REST requests don't follow HTTP 303 redirects with Auth

Question

When I set HTTP Basic Auth, the request sends an HTTP redirect.  SoapUI 5.0.0 will follow that redirect, but it won't propogate the authentication credentials at all.Log:Wed Sep 24 11:52:08 CDT 2014:DEBUG:&gt;&gt; "GET /theURI HTTP/1.1[][
]"Wed Sep 24 11:52:08 CDT 2014:DEBUG:&gt;&gt; "Accept-Encoding: gzip,deflate[][
]"Wed Sep 24 11:52:08 CDT 2014:DEBUG:&gt;&gt; "Authorization: Basic AUTHCREDENTIALSGOHERE==[][
]"Wed Sep 24 11:52:08 CDT 2014:DEBUG:&gt;&gt; "Host: our-host.localhost.com:80[][
]"Wed Sep 24 11:52:08 CDT 2014:DEBUG:&gt;&gt; "Connection: Keep-Alive[][
]"Wed Sep 24 11:52:08 CDT 2014:DEBUG:&gt;&gt; "User-Agent: Apache-HttpClient/4.1.1 (java 1.5)[][
]"Wed Sep 24 11:52:08 CDT 2014:DEBUG:&gt;&gt; "[][
]"Wed Sep 24 11:52:08 CDT 2014:DEBUG:&lt;&lt; "HTTP/1.1 303 See Other[][
]"Wed Sep 24 11:52:08 CDT 2014:DEBUG:&lt;&lt; "Content-Type: text/xml;charset=UTF-8[][
]"Wed Sep 24 11:52:08 CDT 2014:DEBUG:&lt;&lt; "Location: ../../../../rds/sessionOutput/conversationID/i3FD8A49805B64E0B9B1FD5B57D74B1C7[][
]"Wed Sep 24 11:52:08 CDT 2014:DEBUG:&lt;&lt; "Server: Microsoft-IIS/7.5[][
]"Wed Sep 24 11:52:08 CDT 2014:DEBUG:&lt;&lt; "set-cookie: CRN=skin%3Dcorporate%26showHiddenObjects%3Dfalse%26columnsPerPage%3D3%26displayMode%3Dlist%26listViewSeparator%3Dnone%26automaticPageRefresh%3D30%26format%3DHTML%26showOptionSummary%3Dtrue%26contentLocale%3Den%26useAccessibilityFeatures%3Dfalse%26productLocale%3Den%26http%3A%2F%2Fdeveloper.cognos.com%2Fceba%2Fconstants%2FbiDirectionalOptionEnum%23biDirectionalFeaturesEnabled%3Dfalse%26showWelcomePage%3Dtrue%26timeZoneID%3DCST%26linesPerPage%3D15%26; Domain=.alliant-energy.com; Path=/cognos[][
]"Wed Sep 24 11:52:08 CDT 2014:DEBUG:&lt;&lt; "set-cookie: cea-ssa=false; Domain=.alliant-energy.com; Path=/cognos[][
]"Wed Sep 24 11:52:08 CDT 2014:DEBUG:&lt;&lt; "set-cookie: usersessionid="AggAAAA4MSxUAAAAAAoAAACVHBieO9cEWqPkFAAAAIraMa1XwjGBj3g5i3Db9Zt7DwKlBwAAAFNIQS0yNTYgAAAA7Rq1lDdNspuVCqcZyVrrmbP8GnfdrqOWtqWSqr3EqaI="; Version=1; Domain=.alliant-energy.com; Path=/cognos[][
]"Wed Sep 24 11:52:08 CDT 2014:DEBUG:&lt;&lt; "set-cookie: cam_passport=MTsxMDE6NmJjNGJhNzctYWM1Yi04YmM4LWRkYzItYjVmMDdjMDlkNWMxOjM1NzMzNTA5MTA7MDszOzA7; Domain=.alliant-energy.com; Path=/cognos[][
]"Wed Sep 24 11:52:08 CDT 2014:DEBUG:&lt;&lt; "set-cookie: userCapabilities=f%3Bfdbffe6d%3Bf000002f%3Bff87fefa%26AgcAAABTSEEtMjU2FAAAAIraMa1XwjGBj3g5i3Db9Zt7DwKl3%2BzvGXQ%2B1byWjviMjFnobafs6tdXYLQTVsYJoIjt2kw%3D; Domain=.alliant-energy.com; Path=/cognos[][
]"Wed Sep 24 11:52:08 CDT 2014:DEBUG:&lt;&lt; "X-Powered-By: ASP.NET[][
]"Wed Sep 24 11:52:08 CDT 2014:DEBUG:&lt;&lt; "Date: Wed, 24 Sep 2014 16:52:07 GMT[][
