-
Type:
Bug
-
Status: Resolved
-
Priority:
Major
-
Resolution: Duplicate
-
Affects Version/s: 4.5.6
-
Fix Version/s: None
-
Component/s: HttpClient (classic), HttpClient (Windows)
-
Labels:None
A cookie received in a 401 'Unauthorized' response does not get processed.
I am trying to get SSO (using 'Negotiate' scheme) working using WinHttpClients. The flow is as follows:
- The original request gets redirected (302 'Moved temporarily') to an URL of an authentication service.
- The authentication service respondes with a 401 'Unauthorized' response, containing the authentication challenge ('Negotiate' scheme) and a cookie with a JSessionId.
- The HTTP-Client handles the authentication challenge, adding the authentication response header, but does not process the cookie therefore not adding the cookie to the response.
As a consequence, the authentication service does not handle the authentication response and the connection is running into timeout.
As far as I understand the code, the problem might be that the authentication handling is done solely in class 'MainClientExec', while the processing of request- and response-interceptors takes place in 'ProtocolExec' which decorates 'MainClientExec' (as build by HttpClientBuilder). Since processing cookies is done through interceptors (ResponseProcessCookies, ResponseAddCookies), cookies of 401 'Unauthorized' responses are never processed.
- duplicates
-
HTTPCLIENT-1451 HttpClient does not store response cookies on a 401
-
- Resolved
-