You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@hc.apache.org by "Michael Osipov (JIRA)" <ji...@apache.org> on 2015/07/27 18:34:06 UTC

[jira] [Comment Edited] (HTTPCLIENT-1669) Integrated NTLM Windows Authentication doesn't work over HTTPS

    [ https://issues.apache.org/jira/browse/HTTPCLIENT-1669?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14642953#comment-14642953 ] 

Michael Osipov edited comment on HTTPCLIENT-1669 at 7/27/15 4:34 PM:
---------------------------------------------------------------------

This seems to be a problem with squid and not httpclient. It either does not persist the connection or downgrades to HTTP 1.0. Therefore,  httpclient dies in the loop. Talk to your local admin. 


was (Author: michael-o):
This seems to be a problem wird squid and not httpclient. IT Esther does not persist the connection or downgrades to HTTP 1.0. Therefore,  httpclient dies in the loop. Talk to your local Administration.

> Integrated NTLM Windows Authentication doesn't work over HTTPS
> --------------------------------------------------------------
>
>                 Key: HTTPCLIENT-1669
>                 URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1669
>             Project: HttpComponents HttpClient
>          Issue Type: Bug
>          Components: HttpClient
>    Affects Versions: 4.5
>         Environment: Win7 / Squid Proxy 2.7.STABLE8
>            Reporter: Reinhold Früsmer
>            Priority: Blocker
>
> Hi,
> integrated NTLM Windows Authentication is working properly over HTTP connections, but not over HTTPS. 
> The wireshark sequence is as follows:
> 323	10.584292000	192.168.85.96	192.168.85.236	HTTP	182	 	CONNECT marjory-ttkf.ttsdev.de:443 HTTP/1.1 
> 325	10.584539000	192.168.85.236	192.168.85.96	HTTP	1436 	HTTP/1.0 407 Proxy Authentication Required  (text/html)
> 336	10.645235000	192.168.85.96	192.168.85.236	HTTP	266	 	CONNECT marjory-ttkf.ttsdev.de:443 HTTP/1.1 , NTLMSSP_NEGOTIATE
> 338	10.658532000	192.168.85.236	192.168.85.96	HTTP	1436 	HTTP/1.0 407 Proxy Authentication Required  (text/html)
> Connection is closed then.
> With a modified version of MainClientExec#createTunnelToTarget at line 457 it works when adding the following header to the connect request
> >>>        connect.addHeader("Proxy-Connection", "Keep-Alive");
> I am not very familiar with the HttpClient code, maybe there's a "cleaner" solution for this or it maybreak other things I am not aware of, but it works in our test cases.
> The Wireshark sequence then becomes:
> 174	4.457754000		192.168.85.96	192.168.85.236	HTTP	212		CONNECT marjory-ttkf.ttsdev.de:443 HTTP/1.1 
> 176	4.458258000		192.168.85.236	192.168.85.96	HTTP	1436	HTTP/1.0 407 Proxy Authentication Required  (text/html)
> 198	4.513611000		192.168.85.96	192.168.85.236	HTTP	296		CONNECT marjory-ttkf.ttsdev.de:443 HTTP/1.1 , NTLMSSP_NEGOTIATE
> 200	4.519928000		192.168.85.236	192.168.85.96	HTTP	1436	HTTP/1.0 407 Proxy Authentication Required , NTLMSSP_CHALLENGE (text/html)
> 202	4.545414000		192.168.85.96	192.168.85.236	HTTP	504		CONNECT marjory-ttkf.ttsdev.de:443 HTTP/1.1 , NTLMSSP_AUTH, User: TEAMTRAINING\FruesmerRe
> 224	4.606172000		192.168.85.236	192.168.85.96	HTTP	93		HTTP/1.0 200 Connection established 
> And continuing happily  ....



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org