Skip to main content
LinkedIn
Copied!

Table of Contents

Configuring login using a Kerberos authentication service

Version:

Only available versions of this content are shown in the dropdown

Specify the appropriate fields based on how users will be authenticated in the Kerberos authentication service. If using a directory, specify binding information for your directory. To access this service, you will also need to specify the activities used to validate user credentials, the alias name, and alias URL pattern.

  1. In the navigation pane of Dev Studio click Records SysAdmin Authentication Service .

  2. Select an existing custom authentication service from the instance list, or create a custom authentication service.

  3. Click the Kerberos tab.

  4. In the Login configuration section:

    1. In the Authentication service alias field, enter the application service alias you want to use for the Authentication service.

      The Authentication service alias is used for hitting the authorization endpoint.

      For example: Enter ClientLogin in the Authentication service alias field.
    2. In the URL pattern field, enter the servlet name mapped in web.xml for this authentication service.

      In this example, when viewing the web.xml, the LDAP authentication service has the PRWebLDAP1 servlet, which is mapped to the WebLDAP1 authentication service.

      For example: Enter WebLDAP1 in the URL pattern field and the following URL will generate Login URL: https://company.com/prweb/PRWebLDAP1

  5. In the Custom Authentication Activity section, in the Authentication activity field, press the Down Arrow key and select the authentication activity. pyAuthenticationKerberosCredentials activity.

    In this example, you would select the pyAuthenticationKerberosCredentials activity because this is for Kerberos authentication. However, you could create your own activity to support a custom authentication service, then select it here.
    If you are not using SPNEGO Source Forge, modify this activity code to retrieve GSSCredentials from the pxRequestor clipboard page.
    The activity must have Code-Security as the Applies To key part.
  6. In the JNDI Binding Parameters section, in the Initial context factory field, enter the Java class name of the JNDI initial context factory that you want to use to connect to the directory server, for example, com.sun.jndi.ldap.LdapCtxFactory.

  7. If you are using LDAP, in the Directory field, enter the LDAP server information. Otherwise, leave this field blank.

  8. In the Trust store field, press the Down Arrow key and select the truststore record that contains the server certificates.

  9. Click Save.

Did you find this content helpful?

Have a question? Get answers now.

Visit the Collaboration Center to ask questions, engage in discussions, share ideas, and help others.

Ready to crush complexity?

Experience the benefits of Pega Community when you log in.

We'd prefer it if you saw us at our best.

Pega Community has detected you are using a browser which may prevent you from experiencing the site as intended. To improve your experience, please update your browser.

Close Deprecation Notice
Contact us