You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@hc.apache.org by "Oleg Kalnichevski (JIRA)" <ji...@apache.org> on 2009/06/29 14:29:47 UTC
[jira] Updated: (HTTPCLIENT-856) Proxy NTLM Authentication Redirecting to different address fails saying Proxy Auth Required.

     [ https://issues.apache.org/jira/browse/HTTPCLIENT-856?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Oleg Kalnichevski updated HTTPCLIENT-856:
-----------------------------------------

    Attachment: HTTPCLIENT-856.patch

Raj,

Could you please re-test your application with this patch (attached to the issue) and let me know if that fixes the problem?

Oleg

> Proxy NTLM Authentication  Redirecting to different address fails saying Proxy Auth Required.
> ---------------------------------------------------------------------------------------------
>
>                 Key: HTTPCLIENT-856
>                 URL: https://issues.apache.org/jira/browse/HTTPCLIENT-856
>             Project: HttpComponents HttpClient
>          Issue Type: Bug
>          Components: HttpAuth
>    Affects Versions: 3.1 Final, 4.0 Beta 2
>         Environment: HttpClient , Proxy Authentication (Microsoft ISA server) 
>            Reporter: Raj
>         Attachments: HTTPCLIENT-856.patch
>
>
> The issue has been discussed in,
> http://www.nabble.com/redirect-fails-when-NTLM-authentication-is-used-for-proxy-tt23867531.html
> This was found in http client 3.1 release,  where NTLM proxy authentication is must and the server ask the redirect to a new url, in this case, when redirecting, the earlier proxy auth status is not cleared, so, it does not do proxy authentication for the new URL and hence fails.
> Target Host Authenticaiton NTLM authentication - redirect also had problem and fixed as said,
> http://issues.apache.org/jira/browse/HTTPCLIENT-211
> Proxy Authentication - redirect has to be fixed, 
> The wire logs for the release https://repository.apache.org/content/repositories/snapshots/org/apache/httpcomponents/httpclient/4.0-beta3-SNAPSHOT/
> is given below,
> [DEBUG] wire - >> "GET http://verisign.com HTTP/1.1[EOL]"
> [DEBUG] wire - >> "Host: verisign.com[EOL]"
> [DEBUG] wire - >> "Proxy-Connection: Keep-Alive[EOL]"
> [DEBUG] wire - >> "User-Agent: Apache-HttpClient/UNAVAILABLE (java 1.5)[EOL]"
> [DEBUG] wire - >> "[EOL]"
> [DEBUG] wire - << "HTTP/1.1 407 Proxy Authentication Required ( The ISA Server requires authorization to fulfill the request. Access to the Web Proxy filter is denied.  )[EOL]"
> [DEBUG] wire - << "Via: 1.1 lab1[EOL]"
> [DEBUG] wire - << "Proxy-Authenticate: Negotiate[EOL]"
> [DEBUG] wire - << "Proxy-Authenticate: Kerberos[EOL]"
> [DEBUG] wire - << "Proxy-Authenticate: NTLM[EOL]"
> [DEBUG] wire - << "Proxy-Authenticate: Basic realm="lab1."[EOL]"
