You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@hc.apache.org by "Oleg Kalnichevski (JIRA)" <ji...@apache.org> on 2013/01/18 16:18:12 UTC
[jira] [Resolved] (HTTPCLIENT-1300) HttpClient does not retry authentication when multiple challenges are present if the primary one fails

     [ https://issues.apache.org/jira/browse/HTTPCLIENT-1300?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Oleg Kalnichevski resolved HTTPCLIENT-1300.
-------------------------------------------

    Resolution: Invalid

Please look at the log more carefully. HttpClient does try both schemes
---
DEBUG (15:42:25,201) org.apache.http.client.protocol.RequestTargetAuthentication - Generating response to an authentication challenge using Negotiate scheme
 WARN (15:42:25,202) org.apache.http.client.protocol.RequestTargetAuthentication - NEGOTIATE authentication error: No valid credentials provided (Mechanism level: No valid credentials provided (Mechanism level: Failed to find any Kerberos tgt))
...
DEBUG (15:42:25,202) org.apache.http.client.protocol.RequestTargetAuthentication - Generating response to an authentication challenge using ntlm scheme
...
DEBUG (15:42:25,203) org.apache.http.wire - >> "GET /is/orchesthp/SitePages/Home.aspx HTTP/1.1[\r][\n]"
DEBUG (15:42:25,203) org.apache.http.wire - >> "Host: collaboration-mptf-int.sharepoint.resources.noxiane.net[\r][\n]"
...
DEBUG (15:42:25,203) org.apache.http.wire - >> "Authorization: NTLM TlRMTVNTUAABAAAAkYII4gAAAAAoAAAAAAAAACgAAAAFASgKAAAADw==[\r][\n]"
---

Oleg 
                
> HttpClient does not retry authentication when multiple challenges are present if the primary one fails 
> -------------------------------------------------------------------------------------------------------
>
>                 Key: HTTPCLIENT-1300
>                 URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1300
>             Project: HttpComponents HttpClient
>          Issue Type: Bug
>          Components: HttpClient
>    Affects Versions: 4.2.2, 4.2.3
>         Environment: Windows 2008 R2 SP1
>            Reporter: Michael
>         Attachments: httpClient_4.2.2.log, httpClient_4.2.3.log
>
>
> Hello, 
> When you communicate with a Microsoft SharePoint server (which is IIS 7.5), you have only two Providers Authentification configured in following order : Negotiate, NTLM. 
> HTTPCLIENT tries Negotiate, but never tries NTLMv2 and it's failing. I tried with Apache HTTPCOMPONENTS 4.2.2 and 4.2.3. 
>  I got following message : 
> {errorMessage=Wrong username or password was provided;returnCode=-1;Result=PAGE_NOT_FOUND;status=HTTP/1.1 401 Unauthorized;urls=;responseTimeInMs=6844;responseHeaders=Server: Microsoft-IIS/7.5,SPRequestGuid: 60de579b-9c73-4e61-9638-3dd0de48516d,WWW-Authenticate: Negotiate,WWW-Authenticate: NTLM,X-Powered-By: ASP.NET,MicrosoftSharePointTeamServices: 14.0.0.6117,X-MS-InvokeApp: 1; RequireReadOnly,Date: Fri, 18 Jan 2013 14:06:56 GMT,Content-Length: 0;document=;httpResult=UNAUTHORIZED;sessionId=iconclude-5340417449766813898;pageLoadTimeInMs=0;resultText=PAGE_NOT_FOUND;URL=http://collaboration-mptf-int.sharepoint.resources.noxiane.net/is/orchesthp/SitePages/Home.aspx;} 
> Here is the log4j debugger: 
> DEBUG (15:00:26,777) org.apache.http.client.protocol.RequestAddCookies - CookieSpec selected: best-match 
