You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@hc.apache.org by "Michael Osipov (JIRA)" <ji...@apache.org> on 2015/07/27 18:29:05 UTC
[jira] [Commented] (HTTPCLIENT-1669) Integrated NTLM Windows
Authentication doesn't work over HTTPS
[ https://issues.apache.org/jira/browse/HTTPCLIENT-1669?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14642953#comment-14642953 ]
Michael Osipov commented on HTTPCLIENT-1669:
--------------------------------------------
This seems to be a problem wird squid and not httpclient. IT Esther does not persist the connection or downgrades to HTTP 1.0. Therefore, httpclient dies in the loop. Talk to your local Administration.
> Integrated NTLM Windows Authentication doesn't work over HTTPS
> --------------------------------------------------------------
>
> Key: HTTPCLIENT-1669
> URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1669
> Project: HttpComponents HttpClient
> Issue Type: Bug
> Components: HttpClient
> Affects Versions: 4.5
> Environment: Win7 / Squid Proxy 2.7.STABLE8
> Reporter: Reinhold Früsmer
> Priority: Blocker
>
> Hi,
> integrated NTLM Windows Authentication is working properly over HTTP connections, but not over HTTPS.
> The wireshark sequence is as follows:
> 323 10.584292000 192.168.85.96 192.168.85.236 HTTP 182 CONNECT marjory-ttkf.ttsdev.de:443 HTTP/1.1
> 325 10.584539000 192.168.85.236 192.168.85.96 HTTP 1436 HTTP/1.0 407 Proxy Authentication Required (text/html)
> 336 10.645235000 192.168.85.96 192.168.85.236 HTTP 266 CONNECT marjory-ttkf.ttsdev.de:443 HTTP/1.1 , NTLMSSP_NEGOTIATE
> 338 10.658532000 192.168.85.236 192.168.85.96 HTTP 1436 HTTP/1.0 407 Proxy Authentication Required (text/html)
> Connection is closed then.
> With a modified version of MainClientExec#createTunnelToTarget at line 457 it works when adding the following header to the connect request
> >>> connect.addHeader("Proxy-Connection", "Keep-Alive");
> I am not very familiar with the HttpClient code, maybe there's a "cleaner" solution for this or it maybreak other things I am not aware of, but it works in our test cases.
> The Wireshark sequence then becomes:
> 174 4.457754000 192.168.85.96 192.168.85.236 HTTP 212 CONNECT marjory-ttkf.ttsdev.de:443 HTTP/1.1
> 176 4.458258000 192.168.85.236 192.168.85.96 HTTP 1436 HTTP/1.0 407 Proxy Authentication Required (text/html)
> 198 4.513611000 192.168.85.96 192.168.85.236 HTTP 296 CONNECT marjory-ttkf.ttsdev.de:443 HTTP/1.1 , NTLMSSP_NEGOTIATE
> 200 4.519928000 192.168.85.236 192.168.85.96 HTTP 1436 HTTP/1.0 407 Proxy Authentication Required , NTLMSSP_CHALLENGE (text/html)
> 202 4.545414000 192.168.85.96 192.168.85.236 HTTP 504 CONNECT marjory-ttkf.ttsdev.de:443 HTTP/1.1 , NTLMSSP_AUTH, User: TEAMTRAINING\FruesmerRe
> 224 4.606172000 192.168.85.236 192.168.85.96 HTTP 93 HTTP/1.0 200 Connection established
> And continuing happily ....
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org