401 Unauthorized response with WWW-Authenticate: Negotiate
Is there an option in glassfish to allow web application to send their own response code from, preserve the header, but use the virtual server's configured default html page for the response code?
I'm running Glassfish V2.1.1. We have OpenSSO deployed and are supporting GSSAPI authentication with the WDSSO module. The authentication provider in OpenSSO sends a 401 WWW-Authenticate: Negotiate header back to the client. The client negotiates with the KDC authentication service to get a ticket for the service then the ticket back via headers to the opensso server.
I'm trying to setup a custom 401 unauthorized HTML page that will redirect the browser to an LDAP/Password module for OpenSSO in case the client doesn't support GSSAPI authentication.
I have this setup in the container we are currently running Access Manager (predecessor to OpenSSO) and it works splendidly.
Glassfish appears to override all 401 unauthorized headers (set by OpenSSO) and removes the WWW-Authenticate: Negotiate header and will only send the custom HTML response for any request to the WDSSO module.
I've run the following on the system to
asadmin set \
"path=../docroot/errors/401.html reason=Not_authorized code=401"