Authentication fails always for Optional - Optional scenario

[RusJaI]

Description

When Optional - Optional security is selected in Runtime configurations for an API, it always returns a response that authentication failed. While further debugging the code it was identified that, although it authenticates both the MTLS and Application level security type, the boolean variable authenticate is still having its default value false because it only gets updated if there's an authenticator with isMandatory=true which is not happening in this particular flow.

Steps to Reproduce

1. Create API from publisher portal
2. provide endpoints to the api
3. Go to run time configurations.
4. select MTLS as optional
5. select basic auth as optional
6. save, deploy and publish the api
7. invoke and api providing correct cert AND/OR basic auth credentials

Affected Component

APIM

Version

4.3.0

Environment Details (with versions)

No response

Relevant Log Output

No response

Related Issues

No response

Suggested Labels

No response

[sgayangi]

Update [2024-07-23 to 2024-07-25]

• The issue was reproduced and the fix was identified and is currently being implemented.
• New integration tests for the optional - optional scenario are also being created.