About the Authentication accelerator

The Authentication accelerator helps you configure your PRPC system to use an LDAP-compliant directory server to authenticate users.

The accelerator creates an authentication service data object (Data-Admin-AuthService) that holds the connection information for the LDAP directory. It also specifies two standard activities that use the connection information to bind to the directory server, authenticate the users, and re-authenticate users if their sessions expire.

As described in About Authentication Service data instances, there are two parts to an authentication service: the data object itself and a servlet definition in the PRPC web.xml file that refers to the data object.

The web.xml file contains three servlet definitions: WebLDAP1, WebLDAP2, and so on. By choosing a name for an authentication service object that matches one of these predefined servlet definitions, you can implement up to three authentication service configurations without editing the web.xml file.

Changes to a web.xml file are effective only after undeploying and then redeploying PRPC.

For more information, see Authentication in PegaRULES PRPC, a document on the PDN.

Preparation

Before you begin, gather the following information:

• The fully qualified Java class name of the JNDI initial context factory class to use to connect to the directory server. For example, com.sun.jndi.ldap.LdapCtxFactory.
• The URL of the LDAP provider.
• The name and password of a bind user who is allowed to search the directory tree for the credentials of a user attempts to log in. (PRPC authenticates as this user before it searches the directory for the user it needs to authenticate.)
• The directory context that defines the section of the Directory Information Tree holding the users to be authenticated.
• A search filter expression to use to find and validate the user's distinguished name. For example, if your directory holds an attribute that specifies whether a user is a PRPC user, specify that attribute as the search filter. By default, it is set to (cn=%V), where %V is the user ID the user entered on the log-in form.
• The name of a test user. The accelerator attempts to connect to the directory as the bind user specified in the bind user and password field and attempts to search for the test user. If the accelerator cannot reach the directory and find the user, it does not progress to the next step.
• The names of directory server attributes that represent the Operator ID properties pyOrganization, pyOrgDivision, and pyOrgUnit. Additionally, determine any other attributes that must vary based on the user (not including user name, pyUserIdentifier).

Starting the accelerator

To start the Authentication accelerator, select > Integration > Tools > Authentication Accelerator. The accelerator starts. Click the help button () on any form for help about that form.

About Authentication Service data instances

Tools — Integration