]"Wed Sep 24 11:52:08 CDT 2014:DEBUG:&lt;&lt; "Connection: close[][
]"Wed Sep 24 11:52:08 CDT 2014:DEBUG:&lt;&lt; "Content-Length: 290[][
]"Wed Sep 24 11:52:08 CDT 2014:DEBUG:&lt;&lt; "[][
]"Wed Sep 24 11:52:08 CDT 2014:DEBUG:&gt;&gt; "GET /theURI  HTTP/1.1[][
]"Wed Sep 24 11:52:08 CDT 2014:DEBUG:&gt;&gt; "Host: our-host.localhost.com:80[][
]"Wed Sep 24 11:52:08 CDT 2014:DEBUG:&gt;&gt; "Connection: Keep-Alive[][
]"Wed Sep 24 11:52:08 CDT 2014:DEBUG:&gt;&gt; "User-Agent: Apache-HttpClient/4.1.1 (java 1.5)[][
]"Wed Sep 24 11:52:08 CDT 2014:DEBUG:&gt;&gt; "Cookie: CRN=skin%3Dcorporate%26showHiddenObjects%3Dfalse%26columnsPerPage%3D3%26displayMode%3Dlist%26listViewSeparator%3Dnone%26automaticPageRefresh%3D30%26format%3DHTML%26showOptionSummary%3Dtrue%26contentLocale%3Den%26useAccessibilityFeatures%3Dfalse%26productLocale%3Den%26http%3A%2F%2Fdeveloper.cognos.com%2Fceba%2Fconstants%2FbiDirectionalOptionEnum%23biDirectionalFeaturesEnabled%3Dfalse%26showWelcomePage%3Dtrue%26timeZoneID%3DCST%26linesPerPage%3D15%26; cam_passport=MTsxMDE6NmJjNGJhNzctYWM1Yi04YmM4LWRkYzItYjVmMDdjMDlkNWMxOjM1NzMzNTA5MTA7MDszOzA7; cea-ssa=false; userCapabilities=f%3Bfdbffe6d%3Bf000002f%3Bff87fefa%26AgcAAABTSEEtMjU2FAAAAIraMa1XwjGBj3g5i3Db9Zt7DwKl3%2BzvGXQ%2B1byWjviMjFnobafs6tdXYLQTVsYJoIjt2kw%3D; usersessionid=AggAAAA4MSxUAAAAAAoAAACVHBieO9cEWqPkFAAAAIraMa1XwjGBj3g5i3Db9Zt7DwKlBwAAAFNIQS0yNTYgAAAA7Rq1lDdNspuVCqcZyVrrmbP8GnfdrqOWtqWSqr3EqaI=[][
]"Wed Sep 24 11:52:08 CDT 2014:DEBUG:&gt;&gt; "Cookie2: $Version=1[][
]"Wed Sep 24 11:52:08 CDT 2014:DEBUG:&gt;&gt; "[][
]"Wed Sep 24 11:52:08 CDT 2014:DEBUG:&lt;&lt; "HTTP/1.1 401 Unauthorized[][
]"Wed Sep 24 11:52:08 CDT 2014:DEBUG:&lt;&lt; "Content-Type: text/html[][
]"Wed Sep 24 11:52:08 CDT 2014:DEBUG:&lt;&lt; "Server: Microsoft-IIS/7.5[][
]"Wed Sep 24 11:52:08 CDT 2014:DEBUG:&lt;&lt; "WWW-Authenticate: Negotiate[][
]"Wed Sep 24 11:52:08 CDT 2014:DEBUG:&lt;&lt; "WWW-Authenticate: NTLM[][
]"Wed Sep 24 11:52:08 CDT 2014:DEBUG:&lt;&lt; "WWW-Authenticate: Basic realm="cidwincogqweb1.alliant-energy.com"[][
]"Wed Sep 24 11:52:08 CDT 2014:DEBUG:&lt;&lt; "X-Powered-By: ASP.NET[][
]"Wed Sep 24 11:52:08 CDT 2014:DEBUG:&lt;&lt; "Date: Wed, 24 Sep 2014 16:52:07 GMT[][
]"Wed Sep 24 11:52:08 CDT 2014:DEBUG:&lt;&lt; "Content-Length: 1293[][
]"Wed Sep 24 11:52:08 CDT 2014:DEBUG:&lt;&lt; "[][
]"Wed Sep 24 11:52:08 CDT 2014:DEBUG:&lt;&lt; "&lt;!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"&gt;[][
]"Wed Sep 24 11:52:08 CDT 2014:DEBUG:&lt;&lt; "&lt;html xmlns="http://www.w3.org/1999/xhtml"&gt;[][
]"Wed Sep 24 11:52:08 CDT 2014:DEBUG:&lt;&lt; "&lt;head&gt;[][
