hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Dave Godbey (JIRA)" <j...@apache.org>
Subject [jira] [Created] (HTTPCLIENT-1224) NTLM auth fails with redirect. Eg. Exchange /ews/Exchange.asmx -> /ews/Services.wsdl
Date Thu, 23 Aug 2012 12:15:42 GMT
Dave Godbey created HTTPCLIENT-1224:
---------------------------------------

             Summary: NTLM auth fails with redirect. Eg. Exchange /ews/Exchange.asmx ->
/ews/Services.wsdl
                 Key: HTTPCLIENT-1224
                 URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1224
             Project: HttpComponents HttpClient
          Issue Type: Bug
          Components: HttpClient
    Affects Versions: 4.2.1
         Environment: Fedora 15
            Reporter: Dave Godbey
             Fix For: 4.2.2


When you communicate with a Microsoft Exchange server (eg. EWS), you point to /ews/Exchange.asmx.
Exchange replies with a redirect order to ews/Services.wsdl. Client is failing to complete
this with following wire log:

executing request: GET /ews/Exchange.asmx HTTP/1.1
to target: https://mail02.ndc.nasa.gov:443
2012/08/22 15:05:41:570 CDT [DEBUG] BasicClientConnectionManager - Get connection for route
{s}->https://mail02.ndc.nasa.gov:443
2012/08/22 15:05:41:785 CDT [DEBUG] DefaultClientConnectionOperator - Connecting to mail02.ndc.nasa.gov:443
2012/08/22 15:05:42:324 CDT [DEBUG] RequestAddCookies - CookieSpec selected: best-match
2012/08/22 15:05:42:337 CDT [DEBUG] RequestAuthCache - Auth cache not set in the context
2012/08/22 15:05:42:337 CDT [DEBUG] RequestTargetAuthentication - Target auth state: UNCHALLENGED
2012/08/22 15:05:42:338 CDT [DEBUG] RequestProxyAuthentication - Proxy auth state: UNCHALLENGED
2012/08/22 15:05:42:338 CDT [DEBUG] DefaultHttpClient - Attempt 1 to execute request
2012/08/22 15:05:42:338 CDT [DEBUG] DefaultClientConnection - Sending request: GET /ews/Exchange.asmx
HTTP/1.1
2012/08/22 15:05:42:339 CDT [DEBUG] headers - >> GET /ews/Exchange.asmx HTTP/1.1
2012/08/22 15:05:42:339 CDT [DEBUG] headers - >> Host: mail02.ndc.nasa.gov:443
2012/08/22 15:05:42:340 CDT [DEBUG] headers - >> Connection: Keep-Alive
2012/08/22 15:05:42:340 CDT [DEBUG] headers - >> User-Agent: Apache-HttpClient/4.2.1
(java 1.5)
2012/08/22 15:05:42:395 CDT [DEBUG] DefaultClientConnection - Receiving response: HTTP/1.1
401 Unauthorized
2012/08/22 15:05:42:395 CDT [DEBUG] headers - << HTTP/1.1 401 Unauthorized
2012/08/22 15:05:42:396 CDT [DEBUG] headers - << Content-Length: 1656
2012/08/22 15:05:42:396 CDT [DEBUG] headers - << Content-Type: text/html
2012/08/22 15:05:42:396 CDT [DEBUG] headers - << Server: Microsoft-IIS/6.0
2012/08/22 15:05:42:396 CDT [DEBUG] headers - << WWW-Authenticate: Negotiate
2012/08/22 15:05:42:396 CDT [DEBUG] headers - << WWW-Authenticate: NTLM
2012/08/22 15:05:42:396 CDT [DEBUG] headers - << X-Powered-By: ASP.NET
2012/08/22 15:05:42:396 CDT [DEBUG] headers - << Date: Wed, 22 Aug 2012 20:05:41 GMT
2012/08/22 15:05:42:400 CDT [DEBUG] DefaultHttpClient - Connection can be kept alive indefinitely
