Support Article

Mashup: URLEncryption in Pega Platform 7.4



Changes in Pega 7.4 for Pega Web Mashup use a script block wihch includes a call to the pzIncludeMashupScript activity:

<script src ='https://<prpc_server>/prweb/PRServlet?pyActivity=pzIncludeMashupScripts></script>

With URLEncryption enabled on the Pega Platform server level, the script SRC does not work.

Error Messages

Not Applicable

Steps to Reproduce


Root Cause

When using URLEncryption for Web Mashup, the default method of including the Mashup scripts fail because the call to pzIncludeMashupScripts was not encrypted.


Perform the following to use URL Encryption in Pega 7.4.

1. Apply the following hotfixes:
  1. HFix-48596 
  2. HFix-49948

2. URL Mapping Rule:

  1. Add a new URL Mapping rule in a ruleset defined in an AccessGroup used for unauthenticated requestors.
  2. Add a new custom mapping with alias of IncludeMashupScript
  3. Call the pzIncludeMashupScripts activity with the disableCompacting = true parameter (required when using encryption)

3. Mashup Changes:

Script reference uses URL Mapping:

<script src ='http://<prpc_system>/prweb/IAC/IncludeMashupScripts'></script>

Enable the encryption and force post:


The below Mashup Attribute is required such that the redirects occur correctly:

data-pega-redirectguests = "true"

4. Dynamic System Settings (DSS):

Pega-Engine prconfig/authentication/redirectguests/default  = true

The DSS setting must be set to true or removed when PRGateway is not used. The data-pega-redirectguestsmashup attribute is used instead to control this.

5. Standard settings for URLEncryption:

Pega-Engineprconfig/initialization/urlencryption/default = true
Pega-Engine prconfig/initialization/submitobfuscatedurl/default = required

Published March 1, 2019 - Updated March 6, 2019

Have a question? Get answers now.

Visit the Collaboration Center to ask questions, engage in discussions, share ideas, and help others.