Skip to main content

Configuring the challenge behavior for custom or Kerberos authentication services

Suggest edit Updated on July 1, 2021

Configure the way in which your custom or Kerberos authentication service requests the login credentials.

  1. Open the service from the navigation panel in Dev Studio by clicking RecordsSysAdminAuthentication Service and choosing a service from the instance list, and then navigate to the Custom tab.
  2. In the Initial challenge stream field, press the Down Arrow key and select the second key part of an HTML rule to run (where the Applies To key part is @baseclass ) if user navigates to your system through a non-HTTPS URL.
    Design the page rendered by this HTML rule to redirect the user to an HTTPS URL where the user is challenged for credentials. See the standard HTML rule Web-Login-SecuredBasic for an example. By default, this rule runs when all of the following are true:
    • The Use SSL option is selected.
    • An unauthenticated user navigates to the system through an unsecured port.
    • No rule is specified in the Initial Challenge Stream field.
  3. To require users to use a secure port (HTTPS) for authentication, select the Use SSL check box .
    If Use SSL is checked, users must use an HTTPS URL for authentication. Verify that the application server that hosts your system uses HTTPS and that a URL is configured with the appropriate security constraints.
  4. Complete one of the following steps.
    • To use the Basic authentication browser pop-up window to gather user credentials, select the Use Basic Authentication for signon check box.
    • In the Credential challenge stream field, press the Down Arrow key and select the second key part of an HTML rule (where the Applies To key part is @baseclass ) that provides the login form that gathers user credentials.
  5. To customize the page that appears when authentication fails, specify an HTML rule in the Authentication fail stream field.
    Enter the second key part of the HTML rule (where the Applies To key part is @baseclass ) that provides the page that appears when a user's username and password combination does not pass authentication.
    Commonly, one HTML rule is used for both the challenge stream and the fail stream.
  6. Click Save.
What to do next: Configuring the time-out behavior for custom or Kerberos authentication services
  • Previous topic Identifying the operator for Kerberos authentication services
  • Next topic Configuring the time-out behavior for custom or Kerberos authentication services
Did you find this content helpful? YesNo

Have a question? Get answers now.

Visit the Support Center to ask questions, engage in discussions, share ideas, and help others.

We'd prefer it if you saw us at our best.

Pega.com is not optimized for Internet Explorer. For the optimal experience, please use:

Close Deprecation Notice
Contact us