2012/08/22 15:05:42:401 CDT [DEBUG] DefaultHttpClient - mail02.ndc.nasa.gov:443 requested
authentication
2012/08/22 15:05:42:401 CDT [DEBUG] TargetAuthenticationStrategy - Authentication schemes
in the order of preference: [negotiate, Kerberos, NTLM, Digest, Basic]
2012/08/22 15:05:42:409 CDT [DEBUG] SPNegoScheme - Received challenge '' from the auth server
2012/08/22 15:05:42:410 CDT [DEBUG] TargetAuthenticationStrategy - Challenge for Kerberos
authentication scheme not available
2012/08/22 15:05:42:410 CDT [DEBUG] TargetAuthenticationStrategy - Challenge for Digest authentication
scheme not available
2012/08/22 15:05:42:410 CDT [DEBUG] TargetAuthenticationStrategy - Challenge for Basic authentication
scheme not available
2012/08/22 15:05:42:410 CDT [DEBUG] DefaultHttpClient - Selected authentication options: [NEGOTIATE,
NTLM]
2012/08/22 15:05:42:411 CDT [DEBUG] RequestAddCookies - CookieSpec selected: best-match
2012/08/22 15:05:42:411 CDT [DEBUG] RequestAuthCache - Auth cache not set in the context
2012/08/22 15:05:42:411 CDT [DEBUG] RequestTargetAuthentication - Target auth state: CHALLENGED
2012/08/22 15:05:42:411 CDT [DEBUG] RequestTargetAuthentication - Generating response to an
authentication challenge using Negotiate scheme
2012/08/22 15:05:42:412 CDT [DEBUG] SPNegoScheme - init mail02.ndc.nasa.gov:443
2012/08/22 15:05:42:428 CDT [WARN] RequestTargetAuthentication - NEGOTIATE authentication
error: No valid credentials provided (Mechanism level: No valid credentials provided (Mechanism
level: Failed to find any Kerberos tgt))
2012/08/22 15:05:42:428 CDT [DEBUG] RequestTargetAuthentication - Generating response to an
authentication challenge using ntlm scheme
2012/08/22 15:05:42:430 CDT [DEBUG] RequestProxyAuthentication - Proxy auth state: UNCHALLENGED
2012/08/22 15:05:42:431 CDT [DEBUG] DefaultHttpClient - Attempt 2 to execute request
2012/08/22 15:05:42:431 CDT [DEBUG] DefaultClientConnection - Sending request: GET /ews/Exchange.asmx
HTTP/1.1
2012/08/22 15:05:42:431 CDT [DEBUG] headers - >> GET /ews/Exchange.asmx HTTP/1.1
2012/08/22 15:05:42:431 CDT [DEBUG] headers - >> Host: mail02.ndc.nasa.gov:443
2012/08/22 15:05:42:431 CDT [DEBUG] headers - >> Connection: Keep-Alive
2012/08/22 15:05:42:431 CDT [DEBUG] headers - >> User-Agent: Apache-HttpClient/4.2.1
(java 1.5)
2012/08/22 15:05:42:431 CDT [DEBUG] headers - >> Authorization: NTLM TlRMTVNTUAABAAAANQIIIAYABgAkAAAABAAEACAAAAA2ADgATgBEAEMA
2012/08/22 15:05:42:479 CDT [DEBUG] DefaultClientConnection - Receiving response: HTTP/1.1
401 Unauthorized
2012/08/22 15:05:42:479 CDT [DEBUG] headers - << HTTP/1.1 401 Unauthorized
2012/08/22 15:05:42:479 CDT [DEBUG] headers - << Content-Length: 1539
2012/08/22 15:05:42:479 CDT [DEBUG] headers - << Content-Type: text/html
2012/08/22 15:05:42:480 CDT [DEBUG] headers - << Server: Microsoft-IIS/6.0
