You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@hc.apache.org by "Michael Osipov (JIRA)" <ji...@apache.org> on 2015/07/27 18:34:06 UTC
[jira] [Comment Edited] (HTTPCLIENT-1669) Integrated NTLM Windows
Authentication doesn't work over HTTPS
[ https://issues.apache.org/jira/browse/HTTPCLIENT-1669?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14642953#comment-14642953 ]
Michael Osipov edited comment on HTTPCLIENT-1669 at 7/27/15 4:34 PM:
---------------------------------------------------------------------
This seems to be a problem with squid and not httpclient. It either does not persist the connection or downgrades to HTTP 1.0. Therefore, httpclient dies in the loop. Talk to your local admin.
was (Author: michael-o):
This seems to be a problem wird squid and not httpclient. IT Esther does not persist the connection or downgrades to HTTP 1.0. Therefore, httpclient dies in the loop. Talk to your local Administration.
> Integrated NTLM Windows Authentication doesn't work over HTTPS
> --------------------------------------------------------------
>
> Key: HTTPCLIENT-1669
> URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1669
> Project: HttpComponents HttpClient
> Issue Type: Bug
> Components: HttpClient
> Affects Versions: 4.5
> Environment: Win7 / Squid Proxy 2.7.STABLE8
> Reporter: Reinhold Früsmer
> Priority: Blocker
>
> Hi,
> integrated NTLM Windows Authentication is working properly over HTTP connections, but not over HTTPS.
> The wireshark sequence is as follows:
> 323 10.584292000 192.168.85.96 192.168.85.236 HTTP 182 CONNECT marjory-ttkf.ttsdev.de:443 HTTP/1.1
> 325 10.584539000 192.168.85.236 192.168.85.96 HTTP 1436 HTTP/1.0 407 Proxy Authentication Required (text/html)
> 336 10.645235000 192.168.85.96 192.168.85.236 HTTP 266 CONNECT marjory-ttkf.ttsdev.de:443 HTTP/1.1 , NTLMSSP_NEGOTIATE
> 338 10.658532000 192.168.85.236 192.168.85.96 HTTP 1436 HTTP/1.0 407 Proxy Authentication Required (text/html)
> Connection is closed then.
> With a modified version of MainClientExec#createTunnelToTarget at line 457 it works when adding the following header to the connect request
> >>> connect.addHeader("Proxy-Connection", "Keep-Alive");
> I am not very familiar with the HttpClient code, maybe there's a "cleaner" solution for this or it maybreak other things I am not aware of, but it works in our test cases.
> The Wireshark sequence then becomes:
> 174 4.457754000 192.168.85.96 192.168.85.236 HTTP 212 CONNECT marjory-ttkf.ttsdev.de:443 HTTP/1.1
> 176 4.458258000 192.168.85.236 192.168.85.96 HTTP 1436 HTTP/1.0 407 Proxy Authentication Required (text/html)
> 198 4.513611000 192.168.85.96 192.168.85.236 HTTP 296 CONNECT marjory-ttkf.ttsdev.de:443 HTTP/1.1 , NTLMSSP_NEGOTIATE
> 200 4.519928000 192.168.85.236 192.168.85.96 HTTP 1436 HTTP/1.0 407 Proxy Authentication Required , NTLMSSP_CHALLENGE (text/html)
> 202 4.545414000 192.168.85.96 192.168.85.236 HTTP 504 CONNECT marjory-ttkf.ttsdev.de:443 HTTP/1.1 , NTLMSSP_AUTH, User: TEAMTRAINING\FruesmerRe
> 224 4.606172000 192.168.85.236 192.168.85.96 HTTP 93 HTTP/1.0 200 Connection established
> And continuing happily ....
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org