From f1c5d3a8dfdc479f3bc5c297eb7ed7c38172aa43 Mon Sep 17 00:00:00 2001
From: Dave Syer <dsyer@vmware.com>
Date: Thu, 14 Mar 2013 16:30:32 -0700
Subject: [PATCH] Remove vmc headers to prevent duplicates

---
 .../identity/uaa/login/RemoteUaaController.java        | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/src/main/java/org/cloudfoundry/identity/uaa/login/RemoteUaaController.java b/src/main/java/org/cloudfoundry/identity/uaa/login/RemoteUaaController.java
index 4e184f77..2cde2dc4 100644
--- a/src/main/java/org/cloudfoundry/identity/uaa/login/RemoteUaaController.java
+++ b/src/main/java/org/cloudfoundry/identity/uaa/login/RemoteUaaController.java
@@ -74,6 +74,12 @@ public class RemoteUaaController {
 
 	private static final String CONTENT_LENGTH = "Content-Length";
 
+	private static final String CONTENT_TYPE = "Content-Type";
+
+	private static final String ACCEPT = "Accept";
+
+	private static final String AUTHORIZATION = "Authorization";
+
 	private static final String TRANSFER_ENCODING = "Transfer-Encoding";
 
 	private static final String HOST = "Host";
@@ -271,6 +277,7 @@ public ModelAndView startAuthorization(HttpServletRequest request, @RequestParam
 		if (principal != null) {
 			map.set("source", "login");
 			map.setAll(getLoginCredentials(principal));
+			map.remove("credentials"); // legacy vmc might break otherwise
 		}
 		else {
 			throw new BadCredentialsException("No principal found in authorize endpoint");
@@ -278,6 +285,9 @@ public ModelAndView startAuthorization(HttpServletRequest request, @RequestParam
 
 		HttpHeaders requestHeaders = new HttpHeaders();
 		requestHeaders.putAll(getRequestHeaders(headers));
+		requestHeaders.remove(AUTHORIZATION.toLowerCase());
+		requestHeaders.remove(ACCEPT.toLowerCase());
+		requestHeaders.remove(CONTENT_TYPE.toLowerCase());
 		requestHeaders.setContentType(MediaType.APPLICATION_FORM_URLENCODED);
 		requestHeaders.setAccept(Arrays.asList(MediaType.APPLICATION_JSON));
 		requestHeaders.remove(COOKIE);