0

I'm trying to access a REST service via a server-to-server GET request that is secured by OpenSSO/Spring Security and am unable to. It's like my Spring Rest Template client is not stateful to hold the cookies it should as I get redirected through the authentication workflow.

When doing this with a browser, the initial request is redirected to OpenSSO, I'm challenged for my cert (PKI), I present it, get a response with my authentication cookie header. Then I am redirected back to my original destination, I present my auth cookie in the request header and I'm on my way.

This isn't happening in my server-to-server invocations.

I've searched for quite a while now and can't seem to find any solutions that hold onto this state across redirects!

Bart
  • 21
  • 1
  • 4
  • Have you tried [this](http://stackoverflow.com/a/5798881/1276804)? – zagyi Mar 11 '13 at 19:11
  • I'll check that out. I thought that this would have been a fairly common situation that wouldn't require overriding anything. – Bart Mar 11 '13 at 19:23

1 Answers1

0

Following the link in zagyi's comment may have worked, but I spent some more time and found the following solution, which does not involve overriding anything:

To handle the authentication cookie in the REST controller, you have to explicitly tell it to accept cookies. Before handling the call, add the following line of code: 

CookieHandler.setDefault(new cookieManager(null, CookiePolicy.ACCEPT_ALL));
Bart
  • 21
  • 1
  • 4