Skip to main content

This content has been archived and is no longer being updated. Links may not function; however, this content may be relevant to outdated versions of the product.

Support Article

"Connection failed" error for Gadget Configuration on IAC

SA-1136

Summary



We have the IAC host configured correctly with prconfig.xml updated properly.

When using the Gadget Setup utilities provided in the PRGateway application errors are occuring with user authentication.

Whenever we provide a PRPC username and password for the gadget setup, I get a Connection Failed error.

On the other hand, when providing an incorrect password, the system shows that the password is incorrect, so the request is hitting the server.



Error Messages



Connection failed. Try again.


Steps to Reproduce



1. Setup host connection on IAC.
2. Attempt to create a gadget in Gadget Setup.


Root Cause



The root cause of this problem is defect/misconfiguration in the PRPC operating environment. 



The PRPC application deployment is secured by WebSphere standard LTPA and the user implimentation uses desktop level authentication. The Gateway request is coming from a seperate server and is NOT a user but a process. 

Gadget Setup Requests from the gateway like this:



https://<server name>:443/iacprg/PRPCGateway/[email protected]PRServlet/hKeujXpdNeeGNfcFyN5JtPDen35ZbX2c*/!UMMedBH/$PegaACCORD?pyActivity=%40baseclass.doUIAction&action=display&UserIdentifier=<PRPC_USERID>&Password=<base64_url_encoded>&encrypt=false&harnessName=createIACGadgets&className=PegaAccel-IAC-Admin

are getting errors in WebSphere like this:

[8/21/14 15:27:24:969 EDT] 00000271 LTPAServerObj E   SECJ0369E: Authentication failed when using LTPA. The exception is com.ibm.websphere.wim.exception.PasswordCheckFailedException: CWWIM4537E  No principal is found from the <PRPC_USERID>' principal name..

This is occuring before PRPC gets the request.

The user <PRPC_USERID> is a PRPC only user id so it’s not going to exists in any company wide user store.  It looks like when the request above gets to WebSphere it is trying to authenticate against the userIdentifier and password provided in our URL.  We don’t need it to do this, PRPC will authenticate the user.


Resolution




The solution was to use a none secure host/port in the gateway Host defintion for PRPC. This way LTPA/COREid authentication occures at the gateway level and the proxy functionlity of the gateway requests to PRPC do not go through the same websphere level authentication.

This is fine for thier development efforts in using the Gadget Setup tools provided in the gateway.
Suggest Edit

Published June 12, 2015 - Updated October 8, 2020

Did you find this content helpful? Yes No

Have a question? Get answers now.

Visit the Collaboration Center to ask questions, engage in discussions, share ideas, and help others.

We'd prefer it if you saw us at our best.

Pega Community has detected you are using a browser which may prevent you from experiencing the site as intended. To improve your experience, please update your browser.

Close Deprecation Notice
Contact us