SPS r12.52 SP1 (CA Access Gateway) strips out a Basic Authentication request from backend server. (worked correctly in SPS r12.0 SP3)

Document ID : KB000100992
Last Modified Date : 13/06/2018
Show Technical Document Details
A Web Application resides behind CA Access Gateway (SPS) r12.52 SP1 and is protected with Basic Authentication natively by itself (not by Policy Server).
SPS strips a HTTP header “WWW-Authenticate” from the backend.
As a result, access to the backend application results in HTTP 401 error while the access was working in SPS r12.0 SP3.
CA Access Gateway (SPS) r12.5 or later
Since SPS r12.5 there is an additional parameter :

(1) For authenticated backed connections which require pass through the setting is:
<nete:forward connection-auth="yes">
The addition of : connection-auth="yes" will transfer the WWW-Authenticate header to the client and it will then work as expected.
(2) As for regular expression rule, the XML Schema shows that the element nete:result may have the attribute. (See <secure-proxy>\proxy-engine\conf\dtd\proxyrules.dtd)
However, the attribute of: connection-auth="yes" does not work in this case such rule as following:
<nete:result connection-auth="yes">
This is a defect which will be fixed in the future release.