for the Route via HTTP(S) assertion one of the default settings is: "Never fail as long as target returns an answer", but based on official CA-documentation there is an exception for 401 HTTP errors in case another default setting "Use HTTP Credentials from Request" is selected. See here under point 3.
As we have currently some issues with such 401 HTTP errors, because they will not passed through to the client, I want to understand the behavior and background of "The assertion may still fail [...]". Also the mentioned workaround is not really helpful and interrupts correct requests, where the credentials are already included. I mean I could implement something like:
- Take the "Authorization" Header and base64 decode its value
- Split it on the ":" and store it into two variables i.e. $username and $password
- Use these variables with the "Specify HTTP Credentials" option
But I would expect that the API GW is already exactly doing this with the default setting. Therefor can someone provide some more details what "may" means and how to prevent this?