> [DEBUG] wire - << "Connection: Keep-Alive[EOL]"
> [DEBUG] wire - << "Proxy-Connection: Keep-Alive[EOL]"
> [DEBUG] wire - << "Pragma: no-cache[EOL]"
> [DEBUG] wire - << "Cache-Control: no-cache[EOL]"
> [DEBUG] wire - << "Content-Type: text/html[EOL]"
> [DEBUG] wire - << "Content-Length: 4107  [EOL]"
> [DEBUG] wire - << "[EOL]"
> [DEBUG] wire - << "<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">[\r][\n]"
> [DEBUG] wire - << "<HTML><HEAD><TITLE>Error Message</TITLE>[\r][\n]"
> [DEBUG] wire - << "<META http-equiv=Content-Type content="text/html; charset=UTF-8">[\r][\n]"
> [DEBUG] wire - << "<STYLE id=L_default_1>A {[\r][\n]"
> [DEBUG] wire - << "[0x9]FONT-WEIGHT: bold; FONT-SIZE: 10pt; COLOR: #005a80; FONT-FAMILY: tahoma[\r][\n]"
> [DEBUG] wire - << "}[\r][\n]"
> [DEBUG] wire - << "A:hover {[\r][\n]"
> [DEBUG] wire - << "[0x9]FONT-WEIGHT: bold; FONT-SIZE: 10pt; COLOR: #0d3372; FONT-FAMILY: tahoma[\r][\n]"
> [DEBUG] wire - << "}[\r][\n]"
> [DEBUG] wire - << "TD {[\r][\n]"
> [DEBUG] wire - << "[0x9]FONT-SIZE: 8pt; FONT-FAMILY: tahoma[\r][\n]"
> [DEBUG] wire - << "}[\r][\n]"
> [DEBUG] wire - << "TD.titleBorder {[\r][\n]"
> [DEBUG] wire - << "[0x9]BORDER-RIGHT: #955319 1px solid; BORDER-TOP: #955319 1px solid; PADDING-LEFT: 8px; FONT-WEIGHT: bold; FONT-SIZE: 12pt; VERTICAL-ALIGN: middle; BORDER-LEFT: #955319 0px solid; COLOR: #955319; BORDER-BOTTOM: #955319 1px solid; FONT-FAMILY: tahoma; HEIGHT: 35px; BACKGROUND-COLOR: #d2b87a; TEXT-ALIGN: left[\r][\n]"
> [DEBUG] wire - << "}[\r][\n]"
> [DEBUG] wire - << "TD.titleBorder_x {[\r][\n]"
> [DEBUG] wire - << "[0x9]BORDER-RIGHT: #955319 0px solid; BORDER-TOP: #955319 1px solid; PADDING-LEFT: 8px; FONT-WEIGHT: bold; FONT-SIZE: 12pt; VERTICAL-ALIGN: middle; BORDER-LEFT: #955319 1px solid; COLOR: #978c79; BORDER-BOTTOM: #955319 1px solid; FONT-FAMILY: tahoma; HEIGHT: 35px; BACKGROUND-COLOR: #d2b87a; TEXT-ALIGN: left[\r][\n]"
> [DEBUG] wire - << "}[\r][\n]"
> [DEBUG] wire - << ".TitleDescription {[\r][\n]"
> [DEBUG] wire - << "[0x9]FONT-WEIGHT: bold; FONT-SIZE: 12pt; COLOR: black; FONT-FAMILY: tahoma[\r][\n]"
> [DEBUG] wire - << "}[\r][\n]"
> [DEBUG] wire - << "SPAN.explain {[\r][\n]"
> [DEBUG] wire - << "[0x9]FONT-WEIGHT: normal; FONT-SIZE: 10pt; COLOR: #934225[\r][\n]"
> [DEBUG] wire - << "}[\r][\n]"
> [DEBUG] wire - << "SPAN.TryThings {[\r][\n]"
> [DEBUG] wire - << "[0x9]FONT-WEIGHT: normal; FONT-SIZE: 10pt; COLOR: #934225[\r][\n]"
> [DEBUG] wire - << "}[\r][\n]"
> [DEBUG] wire - << ".TryList {[\r][\n]"
> [DEBUG] wire - << "[0x9]MARGIN-TOP: 5px; FONT-WEIGHT: normal; FONT-SIZE: 8pt; COLOR: black; FONT-FAMILY: tahoma[\r][\n]"
> [DEBUG] wire - << "}[\r][\n]"
> [DEBUG] wire - << ".X {[\r][\n]"
