## What changes were proposed in this pull request? When SPNEGO is enabled (`ambari-server setup-kerberos`), the SSO (`ambari-server setup-sso`) redirect no longer works.
**How to reproduce**: 1. Enable SSO `ambari-server setup-sso` 2. `ambari-server restart` 3. Visit Ambari and notice that you are redirected to the SSO system (i.e. Knox) 4. Enable SPNEGO `ambari-server setup-kerberos` 5. `ambari-server restart` 6. Visit Ambari and notice that you are *NOT redirected* to the SSO system (i.e. Knox) **Solution**: The Ambari server will provide the JWT provider URL when either an HTTP 403 (Forbidden) or an HTTP 401 (Unauthorized) response is sent to caller. If an HTTP 403 is returned, and at least SSO is enabled, the frontend will redirect to the supplied JWT provider URL. If an HTTP 401 is returned, and at least SSO is enabled, the "Negotiate" header will be returned with response. If the caller does not respond with a Kerberos token, the frontend will redirect to the supplied JWT provider URL. This what cherry-picked from #2190 ## How was this patch tested? Manually tested. Unit tests executed ambari-web and ambari-server. Please review [Ambari Contributing Guide](https://cwiki.apache.org/confluence/display/AMBARI/How+to+Contribute) before opening a pull request. [ Full content available at: https://github.com/apache/ambari/pull/2191 ] This message was relayed via gitbox.apache.org for [email protected]
