Question

5
Replies
302
Views
LEELABIRAMS6337 Member since 2017 19 posts
Lloyds Banking Group PLC
Posted: March 13, 2019
Last activity: July 10, 2019
Closed

Mutual Auth for services exposed from PEGA

v7.3.1 | WAS 8.5.5

Our PEGA application exposes a number of services to other non-PEGA applications to consume and basic authentication has been used for auth wherein the calling application passes the user identifier and password to the service.

However, our security requirement suggests we would be better of using mutual auth for this and we would like to know if there would be any challenges in achieving this.

My simple understanding of this was -

Store both the client and service provider certificates of both the applications involved in their corresponding servers and enable the "Require TLS/SSL for REST services in this package" setting in the service package.

Guidance from anyone who has done this before would be appreciated.

Pega Platform Data Integration
Moderation Team has archived post
Share this page LinkedIn