search

silkimen / cordova-plugin-advanced-http

Cordova / Phonegap plugin for communicating with HTTP servers. Allows for SSL pinning!
MIT License
392 stars 314 forks source link

[Bug] [iPad - iOS15.1] Cordova advanced http - sendRequest is not showing up auth-Prompt screen for New Kerberos SSO - credential based auth challenge on iOS 15.1 #452

Closed ManiyamGT closed 2 years ago

ManiyamGT commented 2 years ago

Description We have a Hybrid iOS Application build on Cordova Plugin and recently, we have updated the New Kerberos based SSO by following the presentation ( https://developer.apple.com/videos/play/tech-talks/301/ ) . After which the hybrid app is not prompting for the HTTP response challenge. But, it worked with Old Kerberos SSO -credential based authentication.

We could see the response header has the below attribute for SSO handshake challenge. Www-Authenticate: Negotiate, Basic realm="IBM Security Access Manager for Web" . But, the auth prompt screen is not appearing, and connection is throwing with 401-unauthenticated response.

Note : We can see this attached prompt screen when using Old Kerb -SSO but it’s not showing up after New Kerberos SSO. and we have not modified any single line of change in code.

System info

I have raised any issue in apples developers portal and they directed to create a bug in Cordova github repo. https://developer.apple.com/forums/thread/698880

Minimum viable code to reproduce

cordova.plugin.http.sendRequest(
                        'url',
                        {method:'get',headers:{'Content-Type':'application/json','Accept':'application/json','Origin':'*******'}},
                        (result) => {
                                    // Success handleing code.
                            },
                        (error) => {
                                    // Error handleling code. 
                            }
                    );

Screenshots

Old Kerberos SSO auth prompt

silkimen commented 2 years ago

Hi ManiyamGT, you will need to provide more information, because your MVP code is not complete. And also you need to provide data for a public server to tests against. Please use StackOverflow for this kind of questions.