Troubleshooting
Problem
Please note that, there is a known issue in the DataPower code (for validating X-Client-Certificate header from the request) for DataPower version:10.5.0.6. For anyone upgrading to DP 10.5.0.6 would experience this issue if they are performing Application Authentication.
Current behavior:
While performing an Application Authentication and passing a client certificate in the following request header:X-Client-Certificate, requests are successful if the certificate uploaded in the Portal application matches with the request header value.
In the current design, certificate validation should work in both cases (whether the following lines are included in the certificate or not) in the request header:
---------BEGIN CERTIFICATE---------
---------END CERTIFICATE------------
While performing an Application Authentication and passing a client certificate in the following request header:X-Client-Certificate, requests are successful if the certificate uploaded in the Portal application matches with the request header value.
In the current design, certificate validation should work in both cases (whether the following lines are included in the certificate or not) in the request header:
---------BEGIN CERTIFICATE---------
---------END CERTIFICATE------------
Symptom
There was a code change in DP: 10.5.0.6, where we combined two functions related to this validation, which breaks the working scenario.
- Due to this, the validation will only work when the following 2 lines are excluded in the X-Client-Certificate request header
---------BEGIN CERTIFICATE---------
---------END CERTIFICATE------------
---------END CERTIFICATE------------
- If you include these lines, you will see a validation error with the following:
{ "httpCode": "401", "httpMessage": "Unauthorized","moreInformation": "Client certificates in the API request for application authentication are invalid, malformed, or do not match the registered certificate." }
Document Location
Worldwide
[{"Type":"MASTER","Line of Business":{"code":"LOB77","label":"Automation Platform"},"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SS9H2Y","label":"IBM DataPower Gateway"},"ARM Category":[{"code":"a8m50000000CdntAAC","label":"DataPower-\u003ESecurity (SE)"}],"ARM Case Number":"TS013813714","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"10.5.0"}]
Log InLog in to view more of this document
This document has the abstract of a technical article that is available to authorized users once you have logged on. Please use Log in button above to access the full document. After log in, if you do not have the right authorization for this document, there will be instructions on what to do next.
Was this topic helpful?
Document Information
Modified date:
18 August 2023
UID
ibm17028092