Cannot connect to REST service with client certificate for auth
SummaryWhen connecting to a REST service using client certificate authentication method, the connection works but the response comes back with the exception.
Error Messagescom.pega.pegarules.pub.services.InboundMappingException: Failed to parse XML. Error: White spaces are required between publicId and systemId.
Steps to Reproduce
- Run a Connect-REST rule involving client certificate authentication method
Root CauseUser wanted to use CLIENT-CERTIFICATE AUTHENTICATION for REST service. PRPC provides two options for securing REST SERVICE endpoints : BASIC AUTHENTICATION and CUSTOM AUTHENTICATION. There is no Out-Of-The-Box mechanism to allow CLIENT-CERTIFICATE AUTHENTICATION. User followed the PDN article (https://pdn.pega.com/support-articles/securing-rest-service-using-client-certificate#comment-376521) to configure CLIENT-CERTIFICATE AUTHENTICATION. However at Pega end, user configured Use authentication, created an authentication profile and added the CLIENT-CERTIFICATE user. This not the correct configuration. User have to pass the client certificate user name in the message header.
ResolutionPerform the following local-change:
- Uncheck the Use authentication check box and remove the authentication profile
- Update the Connect REST rule, add Request Header under Methods tab --> Post and set the client certificate username matching client certificate user name.
Published September 30, 2016 - Updated October 7, 2016