Configuring an application to use an anonymous authentication service
An anonymous user connects to an application without entering any login credentials, but is prompted for authentication partway through a session. For example, most online shopping portals allow you to shop without identifying yourself. When you check out, you are prompted for credentials. You can build this type of application by using an anonymous authentication service and the reauthentication gadget.
To build an application that supports anonymous users, do the following actions.
Create the anonymous authentication service.
The anonymous authentication service creates sessions for guest users, assigning randomly generated operator IDs to the guest operators.
Create the supporting authentication services.
Create one or more non-anonymous authentication services. The user selects a service when it is time to authenticate.
Create the application.
Create the application in a ruleset that is accessible to guest users. For more information, see Authentication services and rule availability. Users initially connect as guests by using the Login URL that is shown on the authentication service rule form.
Configure the application to trigger the authentication mechanism.
In your application, at the step where you want to prompt the user for credentials, trigger the local flow action pyReAuthGadget. This flow action displays the section pxReAuthGadget, where the user authenticates. For example, a shopping application can have a button that invokes pyReAuthGadget when a user checks out. At run time, pxReAuthGadget displays the names of the enabled authentication services so that the user can select a service and provide their credentials. You can optionally modify the user interface by customizing the gadget.
The target of the pyReAuthGadget flow action can be Modal Dialog or Overlay. The Replace Current target, though shown, is not supported.
After the user has authenticated, the gadget invokes the activity pyMigrateDataForReAuthenticated. Pega Platform passes the old guest operator ID and the newly authenticated operator ID as input parameters to this activity. You can extend this activity and use it to copy data, such as the shopping cart contents, from the original user to the newly authenticated user.
For example, a shopping application stores shopping cart information for all active users in the cart table, keyed by operator ID. When the user authenticates, your customized version of pyMigrateDataForReAuthenticated copies the relevant cart data from the old user to the new user and saves the cart.
You can use the when rule pzIsAnonymousUser at any time to check whether the user has reauthenticated. A return value of
falseindicates that the user has provided valid credentials and has been authenticated. Use this when rule to conditionally display a button or link to pyReAuthGadget.
- Authentication services
To override or extend the default authentication process, create and configure an authentication service.
- Creating an authentication service
To override or extend the default authentication process, create an authentication service. By creating an authentication service, you implement more specialized authentication requirements than the default, for example, to use pre-authentication and post-authentication activities.
- Configuring an anonymous authentication service
After you create an anonymous authentication service, configure it so that Pega Platform can support guest users. You can map attributes from the model operator to properties in Pega Platform, and also configure preauthentication and postauthentication activities.