Back Forward More about Authentication Service data instances

About Authentication Service data instances

You can configure your Process Commander system to authenticate users in one of several ways:

The publication PDNAuthentication in PegaRULES Process Commander, a document available on the Pega Developer Network, provides an in-depth description of how authentication works, including how Process Commander interacts with external authentication implementations. This document also provides instructions for configuring each authentication option.

About authentication activities

Authentication and timeout activities have the Code-Security class as the Applies To key part. Otherwise, you cannot access the activity on the Service tab of the Authentication Service form.

The standard LDAP authentication and timeout activities are LDAPAuthentication and LDAPAuthenticationTimeout. When you run the Authentication accelerator, it uses these two activities for the generated authentication service.

Tracking log-in failures

Process Commander records log-in failures from any requestor type as an instance of the Log-SecurityAudit class. To obtain information about failed log-in attempts, run the standard list view rule named Log-SecurityAudit.ListOfLoginFailures. For each failed attempt, the ListOfLoginFailures report lists the time of the attempt, the server name and IP address of the system the attempt was made from, the Operator ID (if available), and the message that was returned. The pyRemoteHost property identifiers the workstation or other system attempting log-in, and the pyRemoteID identifies the IP address.

Service Portlet support

The Process Commander portlet service (based on JSR 168) provides access to a portlet Web application that your developers create. Your portlet application gathers and processes content from Process Commander and displays the content and the processing results in a portlet window on a portal page in a Web browser.

A portal server manages the authentication of its users. Therefore, when a Process Commander portlet is invoked, a user is already identified and there is no reason for that user to identify himself again to Process Commander. The user credentials and identity are available, but this data must be transferred from the portal server to Process Commander. The Process Commander single sign-on feature manages the transfer of credentials.

Single sign-on is implemented through the authentication service feature. For portlets, single sign-on is implemented by default through a portlet authentication service named PRPortletService.

When you build portlets, you can use the initially supplied portlet authentication service to manage the identification of the portlet users. To do so, change the default settings to values appropriate for your system and modify the authentication activities as necessary. If the initial portlet authentication service does not meet your needs, you can configure a custom single sign-on or authentication scheme.

For more information, see PDNBuilding Portlet Services, a document available on the Pega Developer Network.

SPNEGO support

If your authentication scheme uses Microsoft's HTTP Negotiation extension and SPNEGO (Simple and Protected GSS-API Negotiation Mechanism), see Pega Developer Network article PDNPRKB-24115 How to implement single sign-on using SPNEGO and JAAS.

Definitions JNDI, LDAP-based authentication, portlet
Related topics About JNDI Server data instances
About Operator ID data instances

About Organization Units

zzzAbout Authentication Service data instances