In my customer, we are using Mashup with no gateway and Pega 7.2.1. After sniffing the traffic between a third party application we have to integrate with for authentication purposes, I can see that the headers are in clear text and that is something we want to avoid (STANDARD?pyActivity=%40baseclass.doUIAction&action=display&harnessName=XXX&className=XXY...).
I was checking the URL obfuscation and enncryption but I am having some troubles in having that work. I have added to prconfig the following entries :
Do you know what is the correct notation to specify in the mashup file that the traffic is encrypted? (like in the old approach having the gateway : pega.web.config.encrypt = "true") - I dont know if this may be a configuration issue in the Mashup file also, as I have set to use url encryption (retired the obfuscation) and if I access directly to the auth service it does work, but when doing it through mashup it does not go forward, just get a blank screen and no entries in the log file.
I have checked for the new notation on mashup, but I have not been able to find anything related to the encryption.