Mashups generated by Pega Web Mashup will give us the
same experience that the users normally have in pega.
Actions commonly defined inside a mashup is:
Opening a new case
Displaying a user's worklist Selecting and performing an assignment
3 slide
On the Web Mashup interface form, you configure the
mashup options and generate the mashup code.
that we can copy, paste, and view within the web page
for example, you can set the width of the mashup.
to Enhance the functionality of web application by
embedding elements of Pega UI in code. can render whole cases so the users create work and manage assignments. For example, embed a feedback form within your website so that the users who access the page can share their comments.
4 slide
The system must authenticate the user before displaying
the application mashup on the external web page. Similar to an SSO configuration, a third-party authentication module manages the authentication of Pega Web Mashup users. Pega provides a standard authentication service named Internet Application Composer (IAC) Authentication for Pega Web Mashup configurations. The standard web.xml contains a servlet named IAC that references this authentication service instance. The instance references standard IAC authentication activities by default. Unlike other custom authentication services, you do not need to create an IAC authentication service and add a reference to it in web.xml.
The standard IACAuthentication activity extracts values
from custom HTTP headers in the HTTP request to identify an authenticated operator. The activity uses the operator's identifier to verify that the user is in the system. The third-party authentication module typically provides this operator information.
Step 4 of the activity is configured to have the
IACAuthVerfication activity return the token to the authentication module and verify the module generated the token.
5 slide
When users log in to the mashup application, the
IACAuthentication activity uses information in the HTTP request header to identify a corresponding operator ID in pega platform.
If an operator ID record for the user does not exist, the
activity creates a record for the user. The activity customizes a template Operator ID or model operator using information in the HTTP request header to create an operator ID record for the user.
The organization, division, and org unit information in
the header is used to identify the appropriate org unit record in pega
The model operator associated with that org unit is the
template for creating an operator ID record for the new user. The identifier and full name are used to customize the operator ID for the user.
6 slide
The pyBlockUnregisteredRequests security switch blocks
unregistered and unencrypted requests coming from the client. Requests are blocked with a 403 error.
pega generates channel id in mashup code for validation
on the server before passing the request
the req is checked with the channel id parameter
the req is allowed if it is valid or else req will be blocked
he pzSecureFeatures security switch is turned on by
default. pzSecureFeatures is the global switch for Broken Access Control (BAC) and cannot be overridden.
The feature ensures that BAC violations are written to
the security logs. Admin, App, Dev and Prediction Studios are exempted. The pyShowSecureFeatureWarning switch is turned on by default in production
Warnings are displayed on the user interface and in the
browser console for all unregistered or unencrypted calls to the mashup activity.
slide 7
Data Exchange through Pega Web Mashup
When you add a Pega Web Mashup to a web page, we can configure the mashup gadget to read data from the web page and send data to the hosting page or another mashup gadget. Passing data in this manner creates a more seamless experience for users.
For example, a bank with a dispute resolution process
implemented on the Pega Platform™ has users who may want to dispute a recent transaction they see on the bank's website from a list of statement activity (stored in a system of record and accessed by the online banking web page). The transaction details are passed to the Pega Platform application through the mashup. The mashup returns a case ID to the user for future reference.