« Return to Thread: redirect fails when NTLM authentication is used for proxy
Re: redirect fails when NTLM authentication is used for proxy
by RajK
::
Rate this Message:
HI Oleg,
Thanks for the reply, here is the wire logs,
[DEBUG] header - >> "GET http://verisign.com/ HTTP/1.1[\r][\n]"
[DEBUG] header - >> "User-Agent: Jakarta Commons-HttpClient/3.1[\r][\n]"
[DEBUG] header - >> "Host: verisign.com[\r][\n]"
[DEBUG] header - >> "Proxy-Connection: Keep-Alive[\r][\n]"
[DEBUG] header - >> "[\r][\n]"
[DEBUG] header - << "HTTP/1.1 407 Proxy Authentication Required ( The ISA Server requires authorization to fulfill the request. Access to the Web Proxy filter is denied. )[\r][\n]"
[DEBUG] header - << "HTTP/1.1 407 Proxy Authentication Required ( The ISA Server requires authorization to fulfill the request. Access to the Web Proxy filter is denied. )[\r][\n]"
[DEBUG] header - << "Via: 1.1 lab1[\r][\n]"
[DEBUG] header - << "Proxy-Authenticate: Negotiate[\r][\n]"
[DEBUG] header - << "Proxy-Authenticate: Kerberos[\r][\n]"
[DEBUG] header - << "Proxy-Authenticate: NTLM[\r][\n]"
[DEBUG] header - << "Proxy-Authenticate: Basic realm="lab1."[\r][\n]"
[DEBUG] header - << "Connection: Keep-Alive[\r][\n]"
[DEBUG] header - << "Proxy-Connection: Keep-Alive[\r][\n]"
[DEBUG] header - << "Pragma: no-cache[\r][\n]"
[DEBUG] header - << "Cache-Control: no-cache[\r][\n]"
[DEBUG] header - << "Content-Type: text/html[\r][\n]"
[DEBUG] header - << "Content-Length: 4106 [\r][\n]"
[DEBUG] header - << "[\r][\n]"
[INFO] AuthChallengeProcessor - ntlm authentication scheme selected
[DEBUG] header - >> "GET http://verisign.com/ HTTP/1.1[\r][\n]"
[DEBUG] header - >> "User-Agent: Jakarta Commons-HttpClient/3.1[\r][\n]"
[DEBUG] header - >> "Proxy-Connection: Keep-Alive[\r][\n]"
[DEBUG] header - >> "Proxy-Authorization: NTLM TlRMTVNTUAABAAAABlIAAA0ADQAiAAAAAgACACAAAABOVDE3Mi4yNi4yMzAuODY=[\r][\n]"
[DEBUG] header - >> "Host: verisign.com[\r][\n]"
[DEBUG] header - >> "[\r][\n]"
[DEBUG] header - << "HTTP/1.1 407 Proxy Authentication Required ( Access is denied. )[\r][\n]"
[DEBUG] header - << "HTTP/1.1 407 Proxy Authentication Required ( Access is denied. )[\r][\n]"
[DEBUG] header - << "Via: 1.1 lab1[\r][\n]"
[DEBUG] header - << "Proxy-Authenticate: NTLM TlRMTVNTUAACAAAACQAJADgAAAAGAoECE6EfrShmucQAAAAAAAAAAJ4AngBBAAAABQLODgAAAA9DSElMRElCQUMCABIAQwBIAEkATABEAEkAQgBBAEMAAQAYAFMAVQBOAEkATABOAEsALQBMAEEAQgAxAAQAKABjAGgAaQBsAGQALgBpAHMAbQAuAG0AYwBhAGYAZQBlAC4AYwBvAG0AAwAYAHMAdQBuAGkAbABuAGsALQBsAGEAYgAxAAUAHABpAHMAbQAuAG0AYwBhAGYAZQBlAC4AYwBvAG0AAAAAAA==[\r][\n]"
[DEBUG] header - << "Connection: Keep-Alive[\r][\n]"
[DEBUG] header - << "Proxy-Connection: Keep-Alive[\r][\n]"
[DEBUG] header - << "Pragma: no-cache[\r][\n]"
[DEBUG] header - << "Cache-Control: no-cache[\r][\n]"
[DEBUG] header - << "Content-Type: text/html[\r][\n]"
[DEBUG] header - << "Content-Length: 0 [\r][\n]"
[DEBUG] header - << "[\r][\n]"
[DEBUG] header - >> "GET http://verisign.com/ HTTP/1.1[\r][\n]"
