. Log in to Deployment Manager with the SUPERADMIN role.
      2. From the navigation pane, click Switch to Dev Studio Records explorer Security OAuth 2.0 Client Registration .
      3. Open DeploymentManagerClient client registration.
      4. Click Revoke access and refresh token.

Previous: Setting up candidate environments

Next: Configuring an application

Did you find this content helpful?

Have a question? Get answers now.

Visit the Collaboration Center to ask questions, engage in discussions, share ideas, and help others.