Code Vault

Unauthenticated ruleset and customize login screen in Pega

December 7, 2024

In this blog article, we will see in detail about the usage of an Unauthenticated ruleset and then a working tutorial about customizing the login screen.

This tutorial is implemented using Pega 8.2 version. Please note the corresponding HTML code may vary in the previous pega versions.

We know that in Pega, rules and data instances are responsible for all type of business processing.

Business Scenario: Assume any insurance organization say AAA. Jon and Arya they both work in Sales and Service departments respectively. Both the departments use their own Pega application to interact with the customers.Now, let’s say Jon logs in the pega application and based on his profile he will be authenticated and authorized to use the Sales application. His Sales team dashboard is rendered in his user portal.

So, What happens at the backend? How does the Sales application-specific rules get picked up? Simple answer is ‘Rule-Resolution’ based on his operator profile.

Operator ID -> Access group -> Application -> rules and rulesets (ruleset stack is formed).

Sales specifc rules got picked up because his operator and access group are pointing to Sales application. All this run time rule resolution carried out because the user is successfully authenticated and knows which application specific rules to be picked out

Now I will throw a question!! How to render a screen to user before authentication?

Obviously, the screen can be the login screen 😉 because that is the screen before authentication!

All the browser requestor sessions at the login page are usually referred as the unauthenticated or guest user sessions.

Let’s see an unauthenticated session in action!. Hit the URL

A new browser requestor session is launched and is called the unauthenticated or guest user session.

Open the browser requestor type from pega

Records -> SysAdmin -> Requestor type -> browser requestor

Open the prpc or pega Browser requestor type.

You see the requestor type references the PRPC:Unauthenticated access group.

Click and open the PRPC:Unauthenticated access group.

You see the application points to PegaRULES application.

It means the unauthenticated user session has access to PegaRULES application.

Now you see that the security for Unauthenticated user is well restricted to PegaRULES application alone and they don’t have any access to enterprise applications.

Let’s get back to the login screen. The HTML rule Web-Login is responsible to render the login page.

You see the rule is in Pega-EndUserUI ruleset and thus the unauthenticated users already have access to this rule under PegaRULES application.

Now think about how we can customize the Web-Login HTML rule?!

Restriction 1: The default access group prpc:Unauthenticated points to PegaRULES application. You cannot save the Web-Login HTML rule into any PegaRULES application specific rulesets.

Restriction 2: You cannot point the Unauthenticated access group to enterprise applications, because this may consider security violation by enabling the unauthenticated users access to enterprise applications.

So, there is only one solution – Create a separate unauthenticated ruleset and add it only to the Unauthenticated access group.

Let’s start the tutorial

Pre-requisite

Make sure you use your own system name.

Note: In real time, every enterprise pega projects manage their own system name.

We didn’t have a separate system name so I am going to specify a new system name

How to create a new system name?

Step 1: Create a new system name

Go to records -> System -> Create new

Step 2: Perform the configuration as shown below.

There are four main configuration fields

a) Environment name – Specify a meaningful environment name – dev ST, production etc.

b) Production level – It can range from 1-5

1- Experimental, sandbox environment
2- Development
3- Test
4- Pre-production
5- Production

c) Lock timeout – This is specific to case and not related to authentication timeout. You need to specify the timeout in minutes till which the case remains locked and after that it goes softlock. This is the system wide lock settings.

d) Number of concurrent sessions allowed for each operator – the field name explains!! You can specify the limit of pega sessions a single operator can have. Specify -1, if you need to allow unlimited sessions.

Step 3: You need to make this new system name as the default system.

This can be configured either in prconfig rule or the dynamic system settings rule (DSS). I am going to update the DSS.

Records -> SysAdmin -> Dynamic System Settings. Filter on the Setting Purpose – Identification

You see a rule name – prconfig/identification/SystemName/default. Open it and you will see the default system name as pega.

Now update the value to the new system name – facebook, save the rule.

Step 4: Now restart the server for the changes to be effective.

Step 5: Once restarted verify your current system name as facebook (earlier it was pega)

System -> General -> Systems, Nodes, Requestors

You see facebook as the current system and requestor types were automatically created for the facebook system.

Now if you launch the URL again, then a new  browser requestor session corresponding to the current system – facebook will be created.

You can click and open the BROWSER requestor.

Now the pre-requisite is done.

What are the steps to customize the login screen?

Step 1: Create a new unauthenticated access group corresponding to your system.

Configure the access group as shown below.

Step 2: Add the above access group to the facebook BROWSER requestor type and save the requestor type. Make sure you select it.

Step 3: Create a new unauthenticated ruleset – facebookUnauthenticated.

Save the rule.

Step 4: Now include the unauthenticated ruleset as a production ruleset in the facebook:Unauthenticated access group advanced tab. Save the rule.

Note: Ignore the warning! This ruleset cannot be associated with any application.

We have successfully created the Unauthenticated ruleset. Now rules in this ruleset can be accessed by the Unauthenticated users using the browser requestor session.

Step 5: Web-Login, HTML rule is responsible for rendering the login page and its actions. Please explore the html and jsp tags on your own.

I am going to just change the background image of the login page.

The style attributes are grouped under a separate css text file rule py-login-screen.css.

Step 6: Save as the text file – py-login-screen.css rule in the unauthenticated ruleset.

Update the css style for the background image as shown in the below picture.

Note: To refer a image, use the format – url(<imagename.format>), you need to save the image in the directory webwb.

I already saved the image as a binary file rule in the unauthenticated ruleset.

Time to test the One Piece Pega homepage! Launch the pega url again!

Now you know how to use the unauthenticated ruleset effectively and how to customize the login page. In the coming posts, you will see few more rules take their place in this unauthenticated ruleset.

 

A technical team dedicated to empowering the Pega ecosystem with in-depth knowledge, guided by Premkumar Ganesan's vision.

Related Articles

Code Vault

Requestor types in Pega

December 11, 2024

In this blog article, we will see about different requestor types in Pega. This article is implemented using Pega Infinity ’24 version. First, let’s start with understanding the term – Requestor. What is a requestor? From the name, we can say that it can be any people or object which requests for a service. From […]

Code Vault

Configure LDAP Authentication Service in Pega

December 10, 2024

In this blog article, we will see how we can authenticate the application user credentials against the attributes stored in the apache directory server. It is mandatory to visit my another blog article of LDAP set up before proceeding in this article. How to configure the LDAP authentication in Pega? Let’s start by choosing the […]

Code Vault

Configure LDAP services – Apache Directory

December 10, 2024

In this blog article, we will see more in detail about directory services and LDAP protocols. We will also set up our own directory service. Let’s start with the directory. What is a directory? Directory is a collection or list of data and they saves the information and provides them when needed. Real time examples […]

Code Vault

Customizing Basic authentication in Pega

December 10, 2024

In the last post, we saw how the default basic authentication works in Pega. In this post, we will see how we can customize and have our own basic authentication. This blog article is implemented using 8.2 version Now the first question is why do we need to customize the basic authentication? 1. When the […]