More about authentication services

This page describes additional topics relevant to authentication services that are not directly referenced on the rule form.

Tracking log-in failures

Pega Platform records log-in failures (and optionally log-in successes) from any requestor type as an instance of the Log-SecurityAudit class. To obtain information about failed log-in attempts, run the standard list view rule named Log-SecurityAudit.ListOfLoginFailures. For each failed attempt, the ListOfLoginFailures report lists the time of the attempt, the server name and IP address of the system the attempt was made from, the Operator ID (if available), and the message that was returned. The pyRemoteHost property identifies the workstation or other system attempting log-in, and the pyRemoteID identifies the IP address.

Testing an authentication service

To test a SAML authentication service in a development or staging environment, do the following steps:
  1. Set the logger to debug. The logger is com.pega.pegarules.integration.engine.internal.util.PRSAMLv2Utils. For performance and security reasons, do not use this setting in a production environment.
  2. Attempt to log in using the SAML authentication service.
  3. Examine the console log by clicking Configure > System > Operations > Logs > Log files and selecting the Pega log.
  4. Using a third-party tool, decode the Base64-encoded assertion seen in the log.