]"Wed Sep 24 11:52:08 CDT 2014:DEBUG:&lt;&lt; "&lt;meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/&gt;[][
]"Wed Sep 24 11:52:08 CDT 2014:DEBUG:&lt;&lt; "&lt;title&gt;401 - Unauthorized: Access is denied due to invalid credentials.&lt;/title&gt;[][
]"Wed Sep 24 11:52:08 CDT 2014:DEBUG:&lt;&lt; "&lt;style type="text/css"&gt;[][
]"Wed Sep 24 11:52:08 CDT 2014:DEBUG:&lt;&lt; "&lt;!--[][
]"Wed Sep 24 11:52:08 CDT 2014:DEBUG:&lt;&lt; "body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}[][
]"Wed Sep 24 11:52:08 CDT 2014:DEBUG:&lt;&lt; "fieldset{padding:0 15px 10px 15px;} [][
]"Wed Sep 24 11:52:08 CDT 2014:DEBUG:&lt;&lt; "h1{font-size:2.4em;margin:0;color:#FFF;}[][
]"Wed Sep 24 11:52:08 CDT 2014:DEBUG:&lt;&lt; "h2{font-size:1.7em;margin:0;color:#CC0000;} [][
]"Wed Sep 24 11:52:08 CDT 2014:DEBUG:&lt;&lt; "h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} [][
]"Wed Sep 24 11:52:08 CDT 2014:DEBUG:&lt;&lt; "#header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;[][
]"Wed Sep 24 11:52:08 CDT 2014:DEBUG:&lt;&lt; "background-color:#555555;}[][
]"Wed Sep 24 11:52:08 CDT 2014:DEBUG:&lt;&lt; "#content{margin:0 0 0 2%;position:relative;}[][
]"Wed Sep 24 11:52:08 CDT 2014:DEBUG:&lt;&lt; ".content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}[][
]"Wed Sep 24 11:52:08 CDT 2014:DEBUG:&lt;&lt; "--&gt;[][
]"Wed Sep 24 11:52:08 CDT 2014:DEBUG:&lt;&lt; "&lt;/style&gt;[][
]"Wed Sep 24 11:52:08 CDT 2014:DEBUG:&lt;&lt; "&lt;/head&gt;[][
]"Wed Sep 24 11:52:08 CDT 2014:DEBUG:&lt;&lt; "&lt;body&gt;[][
]"Wed Sep 24 11:52:08 CDT 2014:DEBUG:&lt;&lt; "&lt;div id="header"&gt;&lt;h1&gt;Server Error&lt;/h1&gt;&lt;/div&gt;[][
]"Wed Sep 24 11:52:08 CDT 2014:DEBUG:&lt;&lt; "&lt;div id="content"&gt;[][
]"Wed Sep 24 11:52:08 CDT 2014:DEBUG:&lt;&lt; " &lt;div class="content-container"&gt;&lt;fieldset&gt;[][
]"Wed Sep 24 11:52:08 CDT 2014:DEBUG:&lt;&lt; "  &lt;h2&gt;401 - Unauthorized: Access is denied due to invalid credentials.&lt;/h2&gt;[][
]"Wed Sep 24 11:52:08 CDT 2014:DEBUG:&lt;&lt; "  &lt;h3&gt;You do not have permission to view this directory or page using the credentials that you supplied.&lt;/h3&gt;[][
]"Wed Sep 24 11:52:08 CDT 2014:DEBUG:&lt;&lt; " &lt;/fieldset&gt;&lt;/div&gt;[][
]"Wed Sep 24 11:52:08 CDT 2014:DEBUG:&lt;&lt; "&lt;/div&gt;[][
]"Wed Sep 24 11:52:08 CDT 2014:DEBUG:&lt;&lt; "&lt;/body&gt;[][
]"Wed Sep 24 11:52:08 CDT 2014:DEBUG:&lt;&lt; "&lt;/html&gt;[][
]"Wed Sep 24 11:52:08 CDT 2014:DEBUG:&gt;&gt; "GET /theURI HTTP/1.1[][
]"Wed Sep 24 11:52:08 CDT 2014:DEBUG:&gt;&gt; "Host: our-host.localhost.com:80[][
]"Wed Sep 24 11:52:08 CDT 2014:DEBUG:&gt;&gt; "Connection: Keep-Alive[][
]"Wed Sep 24 11:52:08 CDT 2014:DEBUG:&gt;&gt; "User-Agent: Apache-HttpClient/4.1.1 (java 1.5)[][
