Support Article
Connection to remote server fails on using OAuth2 authentication
SA-68094
Summary
Connection to a remote server fails when using OAuth2 authentication URL in the REST Connector.
The connection fails when the TrustStore and KeyStore certificates are added in IBM WebSphere Application Server (WAS) 8.5 (even when the TrustStore or KeyStore is removed from Pega connector or OAuth2 rules). The connection works when using TrustStore and KeyStore instances in the Connector and OAuth2 Provider Pega rules.
Error Messages
Exception caught during REST Connector connectivity test : Connection to service failed
com.pega.pegarules.pub.PRRuntimeException: Connection to service failed
at com.pegarules.generated.activity.ra_action_pytestconnectivity_d635922153ac73401e27464beddb7a97.step6_circum0(ra_action_pytestconnectivity_d635922153ac73401e27464beddb7a97.java:830) at com.pegarules.generated.activity.ra_action_pytestconnectivity_d635922153ac73401e27464beddb7a97.perform(ra_action_pytestconnectivity_d635922153ac73401e27464beddb7a97.java:167)
at
com.pega.pegarules.session.internal.mgmt.Executable.doActivity(Executable.java:3510)
at
com.pega.pegarules.session.internal.mgmt.Executable.invokeActivity(Executable.java:10587)
at com.pegarules.generated.activity.ra_action_pzresttestconnectivitywrapper_9c51604e010c0cf5bc9c3cd7bc376f8c.step3_circum0(ra_action_pzresttestconnectivitywrapper_9c51604e010c0cf5bc9c3cd7bc376f8c.java:372)
at com.pegarules.generated.activity.ra_action_pzresttestconnectivitywrapper_9c51604e010c0cf5bc9c3cd7bc376f8c.perform(ra_action_pzresttestconnectivitywrapper_9c51604e010c0cf5
Caused by:
javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
at
com.ibm.jsse2.ad.getPeerCertificates(ad.java:197)
at
com.pega.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:128)
at
com.pega.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:398)
at
com.pega.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:496)
at com.pega.apache.http.conn.scheme.SchemeSocketFactoryAdaptor.connectSocket(SchemeSocketFactoryAdaptor.java:62)
at com.pega.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:148)
Steps to Reproduce
- Create a REST Connector to invoke an Oauth2 protected Web Service.
- Invoke the connector from an activity or a datapage.
- Include the Truststore or Keystore in the application server.
- Do not specify the Truststore or Keystore in the ruleform.
- Run the Connector.
Root Cause
A defect in Pegasystems’ code or rules.
Resolution
Apply HFix-34245.
Published December 11, 2018 - Updated October 8, 2020
Have a question? Get answers now.
Visit the Collaboration Center to ask questions, engage in discussions, share ideas, and help others.