Skip to main content

This content has been archived and is no longer being updated. Links may not function; however, this content may be relevant to outdated versions of the product.

Support Article

Unable to use Authorization on Pega REST API calls

SA-22512

Summary



The Pega REST API does not send proper responses. When the credential challenge appears, entering the credentials does not work.

Error Messages



<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Draft//EN">
<HTML>
<HEAD>
<TITLE>Error 401--Unauthorized</TITLE>
</HEAD>
<BODY bgcolor="white">
.
.
.

Steps to Reproduce



1. Navigate to Pega API landing page.
2. Click Try It Out for the authenticate service.
3. Enter valid user credentials (with PegaAPI role added).

Root Cause



A third-party product issue. In WebLogic Server 9.2 and later versions, client requests that use HTTP BASIC authentication must pass WebLogic Server authentication, even if access control is not enabled on the target resource. The enforce-valid-basic-auth-credentials flag is true by default, and WebLogic Server authentication is performed. If authentication fails, the request is rejected. WebLogic Server must therefore have knowledge of the user and password.

Resolution



Make the following changes to the operating environment:

1. Add the <enforce-valid-basic-auth-credentials> element to config.xml within the <security-configuration> element.
       <enforce-valid-basic-auth-credentials>false</enforce-valid-basic-auth-credentials>
          </security-configuration>

2. Start or restart all servers in the domain.
Suggest Edit

Published May 4, 2016 - Updated October 8, 2020

Did you find this content helpful? Yes No

0% found this useful

Have a question? Get answers now.

Visit the Collaboration Center to ask questions, engage in discussions, share ideas, and help others.

We'd prefer it if you saw us at our best.

Pega Community has detected you are using a browser which may prevent you from experiencing the site as intended. To improve your experience, please update your browser.

Close Deprecation Notice
Contact us