]"Wed Sep 24 11:52:08 CDT 2014:DEBUG:&gt;&gt; "Cookie: CRN=skin%3Dcorporate%26showHiddenObjects%3Dfalse%26columnsPerPage%3D3%26displayMode%3Dlist%26listViewSeparator%3Dnone%26automaticPageRefresh%3D30%26format%3DHTML%26showOptionSummary%3Dtrue%26contentLocale%3Den%26useAccessibilityFeatures%3Dfalse%26productLocale%3Den%26http%3A%2F%2Fdeveloper.cognos.com%2Fceba%2Fconstants%2FbiDirectionalOptionEnum%23biDirectionalFeaturesEnabled%3Dfalse%26showWelcomePage%3Dtrue%26timeZoneID%3DCST%26linesPerPage%3D15%26; cam_passport=MTsxMDE6NmJjNGJhNzctYWM1Yi04YmM4LWRkYzItYjVmMDdjMDlkNWMxOjM1NzMzNTA5MTA7MDszOzA7; cea-ssa=false; userCapabilities=f%3Bfdbffe6d%3Bf000002f%3Bff87fefa%26AgcAAABTSEEtMjU2FAAAAIraMa1XwjGBj3g5i3Db9Zt7DwKl3%2BzvGXQ%2B1byWjviMjFnobafs6tdXYLQTVsYJoIjt2kw%3D; usersessionid=AggAAAA4MSxUAAAAAAoAAACVHBieO9cEWqPkFAAAAIraMa1XwjGBj3g5i3Db9Zt7DwKlBwAAAFNIQS0yNTYgAAAA7Rq1lDdNspuVCqcZyVrrmbP8GnfdrqOWtqWSqr3EqaI=[][
]"Wed Sep 24 11:52:08 CDT 2014:DEBUG:&gt;&gt; "Cookie2: $Version=1[][
]"Wed Sep 24 11:52:08 CDT 2014:DEBUG:&gt;&gt; "[][
]"Wed Sep 24 11:52:08 CDT 2014:DEBUG:&lt;&lt; "HTTP/1.1 401 Unauthorized[][
]"Wed Sep 24 11:52:08 CDT 2014:DEBUG:&lt;&lt; "Content-Type: text/html[][
]"Wed Sep 24 11:52:08 CDT 2014:DEBUG:&lt;&lt; "Server: Microsoft-IIS/7.5[][
]"Wed Sep 24 11:52:08 CDT 2014:DEBUG:&lt;&lt; "WWW-Authenticate: Negotiate[][
]"Wed Sep 24 11:52:08 CDT 2014:DEBUG:&lt;&lt; "WWW-Authenticate: NTLM[][
]"Wed Sep 24 11:52:08 CDT 2014:DEBUG:&lt;&lt; "WWW-Authenticate: Basic realm="host-auth-realm.com"[][
]"Wed Sep 24 11:52:08 CDT 2014:DEBUG:&lt;&lt; "X-Powered-By: ASP.NET[][
]"Wed Sep 24 11:52:08 CDT 2014:DEBUG:&lt;&lt; "Date: Wed, 24 Sep 2014 16:52:07 GMT[][
]"Wed Sep 24 11:52:08 CDT 2014:DEBUG:&lt;&lt; "Content-Length: 1293[][
]"Wed Sep 24 11:52:08 CDT 2014:DEBUG:&lt;&lt; "[][
]"Wed Sep 24 11:52:08 CDT 2014:DEBUG:&lt;&lt; "&lt;!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"&gt;[][
]"Wed Sep 24 11:52:08 CDT 2014:DEBUG:&lt;&lt; "&lt;html xmlns="http://www.w3.org/1999/xhtml"&gt;[][
]"Wed Sep 24 11:52:08 CDT 2014:DEBUG:&lt;&lt; "&lt;head&gt;[][
]"Wed Sep 24 11:52:08 CDT 2014:DEBUG:&lt;&lt; "&lt;meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/&gt;[][
]"Wed Sep 24 11:52:08 CDT 2014:DEBUG:&lt;&lt; "&lt;title&gt;401 - Unauthorized: Access is denied due to invalid credentials.&lt;/title&gt;[][
]"Wed Sep 24 11:52:08 CDT 2014:DEBUG:&lt;&lt; "&lt;style type="text/css"&gt;[][
]"Wed Sep 24 11:52:08 CDT 2014:DEBUG:&lt;&lt; "&lt;!--[][
]"Wed Sep 24 11:52:08 CDT 2014:DEBUG:&lt;&lt; "body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}[][
]"Wed Sep 24 11:52:08 CDT 2014:DEBUG:&lt;&lt; "fieldset{padding:0 15px 10px 15px;} [][
