3584034 - 401 error when using mTLSRestClient() to call CPI

When using mTLSRestClient() method to call CPI, intermittently 401 response is retrieved.

SAP SALES CLOUD Integrated with SAP CPI

1. Create a script that uses mTLSRestClient() to retrieve some data from CPI 
2. Have other scripts that uses Basic Auth to call CPI that will be running at the same time as the one that uses Certificate Based Authentication
3. 401 will be thrown on the mTLSRestClient() call.

Mixed Authentication Types are causing the issue, due to TLS Session Reuse.

• It is not recommended to use mixed authentication types when calling the same endpoint,
  • By endpoint in this scenario, it is meant CPI System, as authentication is needed to complete any of the calls to the system
• The 401 issue happens when there's a mix of Basic and Certificate authentication due to TLS session reuse. 
  • The following scenario occurs:
    • ----------------- Long running request using Basic Auth --------------------------->
      --------- Request using mTLS (401 unauthorized) -->
                                           --------- Request using mTLS (401 unauthorized) -->
                                                                                                                           --------- Request using mTLS (200 OK) -->
• TLS Session Reuse is used as it helps reduce the amount of traffic and latency
  • This behavior cannot be changed, as it impacts all landscape of the shared environment
• In order to fix issue, Scripts should be using only one authentication type when calling the same endpoint
  • One recommendation that can be given is, in case issue occurs, the focus on fixing the scripts should be on the ones that keep session open for long times, meaning that it takes more time to CPI send the response and end the session that is using the Basic Auth. 

CPI, 401, mTLSRestClient, Authentication Type, Certificate, CPQ , KBA , CEC-SAL-CPQ , Sales Cloud CPQ , Bug Filed