Mashup Gadget uses STANDARD thread after SSO login
On accessing the Pega Web Mashup host page, the system redirects the browser to the Single Sign-On (SSO) Challenge page. On entering the credentials and submitting the form, the browser is redirected to the original URL. However, the name of the Pega thread is not the value specified in the data-pega-threadname attribute. Instead, it is always Standard.
This occurs on reaccessing the Mashup after closing the browser as the SSO session cookie is valid for a limited period after. As a result, on reopening the browser and accessing the SSO URL, the system is accessible directly. However, the data-pega-threadname is interpreted correctly now and all the data on the Standard thread becomes inaccessible for the requestor.
Steps to Reproduce
- Configure SAML.
- Create a MashUp code.
- Use a custom data-pega-threadname.
- Launch the MashUp code gadget. The SSO application requests a login.
- Close the browser after a successful login.
- Relaunch the Masup code. The system does not prompt for username and password.
- Use the Remote Clipboard feature to view the thread name. The ThreadName is mangled to the custom and Standard.
Pega Web Mashup launch does not update any Clipboard model and the Standard thread is created by default at the Engine end. The Mashup is launched on the correct thread name as mentioned in the Mashup snippet.
Perform the following local-change:
- Remove the data-pega-threadname and data-pega-applicationname attributes from the Mashup gadget DIV.
- Use the Standard default thread.
Published September 6, 2019 - Updated October 8, 2020
Was this useful?
0% found this useful
Have a question? Get answers now.
Visit the Collaboration Center to ask questions, engage in discussions, share ideas, and help others.