The plugin is unable to authenticate inside ALM during "Execute tests using ALM Lab Management" step if ALM server is behind haproxy v2.0 and above. The root cause is that the plugin expects Case-Sensitive http headers and by doing that violates RFC7230: https://tools.ietf.org/html/rfc7230#section-3.2
Each header field consists of a case-insensitive field name followed by a colon (":"), optional leading whitespace, the field value, and optional trailing whitespace.
And as we see in code, there are many places that violate this: For Set-Cookie header:
For WWW-Authenticate header:
Maybe there are other places and headers as well. We've faced the issue because newer versions of haproxy (2.0+) now use the new http processing mechanism internally (h2) by default. And because of this, all the http headers are now lowercased by default. So haproxy outputs "www-authenticate" instead of the original "WWW-Authenticate" which is perfectly compliant with RFC. But not with the plugin. Workaround There is a haproxy config option to override this behavior for some headers: https://cbonte.github.io/haproxy-dconv/2.0/configuration.html#3.1-h1-case-adjust. We used it and I can prove that this is a valid workaround. |