I published a RESTful AJAX app that uses a custom authorization scheme and enabled SSO. The login page is an HTML form that grabs credentials and puts them into a custom authorization HTTP header and sends the request back to the server - the form
does not POST with form data in the body of the HTTP request. I can get UAG to inject credentials into the login form and do an autosubmit, but when the form is submitted and an AJAX request is sent with the user credentials, UAG strips out the Authorization
header and authentication fails. If I use AppWrap to add an Authorization header with the right value (value is static), UAG still strips the header. I've tried using both "HTML form" and "Both" in the application authentication tab but the header
still gets stripped, even though trace gives me different reasons why. The only thing I need to finish this app off is to preserve or re-inject this header in the HTTP traffic - any ideas on how to do this?
Here are the authentication headers used for initial login:
Authorization: my_authentication_scheme profile="my_authentication_profile"
X-custom-auth: username=my_username, password=my_password
When the app is published using "Both" for authentication, trace gives me the following message:
Info:Authorization header(s) will be removed as a 401 rule exists for this application (Cortext). (PFC=000000000D1F2BE8)
When I use "HTML form" for authentication, trace says:
Info:Client Authorization header was detected with SSO congiguration. Discard the header
Any ideas?
