Monday, February 24, 2020

Common Config Settings for Pega Server

Common Security vulnerabilities for Pega will be found during Security scan:

For any application Security scanning will takes place. And most of the security warnings will have below two error messages which are usually considered as low:

1)Error Message:
Session Cookie Does Not Contain the "Secure" Attribute
In session cookies "secure" word, is not there, then using normal javascript and http injection can be done to hack the session cookies, so its recommendable to add this attribute.

Resolution:

Perform the following local-change: 
Add the below Dynamic System Settings(DSS) in Pega PRPC, so it will be applicable for all the servers/nodes which pega is connected.

prconfig/HTTP/SetSecureCookie/default
value = "true"
Owning ruleset  -  Pega-Engine

Else if this need to be apply only to particular node, then in the config file we can mention it.
<env name="HTTP/SetSecureCookie" value="true" />
=======================

2)Error Message:
Cookie Does Not Contain The "HTTPOnly" Attribute
In session cookies "HTTPOnly" word, is not there, then using normal javascript and http injection can be done to hack the session cookies, so its recommendable to add this attribute.

Resolution:
Perform the following local-change: 
Add the below Dynamic System Settings(DSS) in Pega PRPC, so it will be applicable for all the servers/nodes which pega is connected.

DSS: purpose - prconfig/cookie/HttpOnly/default(default can vary based on node classification)
         Ruleset  - Pega-Engine
         Value     - true

Restart the server after this DSS is set to take the changes affect

Else if this need to be apply only to particular node, then in the config file we can mention it.
<env name="HTTP/SetSecureCookie" value="true" />
=======================

Note: Please let me know, similar to this if any common issues will be found, we can add it in the post, so that it will be help for all of us to know.

Wednesday, February 5, 2020

LDAP Implementation in Pega PRPC

LDAP Implementation with Simple Authentication:

In Pega PRPC, I had tried LDAP Authentication. I had followed the same steps mentioned in the below link, in personal edition for trail and learning purpose. Its working without any changes.
https://community1.pega.com/community/product-support/question/how-cofigure-server-based-authentication-ldap

1) Install LDAP server:
Downloaded Apache Directory Studio and installed the server. 
https://directory.apache.org/studio/download/download-windows.html

Import some sample data from google by searching with  sample ".ldif" file - which is the format of the LDAP data. by default LDAP Port will be 389, 10389:
My LDAP URL is: ldap://localhost:10398

Sample screen shot from data and structure of data has been given below:
dc=example, dc=com
ou=Management
cn=1(user1)
cn=2(user2)











2)Create an authentication Service - Named(in this example) "TestLDAP1" - and AuthenticationTimeout and Authentication Activity, mention it.
Then we need to configure - Search directory and Filter Criteria and Parameter.

Screen shot from 



















and then set the other attributes from the LDAP which is required for pega configuration and process identification.















set the model operator to which it need to copy and create a new operator ID, for first time login.
If we updated the Model Operator ID, then we need to mention the access group in Unauthenticated AccessGroup, else default configuration is fine.

3)If app server is Tomcat, then web.xml need to be modified, else correponding <<web app>>.xml based on the app server pega is deployed.

4) update web.xml file in the below format, in AuthService parameter mention the newly created Authentication Service name. In this example - TestLDAP1
so that if below URL is used it will pick the servletname and correponding Auth Service.
http://localhost:9085/prweb/PRWebLDAP2

<servlet>
<servlet-name>WebLDAP2</servlet-name>
<display-name>WebLDAP2</display-name>
<description>Authentication using LDAP (reserved for configuration wizard)</description>
<servlet-class>com.pega.pegarules.internal.web.servlet.WebStandardBoot</servlet-class>
<init-param>
<param-name>PegaEtierClass</param-name>
<!--  COMPONENTS: This was previously com.pega.pegarules.services.HttpAPI -->
<param-value>com.pega.pegarules.session.internal.engineinterface.service.HttpAPI</param-value>
</init-param>
<init-param>
<param-name>AuthenticationType</param-name>
<param-value>PRCustom</param-value>
</init-param>
<init-param>
<param-name>AuthService</param-name> --  TestLDAP1 
<!--<param-value>WebLDAP2</param-value> -->
<param-value>TestLDAP1</param-value>
</init-param>
<init-param>
<param-name>RuntimeServletName</param-name>
<param-value>PRWebLDAP2</param-value>
</init-param>
<init-param>
<param-name>SecureServletName</param-name>
<param-value>PRWebLDAP2Auth</param-value>
</init-param>

5)Now open new browser and enter the

enter user and pwd from data you loaded through sample.ldif file.

you can see the screen/portal which you are logging on.

Please let us know if any other updation, we will update it, it will be helpful for others as well.

Friday, January 3, 2020

Creating Excel Sheet with HTML Tags and sending as Email attachment

Creating Excel sheet with HTML Tags and Sending as Email attachment

In Pega PRPC, creating Excel sheet can be done in below ways:
1)By POI jar, using custom java code to create the Excel files with any custom record.
2)Using MSOGenerateExcel activity, which will use template excel to generate the properties to map and generate Excel
3)Using Just HTML table tags to create Excel file - we will see about this in this post.

Steps to follow:
1) Create an AttachmentPage and set the decode flags.




2) Call RDB List with SQL Query to generate the Page list which are to be exported to excel.

3) In a Parameter Flag, create a header tags in HTML table.
Param.XmlValue = "<HTML><BODY><TABLE border='1'><tr><td>Property1</td><td>property2</td>
<td>property3</td><td>property4</td></tr>"

4) Looping on the result which we got in Step 2 and set the values in tr td tags.
Param.XmlValue = Param.XmlValue + "<tr><td>""+.Property1+"</td><td>"+.property2+
"</td><td>"+.property3+"</td><td>"+.property4+"</td></tr>"


5) In Property set, Param.XmlValue = Param.XmlValue + "</table></body></html>"


6) attachment page, pyData string with @Base64Encode(Param.XmlValue)


7) Send Email Notification: - get the email account details and set some message in the mail if needed in the correspondence rule and set the resulted value to Param.Message.