You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@hc.apache.org by "Oleg Kalnichevski (JIRA)" <ji...@apache.org> on 2013/01/18 16:18:12 UTC
[jira] [Resolved] (HTTPCLIENT-1300) HttpClient does not retry
authentication when multiple challenges are present if the primary one
fails
[ https://issues.apache.org/jira/browse/HTTPCLIENT-1300?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Oleg Kalnichevski resolved HTTPCLIENT-1300.
-------------------------------------------
Resolution: Invalid
Please look at the log more carefully. HttpClient does try both schemes
---
DEBUG (15:42:25,201) org.apache.http.client.protocol.RequestTargetAuthentication - Generating response to an authentication challenge using Negotiate scheme
WARN (15:42:25,202) org.apache.http.client.protocol.RequestTargetAuthentication - NEGOTIATE authentication error: No valid credentials provided (Mechanism level: No valid credentials provided (Mechanism level: Failed to find any Kerberos tgt))
...
DEBUG (15:42:25,202) org.apache.http.client.protocol.RequestTargetAuthentication - Generating response to an authentication challenge using ntlm scheme
...
DEBUG (15:42:25,203) org.apache.http.wire - >> "GET /is/orchesthp/SitePages/Home.aspx HTTP/1.1[\r][\n]"
DEBUG (15:42:25,203) org.apache.http.wire - >> "Host: collaboration-mptf-int.sharepoint.resources.noxiane.net[\r][\n]"
...
DEBUG (15:42:25,203) org.apache.http.wire - >> "Authorization: NTLM TlRMTVNTUAABAAAAkYII4gAAAAAoAAAAAAAAACgAAAAFASgKAAAADw==[\r][\n]"
---
Oleg
> HttpClient does not retry authentication when multiple challenges are present if the primary one fails
> -------------------------------------------------------------------------------------------------------
>
> Key: HTTPCLIENT-1300
> URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1300
> Project: HttpComponents HttpClient
> Issue Type: Bug
> Components: HttpClient
> Affects Versions: 4.2.2, 4.2.3
> Environment: Windows 2008 R2 SP1
> Reporter: Michael
> Attachments: httpClient_4.2.2.log, httpClient_4.2.3.log
>
>
> Hello,
> When you communicate with a Microsoft SharePoint server (which is IIS 7.5), you have only two Providers Authentification configured in following order : Negotiate, NTLM.
> HTTPCLIENT tries Negotiate, but never tries NTLMv2 and it's failing. I tried with Apache HTTPCOMPONENTS 4.2.2 and 4.2.3.
> I got following message :
> {errorMessage=Wrong username or password was provided;returnCode=-1;Result=PAGE_NOT_FOUND;status=HTTP/1.1 401 Unauthorized;urls=;responseTimeInMs=6844;responseHeaders=Server: Microsoft-IIS/7.5,SPRequestGuid: 60de579b-9c73-4e61-9638-3dd0de48516d,WWW-Authenticate: Negotiate,WWW-Authenticate: NTLM,X-Powered-By: ASP.NET,MicrosoftSharePointTeamServices: 14.0.0.6117,X-MS-InvokeApp: 1; RequireReadOnly,Date: Fri, 18 Jan 2013 14:06:56 GMT,Content-Length: 0;document=;httpResult=UNAUTHORIZED;sessionId=iconclude-5340417449766813898;pageLoadTimeInMs=0;resultText=PAGE_NOT_FOUND;URL=http://collaboration-mptf-int.sharepoint.resources.noxiane.net/is/orchesthp/SitePages/Home.aspx;}
> Here is the log4j debugger:
> DEBUG (15:00:26,777) org.apache.http.client.protocol.RequestAddCookies - CookieSpec selected: best-match
> DEBUG (15:00:26,929) org.apache.http.client.protocol.RequestAuthCache - Auth cache not set in the context