[DEBUG] header - >> "User-Agent: Jakarta Commons-HttpClient/3.1[\r][\n]"
[DEBUG] header - >> "Proxy-Connection: Keep-Alive[\r][\n]"
[DEBUG] header - >> "Proxy-Authorization: NTLM TlRMTVNTUAADAAAAGAAYAFwAAAAAAAAAdAAAAA0ADQBAAAAADQANAE0AAAACAAIAWgAAAAAAAAB0AAAABlIAADE3Mi4yNi4yMzAuODZBRE1JTklTVFJBVE9STlTpGOVYkkr+LQRybRsJCgxl2lYVu2N/vb8=[\r][\n]"
[DEBUG] header - >> "Host: verisign.com[\r][\n]"
[DEBUG] header - >> "[\r][\n]"
[DEBUG] header - << "HTTP/1.1 301 Unknown reason[\r][\n]"
[DEBUG] header - << "HTTP/1.1 301 Unknown reason[\r][\n]"
[DEBUG] header - << "Via: 1.1 lab1[\r][\n]"
[DEBUG] header - << "Connection: Keep-Alive[\r][\n]"
[DEBUG] header - << "Proxy-Connection: Keep-Alive[\r][\n]"
[DEBUG] header - << "Content-length: 0[\r][\n]"
[DEBUG] header - << "Date: Tue, 23 Jun 2009 04:19:48 GMT[\r][\n]"
[DEBUG] header - << "Location: http://www.verisign.com/[\r][\n]"
[DEBUG] header - << "Content-type: text/html[\r][\n]"
[DEBUG] header - << "Server: Netscape-Enterprise/4.1[\r][\n]"
[DEBUG] header - << "[\r][\n]"
[DEBUG] header - >> "GET http://www.verisign.com/ HTTP/1.1[\r][\n]"
[DEBUG] header - >> "User-Agent: Jakarta Commons-HttpClient/3.1[\r][\n]"
[DEBUG] header - >> "Proxy-Connection: Keep-Alive[\r][\n]"
[DEBUG] header - >> "Host: www.verisign.com[\r][\n]"
[DEBUG] header - >> "[\r][\n]"
[DEBUG] header - << "HTTP/1.1 407 Proxy Authentication Required ( The ISA Server requires authorization to fulfill the request. Access to the Web Proxy filter is denied. )[\r][\n]"
[DEBUG] header - << "HTTP/1.1 407 Proxy Authentication Required ( The ISA Server requires authorization to fulfill the request. Access to the Web Proxy filter is denied. )[\r][\n]"
[DEBUG] header - << "Via: 1.1 lab1[\r][\n]"
[DEBUG] header - << "Proxy-Authenticate: Negotiate[\r][\n]"
[DEBUG] header - << "Proxy-Authenticate: Kerberos[\r][\n]"
[DEBUG] header - << "Proxy-Authenticate: NTLM[\r][\n]"
[DEBUG] header - << "Proxy-Authenticate: Basic realm="lab1."[\r][\n]"
[DEBUG] header - << "Connection: Keep-Alive[\r][\n]"
[DEBUG] header - << "Proxy-Connection: Keep-Alive[\r][\n]"
[DEBUG] header - << "Pragma: no-cache[\r][\n]"
[DEBUG] header - << "Cache-Control: no-cache[\r][\n]"
[DEBUG] header - << "Content-Type: text/html[\r][\n]"
[DEBUG] header - << "Content-Length: 4106 [\r][\n]"
[DEBUG] header - << "[\r][\n]"
[INFO] HttpMethodDirector - Failure authenticating with NTLM <any realm>@172.16.100.16:8080
When I tried the with the code changes as
In processRedirectResponse {
method.getHostAuthState().invalidate();
I added the below line,
method.getProxyAuthState().invalidate();
}
This works
Thanks,
RajK
Thanks for the reply, here is the wire logs,
[DEBUG] header - >> "GET http://verisign.com/ HTTP/1.1[\r][\n]"
[DEBUG] header - >> "User-Agent: Jakarta Commons-HttpClient/3.1[\r][\n]"
[DEBUG] header - >> "Host: verisign.com[\r][\n]"
[DEBUG] header - >> "Proxy-Connection: Keep-Alive[\r][\n]"
[DEBUG] header - >> "[\r][\n]"
