Details
-
Type:
Bug
-
Status: Resolved
-
Priority:
Major
-
Resolution: Duplicate
-
Affects Version/s: 4.5.6
-
Fix Version/s: None
-
Component/s: HttpClient (classic), HttpClient (Windows)
-
Labels:None
Description
A cookie received in a 401 'Unauthorized' response does not get processed.
I am trying to get SSO (using 'Negotiate' scheme) working using WinHttpClients. The flow is as follows:
- The original request gets redirected (302 'Moved temporarily') to an URL of an authentication service.
- The authentication service respondes with a 401 'Unauthorized' response, containing the authentication challenge ('Negotiate' scheme) and a cookie with a JSessionId.
- The HTTP-Client handles the authentication challenge, adding the authentication response header, but does not process the cookie therefore not adding the cookie to the response.
As a consequence, the authentication service does not handle the authentication response and the connection is running into timeout.
As far as I understand the code, the problem might be that the authentication handling is done solely in class 'MainClientExec', while the processing of request- and response-interceptors takes place in 'ProtocolExec' which decorates 'MainClientExec' (as build by HttpClientBuilder). Since processing cookies is done through interceptors (ResponseProcessCookies, ResponseAddCookies), cookies of 401 'Unauthorized' responses are never processed.
Attachments
Issue Links
- duplicates
-
HTTPCLIENT-1451 HttpClient does not store response cookies on a 401
-
- Resolved
-