> DEBUG (15:00:26,929) org.apache.http.client.protocol.RequestAuthCache - Auth cache not set in the context 
> DEBUG (15:00:26,929) org.apache.http.client.protocol.RequestTargetAuthentication - Target auth state: UNCHALLENGED 
> DEBUG (15:00:26,935) org.apache.http.client.protocol.RequestProxyAuthentication - Proxy auth state: UNCHALLENGED 
> DEBUG (15:00:26,935) org.apache.http.impl.client.DefaultHttpClient - Attempt 1 to execute request 
> DEBUG (15:00:26,949) org.apache.http.wire - >> "GET /is/orchesthp/SitePages/Home.aspx HTTP/1.1[\r][\n]" 
> DEBUG (15:00:26,972) org.apache.http.wire - >> "Host: collaboration-mptf-int.sharepoint.resources.noxiane.net[\r][\n]" 
> DEBUG (15:00:26,972) org.apache.http.wire - >> "Connection: Keep-Alive[\r][\n]" 
> DEBUG (15:00:26,972) org.apache.http.wire - >> "User-Agent: Apache-HttpClient/4.2.2 (java 1.5)[\r][\n]" 
> DEBUG (15:00:26,972) org.apache.http.wire - >> "[\r][\n]" 
> DEBUG (15:00:26,977) org.apache.http.wire - << "HTTP/1.1 401 Unauthorized[\r][\n]" 
> DEBUG (15:00:27,007) org.apache.http.wire - << "Server: Microsoft-IIS/7.5[\r][\n]" 
> DEBUG (15:00:27,007) org.apache.http.wire - << "SPRequestGuid: 90d86bed-0465-4485-9cbc-e561497b7da2[\r][\n]" 
> DEBUG (15:00:27,007) org.apache.http.wire - << "WWW-Authenticate: Negotiate[\r][\n]" 
> DEBUG (15:00:27,007) org.apache.http.wire - << "WWW-Authenticate: NTLM[\r][\n]" 
> DEBUG (15:00:27,007) org.apache.http.wire - << "X-Powered-By: ASP.NET[\r][\n]" 
> DEBUG (15:00:27,007) org.apache.http.wire - << "MicrosoftSharePointTeamServices: 14.0.0.6117[\r][\n]" 
> DEBUG (15:00:27,007) org.apache.http.wire - << "X-MS-InvokeApp: 1; RequireReadOnly[\r][\n]" 
> DEBUG (15:00:27,007) org.apache.http.wire - << "Date: Fri, 18 Jan 2013 14:00:06 GMT[\r][\n]" 
> DEBUG (15:00:27,007) org.apache.http.wire - << "Content-Length: 0[\r][\n]" 
> DEBUG (15:00:27,008) org.apache.http.wire - << "[\r][\n]" 
> DEBUG (15:00:27,056) org.apache.http.impl.client.DefaultHttpClient - Connection can be kept alive indefinitely 
> DEBUG (15:00:27,057) org.apache.http.impl.client.DefaultHttpClient - Authentication required 
> DEBUG (15:00:27,057) org.apache.http.impl.client.DefaultHttpClient - collaboration-mptf-int.sharepoint.resources.noxiane.net:80 requested authentication 
> DEBUG (15:00:27,075) org.apache.http.impl.client.TargetAuthenticationStrategy - Authentication schemes in the order of preference: [negotiate, Kerberos, NTLM, Digest, Basic] 
> DEBUG (15:00:27,151) org.apache.http.impl.client.TargetAuthenticationStrategy - Challenge for Kerberos authentication scheme not available 
> DEBUG (15:00:27,217) org.apache.http.impl.client.TargetAuthenticationStrategy - Challenge for Digest authentication scheme not available 
> DEBUG (15:00:27,218) org.apache.http.impl.client.TargetAuthenticationStrategy - Challenge for Basic authentication scheme not available 
> DEBUG (15:00:27,218) org.apache.http.impl.client.DefaultHttpClient - Selected authentication options: [NEGOTIATE, NTLM] 
> DEBUG (15:00:27,224) org.apache.http.client.protocol.RequestAddCookies - CookieSpec selected: best-match 
> DEBUG (15:00:27,225) org.apache.http.client.protocol.RequestAuthCache - Auth cache not set in the context 
> DEBUG (15:00:27,225) org.apache.http.client.protocol.RequestTargetAuthentication - Target auth state: CHALLENGED 
