Please, I do not need help reading documents, or following examples, or playing what-if's.  I am requesting that only somebody with a very good working knowledge of my problem to provide responses.  I am a 30 yr seasoned developer, not a newbie.

I am working with a javaws jnlp that is being dynamically generated by a jsp.  I have tracking-mode set to both COOKIE and URL.  I have an undertow-handlers.conf with dump-requests in the deployment, so that I can see what the headers contain.

The app is configured to authenticate with a SAML IDP using picketlink.  All of this works fine.

EXCEPT, when the redirect back to the app index.html page occurs (from the IDP), I can see all of the session information has been created.

Then I click on a web page link to call the jsp to generate the jnlp, and then javaws launches using that jnlp.

The first jar in the resources section has no session, but then a NEW session is created and subsequent download have the new session, but the download requests all fail because it is not a valid session.

In fact, the "confusing part", is technically, it should re-direct to the IDP and login again, but for some reason, it doesn't, and the access log shows HTTP 200, but the bytes returned is not even close to the actual jar size, and every jar has the same bytes returned value.

I am asking if anyone knows what could be happening.  I disabled default jsp session creation, because I want the jsp to use the current session, instead of creating a new one.  I am showing relevant pieces of the dump requests, as I do not want to show SAML cookie strings.

2019-06-21 01:32:29,814 INFO  [io.undertow.request.dump] (default task-320)

----------------------------REQUEST---------------------------

               URI=/premiereclient/netcentric_client_jnlp.jsp

            cookie=JSESSIONID=VQVBq91LidjVs8eQilRhIutdoRJFfznbfqCTsiLH.livestr-nc-cap

--------------------------RESPONSE--------------------------

     contentLength=10968

       contentType=application/x-java-jnlp-file; charset=UTF-8

            cookie=JSESSIONID=VQVBq91LidjVs8eQilRhIutdoRJFfznbfqCTsiLH.livestr-nc-cap; domain=null; path=null

2019-06-21 01:32:51,854 INFO  [io.undertow.request.dump] (default task-322)

----------------------------REQUEST---------------------------

               URI=/premiereclient/plugins/gov.nasa.worldwind_2.0.0.jar

characterEncoding=null

     contentLength=-1

       contentType=[application/x-java-archive]

Here is the jsp upper portion where I have attempted to set every possible value of JSESSIONID possible, so it you see something just plain WRONG, I would like to know.

<?xml version="1.0" encoding="UTF-8"?>

<%@ page

session="false"

contentType="application/x-java-jnlp-file"

pageEncoding="UTF-8"

info="iSpace Premier Client"

%>

<%

  if (request.getSession(false) == null) {

    response.sendRedirect("https://xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/idp/SSO.saml2");

  }

  // This is required to allow IE 7+ to correctly run a JNLP.  As IE will not

  // run a JNLP that has a cache-control header of no-cache or no-store

  response.setHeader("Cache-Control", "must-revalidate");

  response.setHeader("Last-Modified", java.time.format.DateTimeFormatter.RFC_1123_DATE_TIME.format(java.time.ZonedDateTime.now(java.time.ZoneId.of("GMT"))));

  response.setHeader("Content-Disposition", "filename=\"netcentric_client_jnlp.jnlp\";");

  response.setHeader("Pragma", "no-cache");

  response.setHeader("Expires", "0");

  response.addHeader("SET-COOKIE", "JSESSIONID=" + request.getSession(false).getId() + "; domain=null; path=/premiereclient");

  response.setContentType("application/x-java-jnlp-file");

  String sessionCookie = null;

  Cookie[] cookies = request.getCookies();

  if (cookies != null) {

    for (Cookie cookie : cookies) {

      if ("JSESSIONID".equals(cookie.getName())) {

        sessionCookie = cookie.getValue();

        break;

      }

    }

  }

  if (sessionCookie != null) {

    Cookie cookie = new Cookie("JSESSIONID", sessionCookie);

    cookie.setMaxAge(-1);

    response.addCookie(cookie);

    response.setHeader("Cookie", sessionCookie);

  }

  StringBuffer codebaseBuffer = new StringBuffer();

  codebaseBuffer.append(!request.isSecure() ? "http://" : "https://");

  codebaseBuffer.append(request.getServerName());

  if (request.getServerPort() != (!request.isSecure() ? 80 : 443))

  {

    codebaseBuffer.append(':');

    codebaseBuffer.append(request.getServerPort());

  }

  codebaseBuffer.append("/premiereclient");

  request.getSession(false).setAttribute("SessionUser", request.getRemoteUser());

%>

<jnlp spec="1.0+" codebase="<%= codebaseBuffer.toString() %>">

----------------the resources are populated by the jsp

Thank you in advance of anyone willing to help.