]"Wed Sep 24 11:52:08 CDT 2014:DEBUG:&lt;&lt; "h1{font-size:2.4em;margin:0;color:#FFF;}[][
]"Wed Sep 24 11:52:08 CDT 2014:DEBUG:&lt;&lt; "h2{font-size:1.7em;margin:0;color:#CC0000;} [][
]"Wed Sep 24 11:52:08 CDT 2014:DEBUG:&lt;&lt; "h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} [][
]"Wed Sep 24 11:52:08 CDT 2014:DEBUG:&lt;&lt; "#header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;[][
]"Wed Sep 24 11:52:08 CDT 2014:DEBUG:&lt;&lt; "background-color:#555555;}[][
]"Wed Sep 24 11:52:08 CDT 2014:DEBUG:&lt;&lt; "#content{margin:0 0 0 2%;position:relative;}[][
]"Wed Sep 24 11:52:08 CDT 2014:DEBUG:&lt;&lt; ".content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}[][
]"Wed Sep 24 11:52:08 CDT 2014:DEBUG:&lt;&lt; "--&gt;[][
]"Wed Sep 24 11:52:08 CDT 2014:DEBUG:&lt;&lt; "&lt;/style&gt;[][
]"Wed Sep 24 11:52:08 CDT 2014:DEBUG:&lt;&lt; "&lt;/head&gt;[][
]"Wed Sep 24 11:52:08 CDT 2014:DEBUG:&lt;&lt; "&lt;body&gt;[][
]"Wed Sep 24 11:52:08 CDT 2014:DEBUG:&lt;&lt; "&lt;div id="header"&gt;&lt;h1&gt;Server Error&lt;/h1&gt;&lt;/div&gt;[][
]"Wed Sep 24 11:52:08 CDT 2014:DEBUG:&lt;&lt; "&lt;div id="content"&gt;[][
]"Wed Sep 24 11:52:08 CDT 2014:DEBUG:&lt;&lt; " &lt;div class="content-container"&gt;&lt;fieldset&gt;[][
]"Wed Sep 24 11:52:08 CDT 2014:DEBUG:&lt;&lt; "  &lt;h2&gt;401 - Unauthorized: Access is denied due to invalid credentials.&lt;/h2&gt;[][
]"Wed Sep 24 11:52:08 CDT 2014:DEBUG:&lt;&lt; "  &lt;h3&gt;You do not have permission to view this directory or page using the credentials that you supplied.&lt;/h3&gt;[][
]"Wed Sep 24 11:52:08 CDT 2014:DEBUG:&lt;&lt; " &lt;/fieldset&gt;&lt;/div&gt;[][
]"Wed Sep 24 11:52:08 CDT 2014:DEBUG:&lt;&lt; "&lt;/div&gt;[][
]"Wed Sep 24 11:52:08 CDT 2014:DEBUG:&lt;&lt; "&lt;/body&gt;[][
]"Wed Sep 24 11:52:08 CDT 2014:DEBUG:&lt;&lt; "&lt;/html&gt;[][
]"

klauern · Answer

I just tested against the latest nightly build of the 5.0.0 release and found that this is fixed.  It would be nice if there was a release sometime soon, though.

Forum Discussion

REST requests don't follow HTTP 303 redirects with Auth

1 Reply

Related Content

Redirect after Post-request not working / possible Post-request is wrong

Downloading a File via Redirect Link

Stop Redirect and break the request to stop at 303

Specifying Oauth2 Redirect URI in SwaggerHub

How does SoapUi handles 307 redirections ?

Recent Discussions

Mismatch between response from a CURL request and ReadyAPI response

Reading dynamic parameter from resource path

Parameterising JDBC Connection Settings..Can you do it?

Test Runner - Report All in One File

GroovyScript Help - Repeating JSON Attributes Have Specific Value.....some of the time?