> DEBUG (15:00:27,225) org.apache.http.client.protocol.RequestTargetAuthentication - Generating response to an authentication challenge using Negotiate scheme 
>  WARN (15:00:34,353) org.apache.http.client.protocol.RequestTargetAuthentication - NEGOTIATE authentication error: No valid credentials provided (Mechanism level: No valid credentials provided (Mechanism level: Failed to find any Kerberos tgt)) 
> DEBUG (15:00:34,353) org.apache.http.client.protocol.RequestTargetAuthentication - Generating response to an authentication challenge using ntlm scheme 
> DEBUG (15:00:34,366) org.apache.http.client.protocol.RequestProxyAuthentication - Proxy auth state: UNCHALLENGED 
> DEBUG (15:00:34,366) org.apache.http.impl.client.DefaultHttpClient - Attempt 2 to execute request 
> DEBUG (15:00:34,367) org.apache.http.wire - >> "GET /is/orchesthp/SitePages/Home.aspx HTTP/1.1[\r][\n]" 
> DEBUG (15:00:34,367) org.apache.http.wire - >> "Host: collaboration-mptf-int.sharepoint.resources.noxiane.net[\r][\n]" 
> DEBUG (15:00:34,367) org.apache.http.wire - >> "Connection: Keep-Alive[\r][\n]" 
> DEBUG (15:00:34,367) org.apache.http.wire - >> "User-Agent: Apache-HttpClient/4.2.2 (java 1.5)[\r][\n]" 
> DEBUG (15:00:34,367) org.apache.http.wire - >> "Authorization: NTLM TlRMTVNTUAABAAAANQIIIAgACABMAAAALAAsACAAAABDAE8ATABMAEEAQgBPAFIAQQBUAEkATwBOAC0ATQBQAFQARgAtAEkATgBUAEMATwBSAFAA[\r][\n]" 
> DEBUG (15:00:34,367) org.apache.http.wire - >> "[\r][\n]" 
> DEBUG (15:00:34,370) org.apache.http.wire - << "HTTP/1.1 401 Unauthorized[\r][\n]" 
> DEBUG (15:00:34,370) org.apache.http.wire - << "Server: Microsoft-IIS/7.5[\r][\n]" 
> DEBUG (15:00:34,370) org.apache.http.wire - << "SPRequestGuid: cfb6e459-429e-46da-b161-6d960808d5b8[\r][\n]" 
> DEBUG (15:00:34,370) org.apache.http.wire - << "WWW-Authenticate: NTLM TlRMTVNTUAACAAAAFAAUADgAAAA1AokiFxDqE0xWbnYAAAAAAAAAACABIAFMAAAABgGxHQAAAA9TAEgAQQBSAEUAUABPAEkATgBUAAIAFABTAEgAQQBSAEUAUABPAEkATgBUAAEAHgBNAFAAVABGAC0ASQBOAFQALQBXAEYARQAtADAAMgAEAEAAcwBoAGEAcgBlAHAAbwBpAG4AdAAuAHIAZQBzAG8AdQByAGMAZQBzAC4AbgBvAHgAaQBhAG4AZQAuAG4AZQB0AAMAYABNAFAAVABGAC0ASQBOAFQALQBXAEYARQAtADAAMgAuAHMAaABhAHIAZQBwAG8AaQBuAHQALgByAGUAcwBvAHUAcgBjAGUAcwAuAG4AbwB4AGkAYQBuAGUALgBuAGUAdAAFACoAcgBlAHMAbwB1AHIAYwBlAHMALgBuAG8AeABpAGEAbgBlAC4AbgBlAHQABwAIABqLNyOE9c0BAAAAAA==[\r][\n]" 
> DEBUG (15:00:34,370) org.apache.http.wire - << "WWW-Authenticate: Negotiate[\r][\n]" 
> DEBUG (15:00:34,370) org.apache.http.wire - << "X-Powered-By: ASP.NET[\r][\n]" 
> DEBUG (15:00:34,370) org.apache.http.wire - << "MicrosoftSharePointTeamServices: 14.0.0.6117[\r][\n]" 
> DEBUG (15:00:34,370) org.apache.http.wire - << "X-MS-InvokeApp: 1; RequireReadOnly[\r][\n]" 
> DEBUG (15:00:34,370) org.apache.http.wire - << "Date: Fri, 18 Jan 2013 14:00:13 GMT[\r][\n]" 
> DEBUG (15:00:34,370) org.apache.http.wire - << "Content-Length: 0[\r][\n]" 
> DEBUG (15:00:34,370) org.apache.http.wire - << "[\r][\n]" 
> DEBUG (15:00:34,371) org.apache.http.impl.client.DefaultHttpClient - Connection can be kept alive indefinitely 
> DEBUG (15:00:34,371) org.apache.http.impl.client.DefaultHttpClient - Authentication required 
> DEBUG (15:00:34,371) org.apache.http.impl.client.DefaultHttpClient - collaboration-mptf-int.sharepoint.resources.noxiane.net:80 requested authentication 
> DEBUG (15:00:34,371) org.apache.http.impl.client.DefaultHttpClient - Authorization challenge processed 