[DEBUG] header - << "HTTP/1.1 407 Proxy Authentication Required ( The ISA Server requires authorization to fulfill the request. Access to the Web Proxy filter is denied. )[\r][\n]"
[DEBUG] header - << "HTTP/1.1 407 Proxy Authentication Required ( The ISA Server requires authorization to fulfill the request. Access to the Web Proxy filter is denied. )[\r][\n]"
[DEBUG] header - << "Via: 1.1 lab1[\r][\n]"
[DEBUG] header - << "Proxy-Authenticate: Negotiate[\r][\n]"
[DEBUG] header - << "Proxy-Authenticate: Kerberos[\r][\n]"
[DEBUG] header - << "Proxy-Authenticate: NTLM[\r][\n]"
[DEBUG] header - << "Proxy-Authenticate: Basic realm="lab1."[\r][\n]"
[DEBUG] header - << "Connection: Keep-Alive[\r][\n]"
[DEBUG] header - << "Proxy-Connection: Keep-Alive[\r][\n]"
[DEBUG] header - << "Pragma: no-cache[\r][\n]"
[DEBUG] header - << "Cache-Control: no-cache[\r][\n]"
[DEBUG] header - << "Content-Type: text/html[\r][\n]"
[DEBUG] header - << "Content-Length: 4106 [\r][\n]"
[DEBUG] header - << "[\r][\n]"
[INFO] AuthChallengeProcessor - ntlm authentication scheme selected
[DEBUG] header - >> "GET http://verisign.com/ HTTP/1.1[\r][\n]"
[DEBUG] header - >> "User-Agent: Jakarta Commons-HttpClient/3.1[\r][\n]"
[DEBUG] header - >> "Proxy-Connection: Keep-Alive[\r][\n]"
[DEBUG] header - >> "Proxy-Authorization: NTLM TlRMTVNTUAABAAAABlIAAA0ADQAiAAAAAgACACAAAABOVDE3Mi4yNi4yMzAuODY=[\r][\n]"
[DEBUG] header - >> "Host: verisign.com[\r][\n]"
[DEBUG] header - >> "[\r][\n]"
[DEBUG] header - << "HTTP/1.1 407 Proxy Authentication Required ( Access is denied. )[\r][\n]"
[DEBUG] header - << "HTTP/1.1 407 Proxy Authentication Required ( Access is denied. )[\r][\n]"
[DEBUG] header - << "Via: 1.1 lab1[\r][\n]"
[DEBUG] header - << "Proxy-Authenticate: NTLM TlRMTVNTUAACAAAACQAJADgAAAAGAoECE6EfrShmucQAAAAAAAAAAJ4AngBBAAAABQLODgAAAA9DSElMRElCQUMCABIAQwBIAEkATABEAEkAQgBBAEMAAQAYAFMAVQBOAEkATABOAEsALQBMAEEAQgAxAAQAKABjAGgAaQBsAGQALgBpAHMAbQAuAG0AYwBhAGYAZQBlAC4AYwBvAG0AAwAYAHMAdQBuAGkAbABuAGsALQBsAGEAYgAxAAUAHABpAHMAbQAuAG0AYwBhAGYAZQBlAC4AYwBvAG0AAAAAAA==[\r][\n]"
[DEBUG] header - << "Connection: Keep-Alive[\r][\n]"
[DEBUG] header - << "Proxy-Connection: Keep-Alive[\r][\n]"
[DEBUG] header - << "Pragma: no-cache[\r][\n]"
[DEBUG] header - << "Cache-Control: no-cache[\r][\n]"
[DEBUG] header - << "Content-Type: text/html[\r][\n]"
[DEBUG] header - << "Content-Length: 0 [\r][\n]"
[DEBUG] header - << "[\r][\n]"
[DEBUG] header - >> "GET http://verisign.com/ HTTP/1.1[\r][\n]"
[DEBUG] header - >> "User-Agent: Jakarta Commons-HttpClient/3.1[\r][\n]"
[DEBUG] header - >> "Proxy-Connection: Keep-Alive[\r][\n]"
[DEBUG] header - >> "Proxy-Authorization: NTLM TlRMTVNTUAADAAAAGAAYAFwAAAAAAAAAdAAAAA0ADQBAAAAADQANAE0AAAACAAIAWgAAAAAAAAB0AAAABlIAADE3Mi4yNi4yMzAuODZBRE1JTklTVFJBVE9STlTpGOVYkkr+LQRybRsJCgxl2lYVu2N/vb8=[\r][\n]"
[DEBUG] header - >> "Host: verisign.com[\r][\n]"
[DEBUG] header - >> "[\r][\n]"
[DEBUG] header - << "HTTP/1.1 301 Unknown reason[\r][\n]"
[DEBUG] header - << "HTTP/1.1 301 Unknown reason[\r][\n]"
[DEBUG] header - << "Via: 1.1 lab1[\r][\n]"