> DEBUG (15:00:26,929) org.apache.http.client.protocol.RequestTargetAuthentication - Target auth state: UNCHALLENGED
> DEBUG (15:00:26,935) org.apache.http.client.protocol.RequestProxyAuthentication - Proxy auth state: UNCHALLENGED
> DEBUG (15:00:26,935) org.apache.http.impl.client.DefaultHttpClient - Attempt 1 to execute request
> DEBUG (15:00:26,949) org.apache.http.wire - >> "GET /is/orchesthp/SitePages/Home.aspx HTTP/1.1[\r][\n]"
> DEBUG (15:00:26,972) org.apache.http.wire - >> "Host: collaboration-mptf-int.sharepoint.resources.noxiane.net[\r][\n]"
> DEBUG (15:00:26,972) org.apache.http.wire - >> "Connection: Keep-Alive[\r][\n]"
> DEBUG (15:00:26,972) org.apache.http.wire - >> "User-Agent: Apache-HttpClient/4.2.2 (java 1.5)[\r][\n]"
> DEBUG (15:00:26,972) org.apache.http.wire - >> "[\r][\n]"
> DEBUG (15:00:26,977) org.apache.http.wire - << "HTTP/1.1 401 Unauthorized[\r][\n]"
> DEBUG (15:00:27,007) org.apache.http.wire - << "Server: Microsoft-IIS/7.5[\r][\n]"
> DEBUG (15:00:27,007) org.apache.http.wire - << "SPRequestGuid: 90d86bed-0465-4485-9cbc-e561497b7da2[\r][\n]"
> DEBUG (15:00:27,007) org.apache.http.wire - << "WWW-Authenticate: Negotiate[\r][\n]"
> DEBUG (15:00:27,007) org.apache.http.wire - << "WWW-Authenticate: NTLM[\r][\n]"
> DEBUG (15:00:27,007) org.apache.http.wire - << "X-Powered-By: ASP.NET[\r][\n]"
> DEBUG (15:00:27,007) org.apache.http.wire - << "MicrosoftSharePointTeamServices: 14.0.0.6117[\r][\n]"
> DEBUG (15:00:27,007) org.apache.http.wire - << "X-MS-InvokeApp: 1; RequireReadOnly[\r][\n]"
> DEBUG (15:00:27,007) org.apache.http.wire - << "Date: Fri, 18 Jan 2013 14:00:06 GMT[\r][\n]"
> DEBUG (15:00:27,007) org.apache.http.wire - << "Content-Length: 0[\r][\n]"
> DEBUG (15:00:27,008) org.apache.http.wire - << "[\r][\n]"
> DEBUG (15:00:27,056) org.apache.http.impl.client.DefaultHttpClient - Connection can be kept alive indefinitely
> DEBUG (15:00:27,057) org.apache.http.impl.client.DefaultHttpClient - Authentication required
> DEBUG (15:00:27,057) org.apache.http.impl.client.DefaultHttpClient - collaboration-mptf-int.sharepoint.resources.noxiane.net:80 requested authentication
> DEBUG (15:00:27,075) org.apache.http.impl.client.TargetAuthenticationStrategy - Authentication schemes in the order of preference: [negotiate, Kerberos, NTLM, Digest, Basic]
> DEBUG (15:00:27,151) org.apache.http.impl.client.TargetAuthenticationStrategy - Challenge for Kerberos authentication scheme not available
> DEBUG (15:00:27,217) org.apache.http.impl.client.TargetAuthenticationStrategy - Challenge for Digest authentication scheme not available
> DEBUG (15:00:27,218) org.apache.http.impl.client.TargetAuthenticationStrategy - Challenge for Basic authentication scheme not available
> DEBUG (15:00:27,218) org.apache.http.impl.client.DefaultHttpClient - Selected authentication options: [NEGOTIATE, NTLM]
> DEBUG (15:00:27,224) org.apache.http.client.protocol.RequestAddCookies - CookieSpec selected: best-match
> DEBUG (15:00:27,225) org.apache.http.client.protocol.RequestAuthCache - Auth cache not set in the context
> DEBUG (15:00:27,225) org.apache.http.client.protocol.RequestTargetAuthentication - Target auth state: CHALLENGED
> DEBUG (15:00:27,225) org.apache.http.client.protocol.RequestTargetAuthentication - Generating response to an authentication challenge using Negotiate scheme
