Support Article
Cannot connect to REST service with client certificate for auth
SA-28712
Summary
When connecting to a REST service using client certificate authentication method, the connection works but the response comes back with the exception.
Error Messages
com.pega.pegarules.pub.services.InboundMappingException: Failed to parse XML. Error: White spaces are required between publicId and systemId.
Steps to Reproduce
- Run a Connect-REST rule involving client certificate authentication method
Root Cause
User wanted to use CLIENT-CERTIFICATE AUTHENTICATION for REST service. PRPC provides two options for securing REST SERVICE endpoints : BASIC AUTHENTICATION and CUSTOM AUTHENTICATION. There is no Out-Of-The-Box mechanism to allow CLIENT-CERTIFICATE AUTHENTICATION. User followed the PDN article (https://pdn.pega.com/support-articles/securing-rest-service-using-client-certificate#comment-376521) to configure CLIENT-CERTIFICATE AUTHENTICATION. However at Pega end, user configured Use authentication, created an authentication profile and added the CLIENT-CERTIFICATE user. This not the correct configuration. User have to pass the client certificate user name in the message header.
Resolution
Perform the following local-change:
- Uncheck the Use authentication check box and remove the authentication profile
- Update the Connect REST rule, add Request Header under Methods tab --> Post and set the client certificate username matching client certificate user name.
Published October 7, 2016 - Updated October 8, 2020
Have a question? Get answers now.
Visit the Collaboration Center to ask questions, engage in discussions, share ideas, and help others.