2012/08/22 15:05:42:480 CDT [DEBUG] headers - << WWW-Authenticate: NTLM TlRMTVNTUAACAAAABgAGADgAAAA1AokiF/jsXoLF09YAAAAAAAAAAIwAjAA+AAAABQLODgAAAA9OAEQAQwACAAYATgBEAEMAAQASAE4ARABNAFMAQwBBAFMAMAA3AAQAGABuAGQAYwAuAG4AYQBzAGEALgBnAG8AdgADACwAbgBkAG0AcwBjAGEAcwAwADcALgBuAGQAYwAuAG4AYQBzAGEALgBnAG8AdgAFABgAbgBkAGMALgBuAGEAcwBhAC4AZwBvAHYAAAAAAA==
2012/08/22 15:05:42:480 CDT [DEBUG] headers - << X-Powered-By: ASP.NET
2012/08/22 15:05:42:480 CDT [DEBUG] headers - << Date: Wed, 22 Aug 2012 20:05:42 GMT
2012/08/22 15:05:42:480 CDT [DEBUG] DefaultHttpClient - Connection can be kept alive indefinitely
2012/08/22 15:05:42:481 CDT [DEBUG] DefaultHttpClient - mail02.ndc.nasa.gov:443 requested
authentication
2012/08/22 15:05:42:481 CDT [DEBUG] DefaultHttpClient - Authorization challenge processed
2012/08/22 15:05:42:481 CDT [DEBUG] RequestAddCookies - CookieSpec selected: best-match
2012/08/22 15:05:42:482 CDT [DEBUG] RequestAuthCache - Auth cache not set in the context
2012/08/22 15:05:42:482 CDT [DEBUG] RequestTargetAuthentication - Target auth state: HANDSHAKE
2012/08/22 15:05:42:491 CDT [DEBUG] RequestProxyAuthentication - Proxy auth state: UNCHALLENGED
2012/08/22 15:05:42:491 CDT [DEBUG] DefaultHttpClient - Attempt 3 to execute request
2012/08/22 15:05:42:491 CDT [DEBUG] DefaultClientConnection - Sending request: GET /ews/Exchange.asmx
HTTP/1.1
2012/08/22 15:05:42:491 CDT [DEBUG] headers - >> GET /ews/Exchange.asmx HTTP/1.1
2012/08/22 15:05:42:491 CDT [DEBUG] headers - >> Host: mail02.ndc.nasa.gov:443
2012/08/22 15:05:42:491 CDT [DEBUG] headers - >> Connection: Keep-Alive
2012/08/22 15:05:42:491 CDT [DEBUG] headers - >> User-Agent: Apache-HttpClient/4.2.1
(java 1.5)
2012/08/22 15:05:42:491 CDT [DEBUG] headers - >> Authorization: NTLM TlRMTVNTUAADAAAAGAAYAEAAAAC4ALgAWAAAAAYABgAQAQAADgAOABYBAAAEAAQAJAEAAAAAAAAoAQAANQIIIBHmQ40nLaSFn1s5yZuMSjVu5GMt03gALm3CwkwfZcuQnNpCRGUtYgwBAQAAAAAAAKDzIIKhgM0BbuRjLdN4AC4AAAAAAgAGAE4ARABDAAEAEgBOAEQATQBTAEMAQQBTADAANwAEABgAbgBkAGMALgBuAGEAcwBhAC4AZwBvAHYAAwAsAG4AZABtAHMAYwBhAHMAMAA3AC4AbgBkAGMALgBuAGEAcwBhAC4AZwBvAHYABQAYAG4AZABjAC4AbgBhAHMAYQAuAGcAbwB2AAAAAABOAEQAQwBkAGcAbwBkAGIAZQB5ADYAOAA=
2012/08/22 15:05:42:548 CDT [DEBUG] DefaultClientConnection - Receiving response: HTTP/1.1
302 Found
2012/08/22 15:05:42:548 CDT [DEBUG] headers - << HTTP/1.1 302 Found
2012/08/22 15:05:42:548 CDT [DEBUG] headers - << Connection: close
2012/08/22 15:05:42:549 CDT [DEBUG] headers - << Date: Wed, 22 Aug 2012 20:05:42 GMT
2012/08/22 15:05:42:549 CDT [DEBUG] headers - << Server: Microsoft-IIS/6.0
2012/08/22 15:05:42:549 CDT [DEBUG] headers - << X-Powered-By: ASP.NET
2012/08/22 15:05:42:549 CDT [DEBUG] headers - << X-AspNet-Version: 2.0.50727
2012/08/22 15:05:42:549 CDT [DEBUG] headers - << Location: /ews/Services.wsdl
2012/08/22 15:05:42:549 CDT [DEBUG] headers - << Cache-Control: private
2012/08/22 15:05:42:550 CDT [DEBUG] headers - << Content-Type: text/html
2012/08/22 15:05:42:551 CDT [DEBUG] DefaultRedirectStrategy - Redirect requested to location
'/ews/Services.wsdl'
2012/08/22 15:05:42:558 CDT [DEBUG] DefaultHttpClient - Redirecting to 'https://mail02.ndc.nasa.gov:443/ews/Services.wsdl'