> [DEBUG] wire - << "[0x9]BORDER-RIGHT: #955319 1px solid; BORDER-TOP: #955319 1px solid; FONT-WEIGHT: normal; FONT-SIZE: 12pt; BORDER-LEFT: #955319 1px solid; COLOR: #7b3807; BORDER-BOTTOM: #955319 1px solid; FONT-FAMILY: verdana; BACKGROUND-COLOR: #d1c2b4[\r][\n]"
> [DEBUG] wire - << "}[\r][\n]"
> [DEBUG] wire - << ".adminList {[\r][\n]"
> [DEBUG] wire - << "[0x9]MARGIN-TOP: 2px[\r][\n]"
> [DEBUG] wire - << "}[\r][\n]"
> [DEBUG] wire - << "</STYLE>[\r][\n]"
> [DEBUG] wire - << "<META content="MSHTML 6.00.2800.1170" name=GENERATOR></HEAD>[\r][\n]"
> [DEBUG] wire - << "<BODY bgColor=#f3f3ed>[\r][\n]"
> [DEBUG] wire - << "<TABLE cellSpacing=0 cellPadding=0 width="100%">[\r][\n]"
> [DEBUG] wire - << "  <TBODY>[\r][\n]"
> [DEBUG] wire - << "  <TR>[\r][\n]"
> [DEBUG] wire - << "    <TD class=titleborder_x width=30>[\r][\n]"
> [DEBUG] wire - << "      <TABLE height=25 cellSpacing=2 cellPadding=0 width=25 bgColor=black>[\r][\n]"
> [DEBUG] wire - << "        <TBODY>[\r][\n]"
> [DEBUG] wire - << "        <TR>[\r][\n]"
> [DEBUG] wire - << "          <TD class=x vAlign=center alig"
> [DEBUG] wire - << "n=middle>X</TD>[\r][\n]"
> [DEBUG] wire - << "        </TR>[\r][\n]"
> [DEBUG] wire - << "        </TBODY>[\r][\n]"
> [DEBUG] wire - << "      </TABLE>[\r][\n]"
> [DEBUG] wire - << "    </TD>[\r][\n]"
> [DEBUG] wire - << "    <TD class=titleBorder id=L_default_2>Network Access Message:<SPAN class=TitleDescription> The page cannot be displayed</SPAN> </TD>[\r][\n]"
> [DEBUG] wire - << "  </TR>[\r][\n]"
> [DEBUG] wire - << "  </TBODY>[\r][\n]"
> [DEBUG] wire - << "</TABLE>[\r][\n]"
> [DEBUG] wire - << "[\r][\n]"
> [DEBUG] wire - << "<TABLE id=spacer>[\r][\n]"
> [DEBUG] wire - << "  <TBODY>[\r][\n]"
> [DEBUG] wire - << "  <TR>[\r][\n]"
> [DEBUG] wire - << "    <TD height=10></TD></TR></TBODY></TABLE>[\r][\n]"
> [DEBUG] wire - << "<TABLE width=400>[\r][\n]"
> [DEBUG] wire - << "  <TBODY>[\r][\n]"
> [DEBUG] wire - << "  <TR>[\r][\n]"
> [DEBUG] wire - << "    <TD noWrap width=25></TD>[\r][\n]"
> [DEBUG] wire - << "    <TD width=400><SPAN class=explain><ID id=L_default_3><B>Explanation:</B></ID></SPAN><ID id=L_default_4> There is a problem with the page you are trying to reach and it cannot be displayed. </ID><BR><BR>[\r][\n]"
> [DEBUG] wire - << "    <B><SPAN class=tryThings><ID id=L_default_5><B>Try the following:</B></ID></SPAN></B> [\r][\n]"
> [DEBUG] wire - << "      <UL class=TryList>[\r][\n]"
> [DEBUG] wire - << "        <LI id=L_default_6><B>Refresh page:</B> Search for the page again by clicking the Refresh button. The timeout may have occurred due to Internet congestion.[\r][\n]"
> [DEBUG] wire - << "<LI id=L_default_7><B>Check spelling:</B> Check that you typed the Web page address correctly. The address may have been mistyped.[\r][\n]"
