Question
Cognizant Technology Solutions
IN
Last activity: 4 Oct 2018 13:54 EDT
REST Basic Authentication issue
Hi All,
We are hosting a REST service and have used BASIC authentication in service package. We have a specific service operator in Pega to be used for this authentication. While trying to test this REST service from SOAP ui, if I try the userid and password as embedded in Service URL(eg. http://Pega7:8080/prweb/PRRestService/ADVPurchasingWorkPurchaseRequest/PurchaseRequest/GetPurchaseRequest/PR-21?UserIdentifier=Service@ADV&Password=cnVsZXM= ) , authentication is working and am able to get the response.
But if we try to use the user id and password in header(as mentioned in REST tutorial in pega academy: "If the service package is configured to require authentication the request must include username and password of an Operator ID. The external system can send these either in the header, or appended to the URL query string as name/value pairs for the parameters UserIdentifier and Password.") in SOAP ui, are getting a response as "Credentials not found". Please refer screen shot as well.
Please advise.
Thanks
Amrita
***Updated by moderator: Marissa to remove group tag: #helpme. Apologies for confusion, shouldn't have been an end-user option.***
**Moderation Team has archived post**
This post has been archived for educational purposes. Contents and links will no longer be updated. If you have the same/similar question, please write a new post.
-
Like (0)
-
Share this page Facebook Twitter LinkedIn Email Copying... Copied!
Accepted Solution
Sopra Steria Group
FR
Found a solution : need to check the Preemptive authentication box in the Authentication Profile
Pegasystems Inc.
US
Checked the engine code (7.2.1), we only look for the specific Basic http "authorization" header first (which you can specify in the soap ui request properties Username and Password else look for query string of UserIdentifier/Password as you have indicated.
Here is an example:
Tue Jul 19 22:58:18 EDT 2016:DEBUG:>> "Authorization: Basic YWRtaW5pc3RyYXRvckBwZWdhLmNvbTppbnN0YWxs[\r][\n]"
Pegasystems Inc.
CA
How are you constructing the Authorization header? Are you doing it yourself or are you relying on a library to generate it for you by passing username and password? Just so you know, if you are doing it yourself, the Authorization header value must be of this form:
Basic Base64Encoded(<username>:<password>)
Basically, you need to form a string using your username and password separated by : and then base 64 encode it. For example, if your username is foo and password is bar, the Authorization header value is:
Basic Base64Encoded("foo:bar")
which is nothing but
Basic Zm9vOmJhcg==
When you sniff your request using a tool such as TCPMON, you must see this HTTP header:
Authorization: Basic Zm9vOmJhcg==
Cognizant Technology Solutions
IN
Thank you Praneeth for your suggestion. It works. If I try to test the Pega REST service using SOAP UI, I just need to mention the Userid and Password for Basic authentication in SOAP UI AUth tab. It automatically converts the id and password using base64 encoding as you have mentioned, and adds it to the header of the request. We are able to view the encoded auth parameters in RAW message. Thanks for your help.
ING NV
NL
Pegasystems Inc.
US
When you say "exactly as mentioned above - Basic Base64Encoded(username:password)" which one of these did your header value resemble?:
- "Basic Base64Encoded(username:password)"
- "Basic dXNlcm5hbWU6cGFzc3dvcmQ="
ING NV
NL
Hi Jeff, it is similar to 2. It is exactly Authorization: Basic TXV0aHU6cnVsZXM= if my username is Muthu and password is rules.
Pegasystems Inc.
US
OK. I do not see anything wrong with what you are attempting to do.
Another question: is this situation any different than the one you are already discussing here?:
https://collaborate.pega.com/discussion/extending-framework
It looks like people are offering debugging steps on that post.
ING NV
NL
Hi Jeff. I am the original poster of the other thread.
Lately i found that the basic authentication using the auth header is working fine in my PVS (on laptop) but failing with 401 in project environment.I ll check this is its something to do with the environment.
Pegasystems Inc.
CA
In the environment where this isn't working, what's the app server you are using?
ING NV
NL
Hi Praneeth,
We are using WebLogic Server Version: Proprietary information hidden.0
Thanks
Pegasystems Inc.
US
for weblogic, there is some specific you have to do, see this link for details: https://docs-previous.pega.com/troubleshooting-weblogic-error-when-http-basic-authentication-enabled-soap-service
ING NV
NL
Thanks a lot Kevin, I will have a look into this.
Pegasystems Inc.
CA
As Kevin mentioned, for Weblogic, you need to perform additional configuration as mentioned in this PDN article. https://docs-previous.pega.com/troubleshooting-weblogic-error-when-http-basic-authentication-enabled-soap-service
ING NV
NL
Thanks Praneeth
Cognizant Technology Solutions
IN
Yes Muthu. My problem seems to be resolved. If I try to test the Pega REST service using SOAP UI, I just need to mention the Userid and Password for Basic authentication in SOAP UI AUth tab. It automatically converts the id and password using base64 encoding as you have mentioned, and adds it to the header of the request. We are able to view the encoded auth parameters in RAW message. If you are testing your service using SOAP UI, the below URL might be helpful:
https://www.soapui.org/rest-testing/working-with-rest-requests.html
Boehringer Ingelheim
JP
Have you tried below settings?
- Add "PegaRULES:PegaAPI" role to the access group which you are using
- Uncheck "Use TLS/SSL (REST only)" in "api" service package, if you are not using TLS/SSL in your environment
Sopra Steria Group
FR
Hi Toshihide
The problem with the solution you provide is that it doesn't allow mixed services in the same application, some with TLS/SSL for REST calls, and some other REST Service packages using Basic Auth.
Do you have a solution per service package please ?
Accepted Solution
Sopra Steria Group
FR
Found a solution : need to check the Preemptive authentication box in the Authentication Profile
-
Rocco Figliuolo