Skip to main content

This content is closed to future replies and is no longer being maintained or updated.
Links may no longer function. If you have a similar request, please write a new post.

Question

 Patrick Capron (PatrickC8660)
TD Bank Group
Software Engineer III
TD Bank Group
CA
PatrickC8660 Member since 2014 29 posts
TD Bank Group
Posted: Sep 28, 2017
Last activity: Oct 13, 2017
Posted: 28 Sep 2017 8:30 EDT
Last activity: 13 Oct 2017 9:23 EDT
Closed
Solved

2-way SSL on Connect-SOAP

Hi,

I have read a few articles about this on PDN, but I am still looking for information to see if a hotfix or an enhancement will be provided at some point.

Essentially, based on the following article, to setup the client side for 2-way ssl on a Connect-SOAP, it's up to the JVM configuration:
https://docs.pega.com/how-set-two-way-ssl-soap-over-http-using-rule-connect-soap

Issue is that some app servers (JBOSS) won't allow to configure dynamic client cert lookup only a single one for all outbound connections.

Also, for Connect-REST an enhancement has been made to allow for specification of a keystore and truststore in the Connect rule itself. Why not do the same for SOAP?

I know that REST is getting a lot of interest and people are slowly moving away from SOAP, but SOAP services are still going to be around for some time...

What is Pega's plan? Are we going to get a fix that allows to specify a keystore on a Connect-SOAP rule the same way it was done for REST?

To see attachments, please log in.
Data Integration

Accepted Solution

Posted: 7 years ago
Posted: 28 Sep 2017 12:23 EDT
Jeff Houle (HOULJ) Senior Software Engineer
Pegasystems Inc.
US

This is already supported for SOAP Connectors. It's just not as obvious as with REST Connectors:

  1. Upload your truststore and keystore as Keystore records if you haven't already done so (same as for REST).
  2. Create WS-Security profile record (might sound weird, but trust me)
    1. switch to the "Keystore" tab
    2. fill in Keystore and "Truststore" fields with identifiers of appropriate Keystore records
    3. save
  3. Open SOAP Connector
  4. Switch to "Advanced" tab
  5. Find the "Security profile" field and populate it with the identifier for your WS-Security Profile.
  6. Save

DO NOT click either of the 'Enable' checkboxes in the ws-* area. Though the record type that you used is called "WS-Security Profile," it is doing dual-duty as your SSL configuration, and the Keystore and Truststore identifiers will be picked up for use when the Connector runs. I realize this is a bit unintuitive.

 

As for the document at https://docs-previous.pega.com/how-set-two-way-ssl-soap-over-http-using-rule-connect-soap, it appears this information may be intended for users of "Pega 4.2.x" and needs updating. I'll look into that.

To see attachments, please log in.

We'd prefer it if you saw us at our best.

Pega Collaboration Center has detected you are using a browser which may prevent you from experiencing the site as intended. To improve your experience, please update your browser.

Close Deprecation Notice