The plugin is unable to authenticate inside ALM during "Execute tests using ALM Lab Management" step if ALM server is behind haproxy v2.0 and above.
The root cause is that the plugin expects Case-Sensitive http headers and by doing that violates RFC7230:
Each header field consists of a case-insensitive field name followed
by a colon (":"), optional leading whitespace, the field value, and
optional trailing whitespace.
And as we see in code, there are many places that violate this:
- Constant declaration: https://github.com/MicroFocus/performance-center-plugins-common/blob/b045d4f57faef0661588334e7fe71b3a1c77af15/src/main/java/com/microfocus/adm/performancecenter/plugins/common/rest/RESTConstants.java#L29
- Usage: https://github.com/jenkinsci/hpe-application-automation-tools-plugin/blob/f15aeecc59b287e4a678ba6680ec4f41b7f05fbe/src/main/java/com/microfocus/application/automation/tools/rest/RestClient.java#L374
- Constant declaration: https://github.com/jenkinsci/hpe-application-automation-tools-plugin/blob/f15aeecc59b287e4a678ba6680ec4f41b7f05fbe/src/main/java/com/microfocus/application/automation/tools/sse/sdk/authenticator/RestAuthenticator.java#L45
- Usage: https://github.com/jenkinsci/hpe-application-automation-tools-plugin/blob/f15aeecc59b287e4a678ba6680ec4f41b7f05fbe/src/main/java/com/microfocus/application/automation/tools/sse/sdk/authenticator/RestAuthenticator.java#L230
Maybe there are other places and headers as well.
We've faced the issue because newer versions of haproxy (2.0+) now use the new http processing mechanism internally (h2) by default. And because of this, all the http headers are now lowercased by default. So haproxy outputs "www-authenticate" instead of the original "WWW-Authenticate" which is perfectly compliant with RFC. But not with the plugin.
There is a haproxy config option to override this behavior for some headers: https://cbonte.github.io/haproxy-dconv/2.0/configuration.html#3.1-h1-case-adjust. You should use 2 haproxy configuration options in conjunction: "h1-case-adjust" and "option h1-case-adjust-bogus-client".
We used it and I can prove that this is a valid workaround.