209 views

Description

While calling a REST Message configured with Mutual Auth with a custom protocol profile name using "https," the request is sent using regular HTTPS protocol instead of the user-defined HTTPS protocol profile. This results in only a one-way authorization.

Steps to Reproduce

 

The steps you take to reproduce this issue depend on whether you already have a REST message configured to use mutual authentication. Detailed steps are provided if you do not have an existing REST message with this configuration.

If you already have a REST Message that is configured to use mutual authentication:

  1. Make a new profile with the protocol name "https" and use the same default port and keystore as your existing profile.

  2. In the function's Related Links section, click Test.

    The test fails, indicating that the https profile is not setting the default port and not using the keystore.

If you do not already have mutual authentication configured, set up a minimum configuration to reproduce the issue. The following example uses the Yahoo Finance REST Message in the demo data.

  1. Navigate to  System Security > Protocol Profiles or go to sys_protocol_profile_list.do.

  2. Click New and create a new profile with the name "https" and the default port 4430.

  3. Create another new profile with the name "myhttps" and the default port of 4430.

  4. Navigate to System Web Services > Outbound > REST Message and click Yahoo Finance.

  5. In the HTTP Methods section, click the get function.

  6. Check the Use mutual authentication check box and for the Mutual authentication profile, select the https profile.

    If you want a valid return from the web service call, setup the variable to pass in NOW.

  7. In the Yahoo Finance window, under Related Links, click Test.

    The test returns a response code of 200 even though the default port is 4430.

  8. Go back to the get function, and change the Mutual authentication profile value to myhttps.

  9. In the Yahoo Finance window, under Related Links, click Test.

    The request fails with an HTTP status of 500. The node log shows that the connection timed out.

    Error:
    Error Code: 1
    Error Message: java.net.SocketTimeoutException: connect timed out when posting to myhttps://finance.yahoo.com/d/quotes.csv?s=NOW&f=l1<?p>

    Note that telnet does not display a connection refused message for this endpoint. It just freezes on attempts to telnet into finance.yahoo.com port 4430).

Workaround

Do not use https as a mutual authentication profile name.


Related Problem: PRB914584

Seen In

There is no data to report.

Fixed In

Kingston

Associated Community Threads

There is no data to report.

Article Information

Last Updated:2018-06-04 23:55:44
Published:2017-04-19