Posted: 23 Mar 2016 8:54 EDT Last activity: 8 Apr 2016 11:02 EDT
Pega 7.2 Web service with authentication - possible to use non-preemptive authentication?
I have set up pega web services that is going to be consumed from Biztalk 2013. I use basic authentication with a custom authentication service, using basic authentication for signon. The services work, and the authentication works when I use preemptive authentication (sending username / pasword in the header) in the request.
Apparently Biztalk don't support this out of the box, it sounds like they are expecting a 401 in return and then they will provide the auth info in the header in the second request.
What I have understand it is that there is an ER logged but has not been implemented in Pega:
PRPC services protected by Basic authentication doesn’t follow the HTTP spec (see http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.4.2), which mandates application to send WWW-Authenticate header along with 401 status code. Wrong behavior of PRPC service forces the service clients to use preemptive authentication.
Has anyone here had similar problems? Did you solve it (on the Pega-side of the integration) ?
Henrik, I don't quite understand this statement of yours: "I use basic authentication with a custom authentication service". How are the two possible? When you choose authentication type as Basic on service package, you cannot choose a custom authentication service right?
Anyway, with regards to Pega services, we do support both preemptive and non-preemptive authentication. You could verify this with any standard REST service from Pega API, such as GET /api/v1/casetypes.