Use the Pega Robotic Automation Security Token Service (STS) as a minimal version of Microsoft Active Directory Federation Services (AD FS) for authenticating Pega Robot Studio and attended Pega Robot Runtime installations with Pega Robot Manager.
Using the Security Token Service lets you avoid the per-seat licensing cost of Microsoft's AD FS, while providing a secure token provider for authentication purposes using your Active Directory (AD) or Lightweight Directory Access Protocol (LDAP) user store.
The Security Token Service is a web service that can be hosted in Internet Information Services (IIS). The Security Token Service authenticates using the domain user credentials of the user's Windows session.
- STS requirements
The following are the requirements for using the Security Token Service. The example hardware and software configuration specified in this topic handles 1000 users.
- STS Overview
The following diagram shows how the Pega Robotic Automation Security Token Service (STS) works to provide secure tokens:
- Issuing the token-signing certificate
A token-signing certificate, issued by a certificate authority, provides a quick way to verify if your private key is compromised. Different certificate authorities have different processes for generating a certificate with a private key.
- Installing the Security Token Service
When you run the Security Token Service Setup wizard (PegaSTSServiceSetup.exe), several needed Windows features and software packages are automatically installed as dependencies.
- Setting up the Security Token Service
After you have installed the Security Token Service and rebooted your system, the next step is to configure the Security Token Service for your location. To do this, use the Security Token Service Configuration Console.
- Configuring Robot Runtime and Robot Studio
To configure Robot Runtime and Robot Studio to work with the Security Token Service, provide configuration information in the CommonConfig.xml file. This includes specifying the URL that the system uses for authentication.
- Configuring the Security Token Service to work with Robot Manager
To configure the Security Token Service for use with Robot Manager, you must perform several tasks in several applications, including the Security Token Service and Pega Platform. The following figure provides an overview of the tasks that you must complete after you set up Robot Manager:
- Adding a relying party
Use the Security Token Service to set up authentication with multiple relying parties.
- Editing relying party information
If you need to update the information set up for a relying party, perform the following steps: