Specifying preauthentication and postauthentication activities for an anonymous authentication service

You can write activities that are triggered before and after authentication. For example, these activities can transfer information from temporary storage that was used for the anonymous operator into the pages for the newly authenticated operator.

  1. Create your preauthentication and postauthentication activities.
    • The preauthentication activity must be accessible to the pega Browser requestor type, which is used for the unauthenticated user session. By default, this requestor type is assigned to the PRPC:Unauthenticated access group. Update the pega Browser requestor type's default access group to equal an access group that includes the ruleset of the preauthentication activity.
    • The postauthentication activity must be accessible to the user who has just been authenticated. The postauthentication activity must exist in a ruleset that is accessible to the user's default access group.
    • The activities must have Code-Security as the Applies To key part.
    • Set the authentication result in pyAuthenticationPolicyResult to true to proceed with authentication, or set to false to terminate the request; for example: 
       tools.getRequestor().getRequestorPage().putString("pyAuthenticationPolicyResult", "true");
  2. Open the authentication service.
  3. On the Anonymous tab, expand the Advanced configuration settings section.
  4. In the Pre-authentication activity field, enter the name of the preauthentication activity.
  5. In the Post-authentication activity field, enter the name of the postauthentication activity.
  6. Click Save.
Mapping operator information for an anonymous authentication service