An SSL handshake failure occurs with $WS* HTTP headers in an HTTP binding for WebSphere Process Server (WPS) or WebSphere Enterprise Service Bus (WESB)

The following exception exists in the log file:

SECJ0056E: Authentication failed for reason No Client Certificate Available

$WS* headers are standard HTTP headers, such as $WSAT, which stores the Auth Type that is being used to make the request. There are other $WS* headers, such as $WSCC, $WSCS, $WSIS, and $WSSC. By default, the WebSphere Process Server and WebSphere Enterprise Bus HTTP binding will not refactor these $WS* header values when they pass through the process. If the Propagate HTTP header option is enabled, WebSphere Process Server and WebSphere Enterprise Service Bus propagate them from export to import.

The HTTP binding code for WebSphere Process Server and WebSphere Enterprise Service Bus does not refactor the value in the $WS* header. When the handshake takes place with other applications on a different server, the authentication information in the $WS* header is used. This scenario causes the handshake failure.

To resolve the issue, complete one of the following options:

• You can write customized code to refactor the values in these $WS* headers. You can find an overview and a code sample in the following information center topics:
  • z/OS: SOAP header propagation
  • z/OS: Transport header propagation
    
    
  • Other platforms: SOAP header propagation
  • Other platforms: Transport header propagation
    
    
• If the $WS* header information is not usable, you can disable the Propagate HTTP header option to work around this issue.