Return-Path: X-Original-To: apmail-hc-dev-archive@www.apache.org Delivered-To: apmail-hc-dev-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 8ED09E479 for ; Fri, 18 Jan 2013 15:18:13 +0000 (UTC) Received: (qmail 33484 invoked by uid 500); 18 Jan 2013 15:18:13 -0000 Delivered-To: apmail-hc-dev-archive@hc.apache.org Received: (qmail 33454 invoked by uid 500); 18 Jan 2013 15:18:13 -0000 Mailing-List: contact dev-help@hc.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "HttpComponents Project" Delivered-To: mailing list dev@hc.apache.org Received: (qmail 33060 invoked by uid 99); 18 Jan 2013 15:18:12 -0000 Received: from arcas.apache.org (HELO arcas.apache.org) (140.211.11.28) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 18 Jan 2013 15:18:12 +0000 Date: Fri, 18 Jan 2013 15:18:12 +0000 (UTC) From: "Oleg Kalnichevski (JIRA)" To: dev@hc.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Resolved] (HTTPCLIENT-1300) HttpClient does not retry authentication when multiple challenges are present if the primary one fails MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 [ https://issues.apache.org/jira/browse/HTTPCLIENT-1300?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Oleg Kalnichevski resolved HTTPCLIENT-1300. ------------------------------------------- Resolution: Invalid Please look at the log more carefully. HttpClient does try both schemes --- DEBUG (15:42:25,201) org.apache.http.client.protocol.RequestTargetAuthentication - Generating response to an authentication challenge using Negotiate scheme WARN (15:42:25,202) org.apache.http.client.protocol.RequestTargetAuthentication - NEGOTIATE authentication error: No valid credentials provided (Mechanism level: No valid credentials provided (Mechanism level: Failed to find any Kerberos tgt)) ... DEBUG (15:42:25,202) org.apache.http.client.protocol.RequestTargetAuthentication - Generating response to an authentication challenge using ntlm scheme ... DEBUG (15:42:25,203) org.apache.http.wire - >> "GET /is/orchesthp/SitePages/Home.aspx HTTP/1.1[\r][\n]" DEBUG (15:42:25,203) org.apache.http.wire - >> "Host: collaboration-mptf-int.sharepoint.resources.noxiane.net[\r][\n]" ... DEBUG (15:42:25,203) org.apache.http.wire - >> "Authorization: NTLM TlRMTVNTUAABAAAAkYII4gAAAAAoAAAAAAAAACgAAAAFASgKAAAADw==[\r][\n]" --- Oleg > HttpClient does not retry authentication when multiple challenges are present if the primary one fails > ------------------------------------------------------------------------------------------------------- > > Key: HTTPCLIENT-1300 > URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1300 > Project: HttpComponents HttpClient > Issue Type: Bug > Components: HttpClient > Affects Versions: 4.2.2, 4.2.3 > Environment: Windows 2008 R2 SP1 > Reporter: Michael > Attachments: httpClient_4.2.2.log, httpClient_4.2.3.log > > > Hello, > When you communicate with a Microsoft SharePoint server (which is IIS 7.5), you have only two Providers Authentification configured in following order : Negotiate, NTLM. > HTTPCLIENT tries Negotiate, but never tries NTLMv2 and it's failing. I tried with Apache HTTPCOMPONENTS 4.2.2 and 4.2.3. > I got following message : > {errorMessage=Wrong username or password was provided;returnCode=-1;Result=PAGE_NOT_FOUND;status=HTTP/1.1 401 Unauthorized;urls=;responseTimeInMs=6844;responseHeaders=Server: Microsoft-IIS/7.5,SPRequestGuid: 60de579b-9c73-4e61-9638-3dd0de48516d,WWW-Authenticate: Negotiate,WWW-Authenticate: NTLM,X-Powered-By: ASP.NET,MicrosoftSharePointTeamServices: 