Support Article
Mashup: URLEncryption in Pega Platform 7.4
SA-74551
Summary
Changes in Pega 7.4 for Pega Web Mashup use a script block wihch includes a call to the pzIncludeMashupScript activity:
<script src ='https://<prpc_server>/prweb/PRServlet?pyActivity=pzIncludeMashupScripts></script>
With URLEncryption enabled on the Pega Platform server level, the script SRC does not work.
Error Messages
Not Applicable
Steps to Reproduce
Unknown
Root Cause
When using URLEncryption for Web Mashup, the default method of including the Mashup scripts fail because the call to pzIncludeMashupScripts was not encrypted.
Resolution
Perform the following to use URL Encryption in Pega 7.4.
1. Apply the following hotfixes:
- HFix-48596
- HFix-49948
2. URL Mapping Rule:
- Add a new URL Mapping rule in a ruleset defined in an AccessGroup used for unauthenticated requestors.
- Add a new custom mapping with alias of IncludeMashupScript
- Call the pzIncludeMashupScripts activity with the disableCompacting = true parameter (required when using encryption)
3. Mashup Changes:
Script reference uses URL Mapping:
Enable the encryption and force post:
<script>
pega.web.config.encrypt=true;
pega.web.config.cmd.pegaAction={"httpMethod":"POST"};
</script>
The below Mashup Attribute is required such that the redirects occur correctly:
data-pega-redirectguests = "true"
4. Dynamic System Settings (DSS):
Pega-Engine prconfig/authentication/redirectguests/default = true
The DSS setting must be set to true or removed when PRGateway is not used. The data-pega-redirectguests mashup attribute is used instead to control this.
5. Standard settings for URLEncryption:Pega-Engine prconfig/initialization/urlencryption/default = true
Pega-Engine prconfig/initialization/submitobfuscatedurl/default = required
Published March 7, 2019 - Updated December 2, 2021
Have a question? Get answers now.
Visit the Collaboration Center to ask questions, engage in discussions, share ideas, and help others.