> DEBUG (15:00:34,371) org.apache.http.client.protocol.RequestAddCookies - CookieSpec selected: best-match 
> DEBUG (15:00:34,371) org.apache.http.client.protocol.RequestAuthCache - Auth cache not set in the context 
> DEBUG (15:00:34,372) org.apache.http.client.protocol.RequestTargetAuthentication - Target auth state: HANDSHAKE 
> DEBUG (15:00:34,408) org.apache.http.client.protocol.RequestProxyAuthentication - Proxy auth state: UNCHALLENGED 
> DEBUG (15:00:34,408) org.apache.http.impl.client.DefaultHttpClient - Attempt 3 to execute request 
> DEBUG (15:00:34,409) org.apache.http.wire - >> "GET /is/orchesthp/SitePages/Home.aspx HTTP/1.1[\r][\n]" 
> DEBUG (15:00:34,409) org.apache.http.wire - >> "Host: collaboration-mptf-int.sharepoint.resources.noxiane.net[\r][\n]" 
> DEBUG (15:00:34,409) org.apache.http.wire - >> "Connection: Keep-Alive[\r][\n]" 
> DEBUG (15:00:34,409) org.apache.http.wire - >> "User-Agent: Apache-HttpClient/4.2.2 (java 1.5)[\r][\n]" 
> DEBUG (15:00:34,409) org.apache.http.wire - >> "Authorization: NTLM TlRMTVNTUAADAAAAGAAYAEAAAABMAUwBWAAAAAgACACkAQAADgAOAKwBAAAsACwAugEAAAAAAADmAQAANQIIICipdbok35bE6eJidUu0pi4IMMUcKJouzIX2Ucophb8Nl5+9qtEuOzoBAQAAAAAAAICucS+E9c0BCDDFHCiaLswAAAAAAgAUAFMASABBAFIARQBQAE8ASQBOAFQAAQAeAE0AUABUAEYALQBJAE4AVAAtAFcARgBFAC0AMAAyAAQAQABzAGgAYQByAGUAcABvAGkAbgB0AC4AcgBlAHMAbwB1AHIAYwBlAHMALgBuAG8AeABpAGEAbgBlAC4AbgBlAHQAAwBgAE0AUABUAEYALQBJAE4AVAAtAFcARgBFAC0AMAAyAC4AcwBoAGEAcgBlAHAAbwBpAG4AdAAuAHIAZQBzAG8AdQByAGMAZQBzAC4AbgBvAHgAaQBhAG4AZQAuAG4AZQB0AAUAKgByAGUAcwBvAHUAcgBjAGUAcwAuAG4AbwB4AGkAYQBuAGUALgBuAGUAdAAHAAgAGos3I4T1zQEAAAAAQwBPAFIAUABwADAANgA2ADIAOAAzAEMATwBMAEwAQQBCAE8AUgBBAFQASQBPAE4ALQBNAFAAVABGAC0ASQBOAFQA[\r][\n]" 
> DEBUG (15:00:34,409) org.apache.http.wire - >> "[\r][\n]" 
> DEBUG (15:00:34,512) org.apache.http.wire - << "HTTP/1.1 401 Unauthorized[\r][\n]" 
> DEBUG (15:00:34,512) org.apache.http.wire - << "Server: Microsoft-IIS/7.5[\r][\n]" 
> DEBUG (15:00:34,512) org.apache.http.wire - << "SPRequestGuid: bbb2a76b-1aa8-465c-9335-3a01acfac313[\r][\n]" 
> DEBUG (15:00:34,512) org.apache.http.wire - << "WWW-Authenticate: Negotiate[\r][\n]" 
> DEBUG (15:00:34,512) org.apache.http.wire - << "WWW-Authenticate: NTLM[\r][\n]" 
> DEBUG (15:00:34,513) org.apache.http.wire - << "X-Powered-By: ASP.NET[\r][\n]" 
> DEBUG (15:00:34,513) org.apache.http.wire - << "MicrosoftSharePointTeamServices: 14.0.0.6117[\r][\n]" 
> DEBUG (15:00:34,513) org.apache.http.wire - << "X-MS-InvokeApp: 1; RequireReadOnly[\r][\n]" 
> DEBUG (15:00:34,513) org.apache.http.wire - << "Date: Fri, 18 Jan 2013 14:00:13 GMT[\r][\n]" 
> DEBUG (15:00:34,513) org.apache.http.wire - << "Content-Length: 0[\r][\n]" 
> DEBUG (15:00:34,513) org.apache.http.wire - << "[\r][\n]" 
> DEBUG (15:00:34,513) org.apache.http.impl.client.DefaultHttpClient - Connection can be kept alive indefinitely 
> DEBUG (15:00:34,513) org.apache.http.impl.client.DefaultHttpClient - Authentication required 
> DEBUG (15:00:34,513) org.apache.http.impl.client.DefaultHttpClient - collaboration-mptf-int.sharepoint.resources.noxiane.net:80 requested authentication 
> DEBUG (15:00:34,514) org.apache.http.impl.client.DefaultHttpClient - Authorization challenge processed 
> DEBUG (15:00:34,514) org.apache.http.impl.client.DefaultHttpClient - Authentication failed 
> Thanks very much for your help. Remove Ads. 

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org