14.0.0.6117,X-MS-InvokeApp: 1; RequireReadOnly,Date: Fri, 18 Jan 2013 14:06:56 GMT,Content-Length: 0;document=;httpResult=UNAUTHORIZED;sessionId=iconclude-5340417449766813898;pageLoadTimeInMs=0;resultText=PAGE_NOT_FOUND;URL=http://collaboration-mptf-int.sharepoint.resources.noxiane.net/is/orchesthp/SitePages/Home.aspx;} > Here is the log4j debugger: > DEBUG (15:00:26,777) org.apache.http.client.protocol.RequestAddCookies - CookieSpec selected: best-match > DEBUG (15:00:26,929) org.apache.http.client.protocol.RequestAuthCache - Auth cache not set in the context > DEBUG (15:00:26,929) org.apache.http.client.protocol.RequestTargetAuthentication - Target auth state: UNCHALLENGED > DEBUG (15:00:26,935) org.apache.http.client.protocol.RequestProxyAuthentication - Proxy auth state: UNCHALLENGED > DEBUG (15:00:26,935) org.apache.http.impl.client.DefaultHttpClient - Attempt 1 to execute request > DEBUG (15:00:26,949) org.apache.http.wire - >> "GET /is/orchesthp/SitePages/Home.aspx HTTP/1.1[\r][\n]" > DEBUG (15:00:26,972) org.apache.http.wire - >> "Host: collaboration-mptf-int.sharepoint.resources.noxiane.net[\r][\n]" > DEBUG (15:00:26,972) org.apache.http.wire - >> "Connection: Keep-Alive[\r][\n]" > DEBUG (15:00:26,972) org.apache.http.wire - >> "User-Agent: Apache-HttpClient/4.2.2 (java 1.5)[\r][\n]" > DEBUG (15:00:26,972) org.apache.http.wire - >> "[\r][\n]" > DEBUG (15:00:26,977) org.apache.http.wire - << "HTTP/1.1 401 Unauthorized[\r][\n]" > DEBUG (15:00:27,007) org.apache.http.wire - << "Server: Microsoft-IIS/7.5[\r][\n]" > DEBUG (15:00:27,007) org.apache.http.wire - << "SPRequestGuid: 90d86bed-0465-4485-9cbc-e561497b7da2[\r][\n]" > DEBUG (15:00:27,007) org.apache.http.wire - << "WWW-Authenticate: Negotiate[\r][\n]" > DEBUG (15:00:27,007) org.apache.http.wire - << "WWW-Authenticate: NTLM[\r][\n]" > DEBUG (15:00:27,007) org.apache.http.wire - << "X-Powered-By: ASP.NET[\r][\n]" > DEBUG (15:00:27,007) org.apache.http.wire - << "MicrosoftSharePointTeamServices: 14.0.0.6117[\r][\n]" > DEBUG (15:00:27,007) org.apache.http.wire - << "X-MS-InvokeApp: 1; RequireReadOnly[\r][\n]" > DEBUG (15:00:27,007) org.apache.http.wire - << "Date: Fri, 18 Jan 2013 14:00:06 GMT[\r][\n]" > DEBUG (15:00:27,007) org.apache.http.wire - << "Content-Length: 0[\r][\n]" > DEBUG (15:00:27,008) org.apache.http.wire - << "[\r][\n]" > DEBUG (15:00:27,056) org.apache.http.impl.client.DefaultHttpClient - Connection can be kept alive indefinitely > DEBUG (15:00:27,057) org.apache.http.impl.client.DefaultHttpClient - Authentication required > DEBUG (15:00:27,057) org.apache.http.impl.client.DefaultHttpClient - collaboration-mptf-int.sharepoint.resources.noxiane.net:80 requested authentication > DEBUG (15:00:27,075) org.apache.http.impl.client.TargetAuthenticationStrategy - Authentication schemes in the order of preference: [negotiate, Kerberos, NTLM, Digest, Basic] > DEBUG (15:00:27,151) org.apache.http.impl.client.TargetAuthenticationStrategy - Challenge for Kerberos authentication scheme not available > DEBUG (15:00:27,217) org.apache.http.impl.client.TargetAuthenticationStrategy - Challenge for Digest authentication scheme not available > DEBUG (15:00:27,218) org.apache.http.impl.client.TargetAuthenticationStrategy - Challenge for Basic authentication scheme not available > DEBUG (15:00:27,218) org.apache.http.impl.client.DefaultHttpClient - Selected authentication options: [NEGOTIATE, NTLM] > DEBUG (15:00:27,224) org.apache.http.client.protocol.RequestAddCookies - CookieSpec