Support Article
SFDC Pega Integration with SAML authentication throws error
SA-16921
Summary
Pega 7.1.9 with SFDC (Salesforce Process Extender) does not work. It throws authentication related error message in the browser.
Error Messages
Steps to Reproduce
Scenario 1 :
- User logs in to URL https://<host>:<port>/prweb/Servlet1 ( which is Pega 7.1.9 SAML 2.0 enabled – SAML authentication service )
- User prompted for user ID and password by SAML Identity provide
- User successfully logs in
Scenario 2
- User logs in to Salesforce ( not SAML enabled ) - https://<salesforce url>
- User initiates workflow within Pega using Salesforce Extender and makes request to same URL https://<pega host>:<port>/prweb/Servlet1 with additional query parameters
- Since this URL is linked to SAML enabled authentication service, it is expected that the user is prompted for credentials by SAML Identity provider, but instead an error message is displayed
Root Cause
An issue in the custom application code or rules. Closer look at the Pega Web Mashup configuration, revealed that '<env name="/Authentication/RedirectGuests" value="false"/>' is missing.
Resolution
Here’s the explanation for the reported behavior:
Add below configuration setting by updating prconfig.xml or DSS (Dynamic System Setting) (refer to http://pdn.pega.com/node/2096)
<env name="/Authentication/RedirectGuests" value="false"/>
Published January 31, 2016 - Updated October 8, 2020
Have a question? Get answers now.
Visit the Collaboration Center to ask questions, engage in discussions, share ideas, and help others.