> WARN (15:00:34,353) org.apache.http.client.protocol.RequestTargetAuthentication - NEGOTIATE authentication error: No valid credentials provided (Mechanism level: No valid credentials provided (Mechanism level: Failed to find any Kerberos tgt))
> DEBUG (15:00:34,353) org.apache.http.client.protocol.RequestTargetAuthentication - Generating response to an authentication challenge using ntlm scheme
> DEBUG (15:00:34,366) org.apache.http.client.protocol.RequestProxyAuthentication - Proxy auth state: UNCHALLENGED
> DEBUG (15:00:34,366) org.apache.http.impl.client.DefaultHttpClient - Attempt 2 to execute request
> DEBUG (15:00:34,367) org.apache.http.wire - >> "GET /is/orchesthp/SitePages/Home.aspx HTTP/1.1[\r][\n]"
> DEBUG (15:00:34,367) org.apache.http.wire - >> "Host: collaboration-mptf-int.sharepoint.resources.noxiane.net[\r][\n]"
> DEBUG (15:00:34,367) org.apache.http.wire - >> "Connection: Keep-Alive[\r][\n]"
> DEBUG (15:00:34,367) org.apache.http.wire - >> "User-Agent: Apache-HttpClient/4.2.2 (java 1.5)[\r][\n]"
> DEBUG (15:00:34,367) org.apache.http.wire - >> "Authorization: NTLM TlRMTVNTUAABAAAANQIIIAgACABMAAAALAAsACAAAABDAE8ATABMAEEAQgBPAFIAQQBUAEkATwBOAC0ATQBQAFQARgAtAEkATgBUAEMATwBSAFAA[\r][\n]"
> DEBUG (15:00:34,367) org.apache.http.wire - >> "[\r][\n]"
> DEBUG (15:00:34,370) org.apache.http.wire - << "HTTP/1.1 401 Unauthorized[\r][\n]"
> DEBUG (15:00:34,370) org.apache.http.wire - << "Server: Microsoft-IIS/7.5[\r][\n]"
> DEBUG (15:00:34,370) org.apache.http.wire - << "SPRequestGuid: cfb6e459-429e-46da-b161-6d960808d5b8[\r][\n]"
> DEBUG (15:00:34,370) org.apache.http.wire - << "WWW-Authenticate: NTLM TlRMTVNTUAACAAAAFAAUADgAAAA1AokiFxDqE0xWbnYAAAAAAAAAACABIAFMAAAABgGxHQAAAA9TAEgAQQBSAEUAUABPAEkATgBUAAIAFABTAEgAQQBSAEUAUABPAEkATgBUAAEAHgBNAFAAVABGAC0ASQBOAFQALQBXAEYARQAtADAAMgAEAEAAcwBoAGEAcgBlAHAAbwBpAG4AdAAuAHIAZQBzAG8AdQByAGMAZQBzAC4AbgBvAHgAaQBhAG4AZQAuAG4AZQB0AAMAYABNAFAAVABGAC0ASQBOAFQALQBXAEYARQAtADAAMgAuAHMAaABhAHIAZQBwAG8AaQBuAHQALgByAGUAcwBvAHUAcgBjAGUAcwAuAG4AbwB4AGkAYQBuAGUALgBuAGUAdAAFACoAcgBlAHMAbwB1AHIAYwBlAHMALgBuAG8AeABpAGEAbgBlAC4AbgBlAHQABwAIABqLNyOE9c0BAAAAAA==[\r][\n]"
> DEBUG (15:00:34,370) org.apache.http.wire - << "WWW-Authenticate: Negotiate[\r][\n]"
> DEBUG (15:00:34,370) org.apache.http.wire - << "X-Powered-By: ASP.NET[\r][\n]"
> DEBUG (15:00:34,370) org.apache.http.wire - << "MicrosoftSharePointTeamServices: 14.0.0.6117[\r][\n]"
> DEBUG (15:00:34,370) org.apache.http.wire - << "X-MS-InvokeApp: 1; RequireReadOnly[\r][\n]"
> DEBUG (15:00:34,370) org.apache.http.wire - << "Date: Fri, 18 Jan 2013 14:00:13 GMT[\r][\n]"
> DEBUG (15:00:34,370) org.apache.http.wire - << "Content-Length: 0[\r][\n]"
> DEBUG (15:00:34,370) org.apache.http.wire - << "[\r][\n]"
> DEBUG (15:00:34,371) org.apache.http.impl.client.DefaultHttpClient - Connection can be kept alive indefinitely
> DEBUG (15:00:34,371) org.apache.http.impl.client.DefaultHttpClient - Authentication required
> DEBUG (15:00:34,371) org.apache.http.impl.client.DefaultHttpClient - collaboration-mptf-int.sharepoint.resources.noxiane.net:80 requested authentication
> DEBUG (15:00:34,371) org.apache.http.impl.client.DefaultHttpClient - Authorization challenge processed
> DEBUG (15:00:34,371) org.apache.http.client.protocol.RequestAddCookies - CookieSpec selected: best-match