[DEBUG] header - << "Connection: Keep-Alive[\r][\n]"
[DEBUG] header - << "Proxy-Connection: Keep-Alive[\r][\n]"
[DEBUG] header - << "Content-length: 0[\r][\n]"
[DEBUG] header - << "Date: Tue, 23 Jun 2009 04:19:48 GMT[\r][\n]"
[DEBUG] header - << "Location: http://www.verisign.com/[\r][\n]"
[DEBUG] header - << "Content-type: text/html[\r][\n]"
[DEBUG] header - << "Server: Netscape-Enterprise/4.1[\r][\n]"
[DEBUG] header - << "[\r][\n]"
[DEBUG] header - >> "GET http://www.verisign.com/ HTTP/1.1[\r][\n]"
[DEBUG] header - >> "User-Agent: Jakarta Commons-HttpClient/3.1[\r][\n]"
[DEBUG] header - >> "Proxy-Connection: Keep-Alive[\r][\n]"
[DEBUG] header - >> "Host: www.verisign.com[\r][\n]"
[DEBUG] header - >> "[\r][\n]"
[DEBUG] header - << "HTTP/1.1 407 Proxy Authentication Required ( The ISA Server requires authorization to fulfill the request. Access to the Web Proxy filter is denied. )[\r][\n]"
[DEBUG] header - << "HTTP/1.1 407 Proxy Authentication Required ( The ISA Server requires authorization to fulfill the request. Access to the Web Proxy filter is denied. )[\r][\n]"
[DEBUG] header - << "Via: 1.1 lab1[\r][\n]"
[DEBUG] header - << "Proxy-Authenticate: Negotiate[\r][\n]"
[DEBUG] header - << "Proxy-Authenticate: Kerberos[\r][\n]"
[DEBUG] header - << "Proxy-Authenticate: NTLM[\r][\n]"
[DEBUG] header - << "Proxy-Authenticate: Basic realm="lab1."[\r][\n]"
[DEBUG] header - << "Connection: Keep-Alive[\r][\n]"
[DEBUG] header - << "Proxy-Connection: Keep-Alive[\r][\n]"
[DEBUG] header - << "Pragma: no-cache[\r][\n]"
[DEBUG] header - << "Cache-Control: no-cache[\r][\n]"
[DEBUG] header - << "Content-Type: text/html[\r][\n]"
[DEBUG] header - << "Content-Length: 4106 [\r][\n]"
[DEBUG] header - << "[\r][\n]"
[INFO] HttpMethodDirector - Failure authenticating with NTLM <any realm>@172.16.100.16:8080
When I tried the with the code changes as
In processRedirectResponse {
method.getHostAuthState().invalidate();
I added the below line,
method.getProxyAuthState().invalidate();
}
This works
Thanks,
RajK
olegk wrote:On Thu, Jun 04, 2009 at 03:41:53AM -0700, RajK wrote:
>
> HI all,
> During redirect time, the auth has to be cleared as the below issues
> says,
> http://issues.apache.org/jira/browse/HTTPCLIENT-211
> but, it does it only for the hosts NTLM authentication,
> But, when we have NTLM at proxy, redirect fails.
>
> Should we have it cleared for proxy also, right? please let me know
> otherwise, please let me know.
>
> Thanks,
> Raj
>
>
Post wire / context log
Oleg
>
> --
> View this message in context: http://www.nabble.com/redirect-fails-when-NTLM-authentication-is-used-for-proxy-tp23867531p23867531.html
> Sent from the HttpClient-User mailing list archive at Nabble.com.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
> For additional commands, e-mail: httpclient-users-help@hc.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org
« Return to Thread: redirect fails when NTLM authentication is used for proxy
| Free embeddable forum powered by Nabble | Forum Help |
