Support Article
On enabling obfuscation WorkArea control throws error
SA-7994
Summary
After enabling obfuscation, for a user logged in through Single Sign On(SSO), workarea control does not load and gives an error.
Error Messages
Error 400: Invalid URL used in request
Steps to Reproduce
Enable obfuscation and then login through SSO to the out of the box user portal.
Root Cause
Both URL Obfuscation and HttpOnly are enabled on the Pega-RULES cookie.
E.g. Set-Cookie: Pega-RULES=H8AC09824EA49703F0237D236F5F49BED; Path=/prweb;Secure;HttpOnly
This is a known limitation with HttpOnly. These two settings aren't compatible with each other.
Resolution
This is an expected behavior when you have enabled URL obfuscation and you try to use Single Sign On.
Published June 12, 2015 - Updated October 8, 2020
Have a question? Get answers now.
Visit the Collaboration Center to ask questions, engage in discussions, share ideas, and help others.