Issue with two authentication services on same server [error defaults to one]

Imranullah-db · November 6, 2020, 6:40pm

Here is something different happening to us in prod. We have two applications that are running on the Pega cloud and authenticated using Okta. Assume the two apps to have authentication URL using SP as
https://division.organization.com/prweb/PRAuth/App1
https://division.organization.com/prweb/PRAuth/App2

We have two authentication services setups, the service activity has been written in such a way that even if the operator exists, they remove the current access group and add the required access based on the authentication service. One thing to say is App2 was released into prod after App1 and there are users who are common to both the applications. For these types of users [in order]

When they log in to App2 (works properly).
When they log in to App1 (works properly).
When they try to access App2 (doesn’t work as expected). Logs the user into the App1.

We must delete the operator id to allow the user to login to App2 again.

Has anyone in the Pega realm has encountered this issue.

Edited by Moderator Kayla to update Content Type from Discussion to Question

Imranullah-db · November 7, 2020, 1:06am

One more additional finding on this.

Users logs into app 2 (https://division.organization.com/prweb/PRAuth/App2)
The user then logs into app 1 (https://division.organization.com/prweb/PRAuth/App1)
Login to the admin studio and clear off all the requestors by using a terminate requestor.
Then try to login to app 2 (https://division.organization.com/prweb/PRAuth/App2)
Works perfectly this time.

So, if without killing the requestor if I try it picks up from passivation. Btw in app 1 “Use access-group timeout” is set.

Imranullah-db · January 6, 2021, 1:42pm

Well, this issue was solved by making the changes to the access group to the operator and saving the operator id explicitly with obj-save write now.

Since it was post-authentication activity, not authentication activity that was the way to go.

MarissaRogers1 · January 6, 2021, 3:06pm

Thank you for sharing your resolution and marking it as the solution @imranullah!

This will help users in the future who also have the same question! Much appreciated!

Conversation		Replies	Views
cLSA Security Excellence webinar - Q&A about Authentication General lead-system-architect , security , 8-5	0	713	March 10, 2021
Unable to login from Non-SSO Operator ID General security , pega-cloud , 8-8-5	3	198	May 16, 2024
Access Constellation case in traditional keep loggging out General constellation , security	1	17	March 31, 2026
Authentication Failed error - User is Kicked out in mobile Pega-as-a-Service	1	54	June 19, 2025
How to extend PEGA service to another consumer with different authentication? General pega-platform , security , case-management , installation-and-deployment	1	53	June 11, 2024

Issue with two authentication services on same server [error defaults to one]

Related topics