Support Article

Cannot connect to REST service with client certificate for auth

SA-28712

Summary



When connecting to a REST service using client certificate authentication method, the connection works but the response comes back with the exception.


Error Messages



com.pega.pegarules.pub.services.InboundMappingException: Failed to parse XML. Error: White spaces are required between publicId and systemId.


Steps to Reproduce

  1. Run a Connect-REST rule involving client certificate authentication method​


Root Cause



User wanted to use CLIENT-CERTIFICATE AUTHENTICATION for REST service. PRPC provides two options for securing REST SERVICE endpoints : BASIC AUTHENTICATION and CUSTOM AUTHENTICATION. There is no Out-Of-The-Box mechanism to allow CLIENT-CERTIFICATE AUTHENTICATION. User followed the PDN article (https://pdn.pega.com/support-articles/securing-rest-service-using-client-certificate#comment-376521) to configure CLIENT-CERTIFICATE AUTHENTICATION. However at Pega end, user configured Use authentication, created an authentication profile and added the CLIENT-CERTIFICATE user. This not the correct configuration. User have to pass the client certificate user name in the message header. 

Resolution



Perform the following local-change:
  1. Uncheck the Use authentication  check box and remove the authentication profile
  2. Update the Connect REST rule, add Request Header under Methods tab --> Post and set the client certificate username matching client certificate user name. 

 

Published September 30, 2016 - Updated October 7, 2016


0% found this useful

Have a question? Get answers now.

Visit the Collaboration Center to ask questions, engage in discussions, share ideas, and help others.