via {s}->https://mail02.ndc.nasa.gov:443
2012/08/22 15:05:42:559 CDT [DEBUG] DefaultClientConnection - Connection 0.0.0.0:56462<->198.117.0.46:443
closed
2012/08/22 15:05:42:560 CDT [DEBUG] DefaultClientConnectionOperator - Connecting to mail02.ndc.nasa.gov:443
2012/08/22 15:05:42:703 CDT [DEBUG] RequestAddCookies - CookieSpec selected: best-match
2012/08/22 15:05:42:704 CDT [DEBUG] RequestAuthCache - Auth cache not set in the context
2012/08/22 15:05:42:704 CDT [DEBUG] RequestTargetAuthentication - Target auth state: HANDSHAKE
2012/08/22 15:05:42:704 CDT [ERROR] RequestTargetAuthentication - NTLM authentication error:
Unexpected state: MSG_TYPE3_GENERATED
2012/08/22 15:05:42:704 CDT [DEBUG] RequestProxyAuthentication - Proxy auth state: UNCHALLENGED
2012/08/22 15:05:42:705 CDT [DEBUG] DefaultHttpClient - Attempt 4 to execute request
2012/08/22 15:05:42:705 CDT [DEBUG] DefaultClientConnection - Sending request: GET /ews/Services.wsdl
HTTP/1.1
2012/08/22 15:05:42:705 CDT [DEBUG] headers - >> GET /ews/Services.wsdl HTTP/1.1
2012/08/22 15:05:42:705 CDT [DEBUG] headers - >> Host: mail02.ndc.nasa.gov:443
2012/08/22 15:05:42:705 CDT [DEBUG] headers - >> Connection: Keep-Alive
2012/08/22 15:05:42:706 CDT [DEBUG] headers - >> User-Agent: Apache-HttpClient/4.2.1
(java 1.5)
2012/08/22 15:05:43:091 CDT [DEBUG] DefaultClientConnection - Receiving response: HTTP/1.1
401 Unauthorized
2012/08/22 15:05:43:092 CDT [DEBUG] headers - << HTTP/1.1 401 Unauthorized
2012/08/22 15:05:43:092 CDT [DEBUG] headers - << Content-Length: 1656
2012/08/22 15:05:43:092 CDT [DEBUG] headers - << Content-Type: text/html
2012/08/22 15:05:43:092 CDT [DEBUG] headers - << Server: Microsoft-IIS/6.0
2012/08/22 15:05:43:093 CDT [DEBUG] headers - << WWW-Authenticate: Negotiate
2012/08/22 15:05:43:093 CDT [DEBUG] headers - << WWW-Authenticate: NTLM
2012/08/22 15:05:43:093 CDT [DEBUG] headers - << X-Powered-By: ASP.NET
2012/08/22 15:05:43:093 CDT [DEBUG] headers - << Date: Wed, 22 Aug 2012 20:05:42 GMT
2012/08/22 15:05:43:093 CDT [DEBUG] DefaultHttpClient - Connection can be kept alive indefinitely
2012/08/22 15:05:43:094 CDT [DEBUG] DefaultHttpClient - mail02.ndc.nasa.gov:443 requested
authentication
2012/08/22 15:05:43:094 CDT [DEBUG] DefaultHttpClient - Authorization challenge processed
2012/08/22 15:05:43:094 CDT [DEBUG] DefaultHttpClient - Authentication failed
Source breakpoint: NtlmTest1.java:229
----------------------------------------
HTTP/1.1 401 Unauthorized
Response content length: 1656
2012/08/22 15:05:48:626 CDT [DEBUG] BasicClientConnectionManager - Releasing connection org.apache.http.impl.conn.ManagedClientConnectionImpl@18b1f8f
2012/08/22 15:05:48:626 CDT [DEBUG] BasicClientConnectionManager - Connection can be kept
alive indefinitely
2012/08/22 15:05:48:626 CDT [DEBUG] DefaultClientConnection - Connection 0.0.0.0:56463<->198.117.0.46:443
closed


--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org


Mime
View raw message