> [DEBUG] wire - << "<LI id=L_default_8><B>Access from a link:</B> If there is a link to the page you are looking for, try accessing the page from that link.[\r][\n]"
> [DEBUG] wire - << "[\r][\n]"
> [DEBUG] wire - << "      </UL>[\r][\n]"
> [DEBUG] wire - << "<ID id=L_default_9>If you are still not able to view the requested page, try contacting your administrator or Helpdesk.</ID> <BR><BR>[\r][\n]"
> [DEBUG] wire - << "    </TD>[\r][\n]"
> [DEBUG] wire - << "  </TR>[\r][\n]"
> [DEBUG] wire - << "  </TBODY>[\r][\n]"
> [DEBUG] wire - << "</TABLE>[\r][\n]"
> [DEBUG] wire - << "[\r][\n]"
> [DEBUG] wire - << "<TABLE id=spacer><TBODY><TR><TD height=15></TD></TR></TBODY></TABLE>[\r][\n]"
> [DEBUG] wire - << "[\r][\n]"
> [DEBUG] wire - << "<TABLE width=400>[\r][\n]"
> [DEBUG] wire - << "  <TBODY>[\r][\n]"
> [DEBUG] wire - << "  <TR>[\r][\n]"
> [DEBUG] wire - << "    <TD noWrap width=25></TD>[\r][\n]"
> [DEBUG] wire - << "    <TD width=400 id=L_default_10><B>Technical Information (for support personnel)</B> [\r][\n]"
> [DEBUG] wire - << "      <UL class=adminList>[\r][\n]"
> [DEBUG] wire - << "        <LI id=L_default_11>Error Code: 407 Proxy Authentication Required. The ISA Server requires authorization to fulfill the request. Access to the Web Proxy filter is denied. (12209)[\r][\n]"
> [DEBUG] wire - << "<LI id=L_default_12>IP Address: x.x.x.x[\r][\n]"
> [DEBUG] wire - << "<LI id=L_default_13>Date: 6/29/2009 11:15:15 AM [GMT][\r][\n]"
> [DEBUG] wire - << "<LI id=L_default_14>Server: lab1[\r][\n]"
> [DEBUG] wire - << "<LI id=L_default_15>Source: proxy[\r][\n]"
> [DEBUG] wire - << "[\r][\n]"
> [DEBUG] wire - << "      </UL>[\r][\n]"
> [DEBUG] wire - << "    </TD>[\r][\n]"
> [DEBUG] wire - << "  </TR>[\r][\n]"
> [DEBUG] wire - << "  </TBODY>[\r][\n]"
> [DEBUG] wire - << "</TABLE>[\r][\n]"
> [DEBUG] wire - << "[\r][\n]"
> [DEBUG] wire - << "</BODY>[\r][\n]"
> [DEBUG] wire - << "</HTML>[\r][\n]"
> [DEBUG] wire - << "[\r][\n]"
> [DEBUG] wire - >> "GET http://verisign.com HTTP/1.1[EOL]"
> [DEBUG] wire - >> "Host: verisign.com[EOL]"
> [DEBUG] wire - >> "Proxy-Connection: Keep-Alive[EOL]"
> [DEBUG] wire - >> "User-Agent: Apache-HttpClient/UNAVAILABLE (java 1.5)[EOL]"
> [DEBUG] wire - >> "Proxy-Authorization: NTLM TlRMTVNTUAABAAAAATIAAAgACAAgAAAADgAOACgAAABNWURPTUFJTkpDSUZTMjMwXzg2Xzkx[EOL]"
> [DEBUG] wire - >> "[EOL]"
> [DEBUG] wire - << "HTTP/1.1 407 Proxy Authentication Required ( Access is denied.  )[EOL]"
> [DEBUG] wire - << "Via: 1.1 lab1[EOL]"
> [DEBUG] wire - << "Proxy-Authenticate: NTLM TlRMTVNTUAACAAAAAAAAADgAAAABAgACqbXrIWnZ3i4AAAAAAAAAAAAAAAA4AAAABQLODgAAAA8=[EOL]"
> [DEBUG] wire - << "Connection: Keep-Alive[EOL]"
> [DEBUG] wire - << "Proxy-Connection: Keep-Alive[EOL]"
> [DEBUG] wire - << "Pragma: no-cache[EOL]"
