Allow Unauthenticated or Guest Access to a Pega 7 Activity that Generates HTML Page

An Activity can be used in Pega 7 to process a HTML Rule using the Show-HTML method and to send the resulting page to a web browser.

Pega7.1.9 - Activity Processing HTML Rule using SHOW-HTML Method

For an example on how to create such an activity and HTML Rule, see the post:

  • The Activity is accessed through a URL such as the one shown below.
http://localhost:8080/prweb/PRServlet/?pyActivity=PGX-MyStore-Work.ViewHelloWorld
  • A login dialog appears and the user must provide valid Pega operator credentials to access the activity.

Pega7.1.9 - Access Activity Rule from Safari Web Browser via URL, Login Screen

  • After successful authentication, the Activiy is run and the HTML page is displayed in the browser:

Pega7.1.9 - Access Activity Rule from Safari Web Browser via URL, Hello World HTML Page

This post shows how a new RuleSet and Access Group can be used to provide access to the activity for unauthenticated or guest users. That is, there will be no login screen and the activity will be accessed as an unauthenticated guest user using the pega.BROWSER requestor type.

Summary

  1. Access Activity as Unauthenticated/Guest via URL with pzAuth Parameter
  2. Create a new Ruleset for Rules without Authentication
  3. Edit Access Group for Unauthenticated/Guest Users
  4. Save Rules into Ruleset for Unauthenticated Users
  5. Testing Access to the Activity Rule

Related Posts

  • To access the Activity as an unauthenticated guest user, the query string parameter pzAuth=guest is used, so that the URL is as shown below.
  • Ensure to send this request from a browser with no active Pega session (e.g. log out of Designer Studio).
http://localhost:8080/prweb/PRServlet/?pzAuth=guest&pyActivity=PGX-MyStore-Work.ViewHelloWorld
  • Without additional changes, the request will fail and Pega will return an error page, indicating that the request is Unauthenticated:

Pega7.1.9 - Activity Rule Access from Browser Error, Unauthenticated or not Available.

  • Requests from unauthenticated guest users will execute under the pega.BROWSER requestor type.
  • The Pega logs will indicate that the unauthenticated requestor does not have access to the specified activity rule.
Caused by: com.pega.pegarules.pub.generator.RuleNotFoundException: Failed to find a 
'RULE-OBJ-ACTIVITY' with the name 'VIEWHELLOWORLD' that applies to 'PGX-MyStore-Work'. 
There were 1 rules with this name in the rulebase, but none matched this request. 
The 1 rules named 'VIEWHELLOWORLD' defined in the rulebase are: 1 related to applies-to class 
'PGX-MyStore-Work', but were defined in rulesets which are not in your rulesetlist: 
'MyStore:01-01-01'.
  • The approach in this example is based on configuring a new RuleSet and using an access group for unauthenticated users to bypass Pega 7 login.

  • In Designer Studio, navigate to + > SysAdmin > RuleSet to create a new RuleSet.
  • Enter a name and version for the new rule set, here it is MyStoreUnauthenticated:01-01-01.

Pega7.1.9 - Designer Studio - Create new RuleSet Form

  • Click on Create and open.
  • Select Application Validation and set the Effective Start Date to today’s date or earlier.
  • Click on Save to continue.

Pega7.1.9 - Designer Studio - Edit RuleSet - Versions Tab

Add new Ruleset to Application Production Rulesets

  • Open your current application, here it is called MyStore.
  • On the Definition tab, expand the Advanced section and add the new RuleSet, here MyStoreUnauthenticated:01-01, to the list of Production RuleSets.

Pega7.1.9 - Designer Studio - Edit Application - Add Production Ruleset

  • Click on Save and continue.

  • Use the Records Explorer to view instances of Access Group.
  • Filter the list using your application name, here MyStore.

Pega7.1.9 - Designer Studio - Records Explorer - View Instances of Access Group

  • Pega 7 may have automatically created an access group ending in :Unauthenticated when creating the application.
  • If not, create a new access group using the +Create button.
  • Click on the row of that instance, here MyStore:Unauthenticated to edit the access group.

Pega7.1.9 - Designer Studio - Edit Access Group - Definition Tab

Pega7.1.9 - Designer Studio - Edit Access Group - Advanced Tab - Add Production RuleSet

Update the Requestor Type "pega.BROWSER"

  • Use the Records Explorer to view instances of SysAdmin > Requestor Type.

Pega7.1.9 Designer Studio - Records Explorer, View Requestor Types

  • Open the pega.BROWSER requestor type by clicking on the instance row.
  • This requestor type is configured to only have access as per access group PRPC:Unauthenticated.

Pega7.1.9 Designer Studio - Edit Requestor Type, Change Access Group

  • Edit the requestor type and set the access group to the one created earlier, here MyStore:Unauthenticated.

  • Open the current access group for authors of the application. Here it is MyStore:Authors
  • Add the RuleSet for unauthenticated access (see section 2…) to the list of production RuleSets.

Pega7.1.9 Designer Studio - Edit Access Group - Advanced Tab - Add Production Ruleset

  • Save the changes and logout of the Designer Studio and then login again.
  • Open the Activity rule, here named ViewHelloWorld and click on Save As.

Pega7.1.9 Designer Studio - Activity Save As - Unauthenticated RuleSet

  • Select Production Rulesets for Context, the appropriate Apply to class and the previously created RuleSet for unauthenticated users, here Unauthenticated:01-01-01.

Pega7.1.9 Designer Studio - Activity Save As - Production Ruleset Unauthenticated RuleSet

  • Click on Create and open to continue and then on Check in to commit the changes.
  • Repeat the steps for the HTML Rule used in the Show-HTML step, here HelloWorldHTML.
  • Modify the HTML Rule as needed to customize it for unauthenticated guest users.

Pega7.1.9 Designer Studio - Edit HTML Rule - HelloWorldHTML

  • Save and Check in the changes.
  • Remove the ruleset for unauthenticated users from the list of production rulesets for the access group that is used to login when accessing the activity (…or create a new access group).

Pega7.1.9 Designer Studio - Edit HTML Rule - HelloWorldHTML

  • In a new browser session, access the activity as an unauthenticated user with pzAuth=guest:
http://localhost:8080/prweb/PRServlet/?pzAuth=guest&pyActivity=PGX-MyStore-Work.ViewHelloWorld

Pega7.1.9 Designer Studio - Access Activity as Unauthenticated Gues User from Browser

  • In a new browser session, access the activity as an authenticated guest user without the pzAuth parameter:
http://localhost:8080/prweb/PRServlet/?pyActivity=PGX-MyStore-Work.ViewHelloWorld
  • A login screen will appear. Enter the credentials of a Pega 7 operator ID that does not have access to the ruleset for unauthenticated users.

Pega7.1.9 Designer Studio - Access Activity as Authenticated User from Browser - Login Screen

  • The HTML Rule rule for authenticated users is applied and the page is rendered as shown below.

Pega7.1.9 Designer Studio - Access Activity as Authenticated from Browser

Leave a Reply