Posted: 7 Jun 2016 12:04 EDT Last activity: 23 Jun 2016 14:09 EDT
Can we add a certificate to IAC pegagateway to authenticate as a client?
The client has the requirement for the IAC prgateway to connect to a DataPower applicance to be then forwarded to the Pega server. The ssl handshake is succsesful, since we imported the certificate into the jks file in the prgateway. But for an outgoing connection from the gateway to the Datapower a client authentication via ssl certificate is necessary. This is usually configured in Websphere and all applications in the container then use this configuration. But the IAC prgateway seems to be implemented in a way to not use the container settings but to establish its own HTTP connection. Can someone confirm or correct this? Is there any way to solve this requirement?
We are implementing a new requirement on Pega 7.1.8 and I posted a different thread on gateway necessity for the same. But I received replies that PRGateway is optional. So would you confirm if it's absolutely not required? is there any documentation on latest IAC implementation approach ?
The PRGateway application is a proxy application at it's core. It takes a request from the browser, creates a new HTTP connection using java.net.HttpURLConnection to the back end PRPC system, gets the response from PRPC, then sends the response back to the browser. These are separate connections.
Do you have or plan on having the PRGateway application installed in the same JVM as PRPC? That is never needed except maybe in a development environment. You can instead go directly to the PRPC system by configuring the pega.web.config.gatewayURL like:
pega.web.config.gatewayURL = "/prweb/IAC/";
This uses the same servlet that you would use when defining the connection in the PRGateway application. Notice this is a relative URL so that same domain origin policy is satisfied and that is done via other configurations at network or other appliance levels.
Note: in PRPC 7.2.1 this changes. PRGateway is not even shipped, no longer part of Mashups, and same domain origin policy is not required as it's handled with trust configurations.
Posted: 5 years ago
Updated: 5 years ago
Posted: 23 Jun 2016 14:06 EDT Updated: 23 Jun 2016 14:09 EDT