> [DEBUG] wire - << "Cache-Control: no-cache[EOL]"
> [DEBUG] wire - << "Content-Type: text/html[EOL]"
> [DEBUG] wire - << "Content-Length: 0     [EOL]"
> [DEBUG] wire - << "[EOL]"
> [DEBUG] wire - >> "GET http://verisign.com HTTP/1.1[EOL]"
> [DEBUG] wire - >> "Host: verisign.com[EOL]"
> [DEBUG] wire - >> "Proxy-Connection: Keep-Alive[EOL]"
> [DEBUG] wire - >> "User-Agent: Apache-HttpClient/UNAVAILABLE (java 1.5)[EOL]"
> [DEBUG] wire - >> "Proxy-Authorization: NTLM TlRMTVNTUAADAAAAGAAYAEAAAAAwADAAWAAAABAAEACIAAAAGgAaAJgAAAAcABwAsgAAAAAAAAAAAAAAAQIAAAXLpW40q7jqh7E6FgFnJqy9529ANaSLqfTiwjyF2BrUP9F8ObYOyYsBAQAAAAAAACDgxRg9+skBRt4mUOFFCs0AAAAAAAAAAE0AWQBEAE8ATQBBAEkATgBBAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAEoAQwBJAEYAUwAyADMAMABfADgANgBfADkAMQA=[EOL]"
> [DEBUG] wire - >> "[EOL]"
> [DEBUG] wire - << "HTTP/1.1 301 Unknown reason[EOL]"
> [DEBUG] wire - << "Via: 1.1 lab1[EOL]"
> [DEBUG] wire - << "Connection: Keep-Alive[EOL]"
> [DEBUG] wire - << "Proxy-Connection: Keep-Alive[EOL]"
> [DEBUG] wire - << "Content-length: 0[EOL]"
> [DEBUG] wire - << "Date: Mon, 29 Jun 2009 11:16:50 GMT[EOL]"
> [DEBUG] wire - << "Location: http://www.verisign.com/[EOL]"
> [DEBUG] wire - << "Content-type: text/html[EOL]"
> [DEBUG] wire - << "Server: Netscape-Enterprise/4.1[EOL]"
> [DEBUG] wire - << "[EOL]"
> [ERROR] RequestProxyAuthentication - Proxy authentication error: Unexpected state: MSG_TYPE3_GENERATED
> [DEBUG] wire - >> "GET http://www.verisign.com/ HTTP/1.1[EOL]"
> [DEBUG] wire - >> "Host: www.verisign.com[EOL]"
> [DEBUG] wire - >> "Proxy-Connection: Keep-Alive[EOL]"
> [DEBUG] wire - >> "User-Agent: Apache-HttpClient/UNAVAILABLE (java 1.5)[EOL]"
> [DEBUG] wire - >> "[EOL]"
> [DEBUG] wire - << "HTTP/1.1 407 Proxy Authentication Required ( The ISA Server requires authorization to fulfill the request. Access to the Web Proxy filter is denied.  )[EOL]"
> [DEBUG] wire - << "Via: 1.1 lab1[EOL]"
> [DEBUG] wire - << "Proxy-Authenticate: Negotiate[EOL]"
> [DEBUG] wire - << "Proxy-Authenticate: Kerberos[EOL]"
> [DEBUG] wire - << "Proxy-Authenticate: NTLM[EOL]"
> [DEBUG] wire - << "Proxy-Authenticate: Basic realm="lab1."[EOL]"
> [DEBUG] wire - << "Connection: Keep-Alive[EOL]"
> [DEBUG] wire - << "Proxy-Connection: Keep-Alive[EOL]"
> [DEBUG] wire - << "Pragma: no-cache[EOL]"
> [DEBUG] wire - << "Cache-Control: no-cache[EOL]"
> [DEBUG] wire - << "Content-Type: text/html[EOL]"
> [DEBUG] wire - << "Content-Length: 4107  [EOL]"
> [DEBUG] wire - << "[EOL]"
> ----------------------------------------
> HTTP/1.1 407 Proxy Authentication Required ( The ISA Server requires authorization to fulfill the request. Access to the Web Proxy filter is denied.  )
> Thanks,
> Raj

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org