ACS URL Authentication

Srihari S · 2021-04-06T15:51:38+00:00

There was an error rendering this rich post.

Hi All,

We are using PEGA as a User Interface to view the document. Once the user clicks on Hyperlink, the document should be opened in the Pega system. The document will be uploaded to Documentum before they open it.

When the user clicks on Hyperlink, PEGA will call DCTM Rest API Services and DCTM will send back the ACS URL to view the document.

I have few questions related to this.

We would like to avoid a use case where ACS url is generated by a user who has access rights and then it is shared with someone else who is not authorized to see the document. How to achieve it?
Will the ACS URL authenticate the user when opening the document?
Can we implement SSO Specific to Rest web services?
Will there be any impact if we change the repository. validation. delta value in acsfull. properties to 1 min?

Immediate help is appreciated.

Find more posts tagged with

Comments

DCTM_Guru

ACS url is unique identifier to the document. It has no context/scope on whether the user has rights to the document or not.
Yes, although there might be a setting that you disable authentication completely. Its basically all or nothing setting.
Yes. We implemented SAML against xCP web services.
I have never played with ACS properties, so I cant tell you want the impact is.

Srihari S

Thankyou Guru for your answers.

So, the use case cannot be achieved using ACS URL. Can we achieve this by any other approach(using different URL) or it is not possible at all?

Main reason why we went with ACS URL is, it is quick in opening the document and it is secure.

If we implement SAML 2.0 for Custom DCTM Rest API Services, will it be more secure?

Mainly, our requirement is to implement it in a best secured way.

Generally, when the user clicks on Hyperlink, Pega is configured(send logged in user credentials - authentication in header) to trigger DCTM Rest API Services and DCTM will send back the ACS URL to view the document. So, from Pega, we are sending the basic authentication key to DCTM Rest API services.

Currently we are testing with hardcoded user credentials(dmadmin) for basic authentication, but it can be configured in PEGA to send logged in user credentials(Authentication key) in header.

All the PEGA users are Documentum users(synced from AD using LDAP job). So, in this case, do we need to configure SAML 2.0 for DCTM Rest API services? Could you please clarify.

I am very new to DCTM Rest API services and SAML concepts..

Immediate help is appreciated.

DCTM_Guru

If your requirement is best secured way, then SAML is more secure than basic authentication.

Srihari S

Thanks Guru. We will implement it using SAML