There are currently two ways to access the jnlp file:
In the first method, the authentication via form or basic schema auth works; but once the JVM is launched the download of the JAR files does not
work.
In the second method, the authentication is not made since the jnlp file is called by a script.
Java Web Start is not able to accept cookies. So any application that is accessed by Java Web Start must be running on an agent that does NOT have "RequireCookies" parameter set to YES.
Another option is to make the Java Web Start able to work with cookies. Then there is no need to turn off "RequireCookies" parameter on the web agents which are accessed by Java Web Start.
Sun provides documentation regarding cookie support for Java Web Start; for example:
http://java.sun.com/j2se/1.5.0/docs/guide/deployment/deployment-guide/cookie_support.html
Another solution would be to use SiteMinder Secure Proxy Server with cookieless sessions.