> DEBUG (15:00:34,371) org.apache.http.client.protocol.RequestAuthCache - Auth cache not set in the context
> DEBUG (15:00:34,372) org.apache.http.client.protocol.RequestTargetAuthentication - Target auth state: HANDSHAKE
> DEBUG (15:00:34,408) org.apache.http.client.protocol.RequestProxyAuthentication - Proxy auth state: UNCHALLENGED
> DEBUG (15:00:34,408) org.apache.http.impl.client.DefaultHttpClient - Attempt 3 to execute request
> DEBUG (15:00:34,409) org.apache.http.wire - >> "GET /is/orchesthp/SitePages/Home.aspx HTTP/1.1[\r][\n]"
> DEBUG (15:00:34,409) org.apache.http.wire - >> "Host: collaboration-mptf-int.sharepoint.resources.noxiane.net[\r][\n]"
> DEBUG (15:00:34,409) org.apache.http.wire - >> "Connection: Keep-Alive[\r][\n]"
> DEBUG (15:00:34,409) org.apache.http.wire - >> "User-Agent: Apache-HttpClient/4.2.2 (java 1.5)[\r][\n]"
> DEBUG (15:00:34,409) org.apache.http.wire - >> "Authorization: NTLM TlRMTVNTUAADAAAAGAAYAEAAAABMAUwBWAAAAAgACACkAQAADgAOAKwBAAAsACwAugEAAAAAAADmAQAANQIIICipdbok35bE6eJidUu0pi4IMMUcKJouzIX2Ucophb8Nl5+9qtEuOzoBAQAAAAAAAICucS+E9c0BCDDFHCiaLswAAAAAAgAUAFMASABBAFIARQBQAE8ASQBOAFQAAQAeAE0AUABUAEYALQBJAE4AVAAtAFcARgBFAC0AMAAyAAQAQABzAGgAYQByAGUAcABvAGkAbgB0AC4AcgBlAHMAbwB1AHIAYwBlAHMALgBuAG8AeABpAGEAbgBlAC4AbgBlAHQAAwBgAE0AUABUAEYALQBJAE4AVAAtAFcARgBFAC0AMAAyAC4AcwBoAGEAcgBlAHAAbwBpAG4AdAAuAHIAZQBzAG8AdQByAGMAZQBzAC4AbgBvAHgAaQBhAG4AZQAuAG4AZQB0AAUAKgByAGUAcwBvAHUAcgBjAGUAcwAuAG4AbwB4AGkAYQBuAGUALgBuAGUAdAAHAAgAGos3I4T1zQEAAAAAQwBPAFIAUABwADAANgA2ADIAOAAzAEMATwBMAEwAQQBCAE8AUgBBAFQASQBPAE4ALQBNAFAAVABGAC0ASQBOAFQA[\r][\n]"
> DEBUG (15:00:34,409) org.apache.http.wire - >> "[\r][\n]"
> DEBUG (15:00:34,512) org.apache.http.wire - << "HTTP/1.1 401 Unauthorized[\r][\n]"
> DEBUG (15:00:34,512) org.apache.http.wire - << "Server: Microsoft-IIS/7.5[\r][\n]"
> DEBUG (15:00:34,512) org.apache.http.wire - << "SPRequestGuid: bbb2a76b-1aa8-465c-9335-3a01acfac313[\r][\n]"
> DEBUG (15:00:34,512) org.apache.http.wire - << "WWW-Authenticate: Negotiate[\r][\n]"
> DEBUG (15:00:34,512) org.apache.http.wire - << "WWW-Authenticate: NTLM[\r][\n]"
> DEBUG (15:00:34,513) org.apache.http.wire - << "X-Powered-By: ASP.NET[\r][\n]"
> DEBUG (15:00:34,513) org.apache.http.wire - << "MicrosoftSharePointTeamServices: 14.0.0.6117[\r][\n]"
> DEBUG (15:00:34,513) org.apache.http.wire - << "X-MS-InvokeApp: 1; RequireReadOnly[\r][\n]"
> DEBUG (15:00:34,513) org.apache.http.wire - << "Date: Fri, 18 Jan 2013 14:00:13 GMT[\r][\n]"
> DEBUG (15:00:34,513) org.apache.http.wire - << "Content-Length: 0[\r][\n]"
> DEBUG (15:00:34,513) org.apache.http.wire - << "[\r][\n]"
> DEBUG (15:00:34,513) org.apache.http.impl.client.DefaultHttpClient - Connection can be kept alive indefinitely
> DEBUG (15:00:34,513) org.apache.http.impl.client.DefaultHttpClient - Authentication required
> DEBUG (15:00:34,513) org.apache.http.impl.client.DefaultHttpClient - collaboration-mptf-int.sharepoint.resources.noxiane.net:80 requested authentication
> DEBUG (15:00:34,514) org.apache.http.impl.client.DefaultHttpClient - Authorization challenge processed
> DEBUG (15:00:34,514) org.apache.http.impl.client.DefaultHttpClient - Authentication failed
> Thanks very much for your help. Remove Ads.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org