Skip to main content

Support Article

Issue with creating operator ID with a hyphen

SA-10600

Summary



You are using External Authentication for PRPC using the WebLDAP1 rule. This works fine and authentication with ActiveDirectory server works fine too. However, when trying to create a user that contains a hyphen in the username, this is refused.

The usernames cannot be converted to include underscore, instead of hyphen, because the users already exist in ActiveDirectory. The users are already part of an authentication strategy and SSO approach with multiple other systems. 


Error Messages



"In addition to letters and digits, the identifier can include the following characters: period, single quote, tilde(~), underscore, exclamation point (!), ampersand (&), octothorpe (#) and no more than one @ character. Don't use forward slash or backslash characters in the identifier."

Steps to Reproduce



Consider an operator that worked OK and SaveAs with the new Operator ID as "r.otsmane-elhaou" to observe the issue.

Root Cause

The product is restricted to validate an Operator ID for inclusion of characters including ‘-‘.

There are no plans to change this within PRPC 6.x as the scope of changes required to include the character is not known. Also, class names use ‘-‘ character which may present conflicts when using refactoring tools.

Resolution

The work around is achieved with below steps for operators with hyphens:

1. Create an operator in Pega with each hyphen substituted by underscore as hyphens are not allowed in operator name.

2. On login screen, operator enters the company email and network password (enter as hyphen only). As the operator is enabled with external authentication, it will be authenticated by LDAP. The OOTB "AuthenticationLDAPVerifyCredentials" activity is called.

3. Override this activity with one additional step that converts from hyphen to underscore.

        -   Change the value of param.UserIdentifier to @(Pega-RULES:String).replaceAll(param.UserIdentifier,"-","_") before it do Obj-Open.

        -   Override this at organisation level, if all Pega applications in the organisation use LDAP authentication. If it is specific to an implementation, do it in implementation layer.

4. As this activity got overridden, it should become part of the rules being called during authentication.

5. Change BROWSER requestor type prpc:unauthenticated to an access group having access to this activity.

Suggest Edit

Published June 12, 2015 - Updated October 8, 2020

Did you find this content helpful?

Have a question? Get answers now.

Visit the Collaboration Center to ask questions, engage in discussions, share ideas, and help others.

Ready to crush complexity?

Experience the benefits of Pega Community when you log in.

We'd prefer it if you saw us at our best.

Pega Community has detected you are using a browser which may prevent you from experiencing the site as intended. To improve your experience, please update your browser.

Close Deprecation Notice
Contact us