On enabling obfuscation WorkArea control throws error
After enabling obfuscation, for a user logged in through Single Sign On(SSO), workarea control does not load and gives an error.
Error 400: Invalid URL used in request
Steps to Reproduce
Enable obfuscation and then login through SSO to the out of the box user portal.
Both URL Obfuscation and HttpOnly are enabled on the Pega-RULES cookie.
E.g. Set-Cookie: Pega-RULES=H8AC09824EA49703F0237D236F5F49BED; Path=/prweb;Secure;HttpOnly
This is a known limitation with HttpOnly. These two settings aren't compatible with each other.
This is an expected behavior when you have enabled URL obfuscation and you try to use Single Sign On.
0% found this useful