selected: best-match > DEBUG (15:00:27,225) org.apache.http.client.protocol.RequestAuthCache - Auth cache not set in the context > DEBUG (15:00:27,225) org.apache.http.client.protocol.RequestTargetAuthentication - Target auth state: CHALLENGED > DEBUG (15:00:27,225) org.apache.http.client.protocol.RequestTargetAuthentication - Generating response to an authentication challenge using Negotiate scheme > WARN (15:00:34,353) org.apache.http.client.protocol.RequestTargetAuthentication - NEGOTIATE authentication error: No valid credentials provided (Mechanism level: No valid credentials provided (Mechanism level: Failed to find any Kerberos tgt)) > DEBUG (15:00:34,353) org.apache.http.client.protocol.RequestTargetAuthentication - Generating response to an authentication challenge using ntlm scheme > DEBUG (15:00:34,366) org.apache.http.client.protocol.RequestProxyAuthentication - Proxy auth state: UNCHALLENGED > DEBUG (15:00:34,366) org.apache.http.impl.client.DefaultHttpClient - Attempt 2 to execute request > DEBUG (15:00:34,367) org.apache.http.wire - >> "GET /is/orchesthp/SitePages/Home.aspx HTTP/1.1[\r][\n]" > DEBUG (15:00:34,367) org.apache.http.wire - >> "Host: collaboration-mptf-int.sharepoint.resources.noxiane.net[\r][\n]" > DEBUG (15:00:34,367) org.apache.http.wire - >> "Connection: Keep-Alive[\r][\n]" > DEBUG (15:00:34,367) org.apache.http.wire - >> "User-Agent: Apache-HttpClient/4.2.2 (java 1.5)[\r][\n]" > DEBUG (15:00:34,367) org.apache.http.wire - >> "Authorization: NTLM TlRMTVNTUAABAAAANQIIIAgACABMAAAALAAsACAAAABDAE8ATABMAEEAQgBPAFIAQQBUAEkATwBOAC0ATQBQAFQARgAtAEkATgBUAEMATwBSAFAA[\r][\n]" > DEBUG (15:00:34,367) org.apache.http.wire - >> "[\r][\n]" > DEBUG (15:00:34,370) org.apache.http.wire - << "HTTP/1.1 401 Unauthorized[\r][\n]" > DEBUG (15:00:34,370) org.apache.http.wire - << "Server: Microsoft-IIS/7.5[\r][\n]" > DEBUG (15:00:34,370) org.apache.http.wire - << "SPRequestGuid: cfb6e459-429e-46da-b161-6d960808d5b8[\r][\n]" > DEBUG (15:00:34,370) org.apache.http.wire - << "WWW-Authenticate: NTLM TlRMTVNTUAACAAAAFAAUADgAAAA1AokiFxDqE0xWbnYAAAAAAAAAACABIAFMAAAABgGxHQAAAA9TAEgAQQBSAEUAUABPAEkATgBUAAIAFABTAEgAQQBSAEUAUABPAEkATgBUAAEAHgBNAFAAVABGAC0ASQBOAFQALQBXAEYARQAtADAAMgAEAEAAcwBoAGEAcgBlAHAAbwBpAG4AdAAuAHIAZQBzAG8AdQByAGMAZQBzAC4AbgBvAHgAaQBhAG4AZQAuAG4AZQB0AAMAYABNAFAAVABGAC0ASQBOAFQALQBXAEYARQAtADAAMgAuAHMAaABhAHIAZQBwAG8AaQBuAHQALgByAGUAcwBvAHUAcgBjAGUAcwAuAG4AbwB4AGkAYQBuAGUALgBuAGUAdAAFACoAcgBlAHMAbwB1AHIAYwBlAHMALgBuAG8AeABpAGEAbgBlAC4AbgBlAHQABwAIABqLNyOE9c0BAAAAAA==[\r][\n]" > DEBUG (15:00:34,370) org.apache.http.wire - << "WWW-Authenticate: Negotiate[\r][\n]" > DEBUG (15:00:34,370) org.apache.http.wire - << "X-Powered-By: ASP.NET[\r][\n]" > DEBUG (15:00:34,370) org.apache.http.wire - << "MicrosoftSharePointTeamServices: 14.0.0.6117[\r][\n]" > DEBUG (15:00:34,370) org.apache.http.wire - << "X-MS-InvokeApp: 1; RequireReadOnly[\r][\n]" > DEBUG (15:00:34,370) org.apache.http.wire - << "Date: Fri, 18 Jan 2013 14:00:13 GMT[\r][\n]" > DEBUG (15:00:34,370) org.apache.http.wire - << "Content-Length: 0[\r][\n]" > DEBUG (15:00:34,370) org.apache.http.wire - << "[\r][\n]" > DEBUG (15:00:34,371) org.apache.http.impl.client.DefaultHttpClient - Connection can be kept alive indefinitely > DEBUG (15:00:34,371) org.apache.http.impl.client.DefaultHttpClient - Authentication required > DEBUG (15:00:34,371) org.apache.http.impl.client.DefaultHttpClient - collaboration-mptf-int.sharepoint.resources.noxiane.net:80 requested authentication > DEBUG (15:00:34,371) org.apache.http.impl.client.DefaultHttpClient - Authorization challenge processed > DEBUG (15:00:34,371) org.apache.http.client.protocol.RequestAddCookies - CookieSpec selected: best-match > DEBUG (15:00:34,371) org.apache.http.client.protocol.RequestAuthCache - Auth cache not set in the context > DEBUG (15:00:34,372) org.apache.http.client.protocol.RequestTargetAuthentication - Target auth state: HANDSHAKE > DEBUG (15:00:34,408) org.apache.http.client.protocol.RequestProxyAuthentication - Proxy auth state: UNCHALLENGED > DEBUG (15:00:34,408) org.apache.http.impl.client.DefaultHttpClient - Attempt 3 to execute request > DEBUG (15:00:34,409) org.apache.http.wire - >> "GET /is/orchesthp/SitePages/Home.aspx HTTP/1.1[\r][\n]" > DEBUG (15:00:34,409) org.apache.http.wire - >> "Host: collaboration-mptf-int.sharepoint.resources.noxiane.net[\r][\n]" > DEBUG (15:00:34,409) org.apache.http.wire - >> "Connection: Keep-Alive[\r][\n]" > DEBUG (15:00:34,409) org.apache.http.wire - >> "User-Agent: Apache-HttpClient/4.2.2 (java 1.5)[\r][\n]" > DEBUG (15:00:34,409) org.apache.http.wire - >> "Authorization: NTLM TlRMTVNTUAADAAAAGAAYAEAAAABMAUwBWAAAAAgACACkAQAADgAOAKwBAAAsACwAugEAAAAAAADmAQAANQIIICipdbok35bE6eJidUu0pi4IMMUcKJouzIX2Ucophb8Nl5+9qtEuOzoBAQAAAAAAAICucS+E9c0BCDDFHCiaLswAAAAAAgAUAFMASABBAFIARQBQAE8ASQBOAFQAAQAeAE0AUABUAEYALQBJAE4AVAAtAFcARgBFAC0AMAAyAAQAQABzAGgAYQByAGUAcABvAGkAbgB0AC4AcgBlAHMAbwB1AHIAYwBlAHMALgBuAG8AeABpAGEAbgBlAC4AbgBlAHQAAwBgAE0AUABUAEYALQBJAE4AVAAtAFcARgBFAC0AMAAyAC4AcwBoAGEAcgBlAHAAbwBpAG4AdAAuAHIAZQBzAG8AdQByAGMAZQBzAC4AbgBvAHgAaQBhAG4AZQAuAG4AZQB0AAUAKgByAGUAcwBvAHUAcgBjAGUAcwAuAG4AbwB4AGkAYQBuAGUALgBuAGUAdAAHAAgAGos3I4T1zQEAAAAAQwBPAFIAUABwADAANgA2ADIAOAAzAEMATwBMAEwAQQBCAE8AUgBBAFQASQBPAE4ALQBNAFAAVABGAC0ASQBOAFQA[\r][\n]" > DEBUG (15:00:34,409) org.apache.http.wire - >> "[\r][\n]" > DEBUG (15:00:34,512) org.apache.http.wire - << "HTTP/1.1 401 Unauthorized[\r][\n]" > DEBUG (15:00:34,512) org.apache.http.wire - << "Server: Microsoft-IIS/7.5[\r][\n]" > DEBUG (15:00:34,512) org.apache.http.wire - << "SPRequestGuid: bbb2a76b-1aa8-465c-9335-3a01acfac313[\r][\n]" > DEBUG (15:00:34,512) org.apache.http.wire - << "WWW-Authenticate: Negotiate[\r][\n]" > DEBUG (15:00:34,512) org.apache.http.wire - << "WWW-Authenticate: NTLM[\r][\n]" > DEBUG (15:00:34,513) org.apache.http.wire - << "X-Powered-By: ASP.NET[\r][\n]" > DEBUG (15:00:34,513) org.apache.http.wire - << "MicrosoftSharePointTeamServices: 14.0.0.6117[\r][\n]" > DEBUG (15:00:34,513) org.apache.http.wire - << "X-MS-InvokeApp: 1; RequireReadOnly[\r][\n]" > DEBUG (15:00:34,513) org.apache.http.wire - << "Date: Fri, 18 Jan 2013 14:00:13 GMT[\r][\n]" > DEBUG (15:00:34,513) org.apache.http.wire - << "Content-Length: 0[\r][\n]" > DEBUG (15:00:34,513) org.apache.http.wire - << "[\r][\n]" > DEBUG (15:00:34,513) org.apache.http.impl.client.DefaultHttpClient - Connection can be kept alive indefinitely > DEBUG (15:00:34,513) org.apache.http.impl.client.DefaultHttpClient - Authentication required > DEBUG (15:00:34,513) org.apache.http.impl.client.DefaultHttpClient - collaboration-mptf-int.sharepoint.resources.noxiane.net:80 requested authentication > DEBUG (15:00:34,514) org.apache.http.impl.client.DefaultHttpClient - Authorization challenge processed > DEBUG (15:00:34,514) org.apache.http.impl.client.DefaultHttpClient - Authentication failed > Thanks very much for your help. Remove Ads. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org For additional commands, e-mail: dev-help@hc.apache.org