hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Michael Osipov (JIRA)" <j...@apache.org>
Subject [jira] [Comment Edited] (HTTPCLIENT-1669) Integrated NTLM Windows Authentication doesn't work over HTTPS
Date Mon, 27 Jul 2015 16:34:06 GMT

    [ https://issues.apache.org/jira/browse/HTTPCLIENT-1669?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14642953#comment-14642953
] 

Michael Osipov edited comment on HTTPCLIENT-1669 at 7/27/15 4:34 PM:
---------------------------------------------------------------------

This seems to be a problem with squid and not httpclient. It either does not persist the connection
or downgrades to HTTP 1.0. Therefore,  httpclient dies in the loop. Talk to your local admin.



was (Author: michael-o):
This seems to be a problem wird squid and not httpclient. IT Esther does not persist the connection
or downgrades to HTTP 1.0. Therefore,  httpclient dies in the loop. Talk to your local Administration.

> Integrated NTLM Windows Authentication doesn't work over HTTPS
> --------------------------------------------------------------
>
>                 Key: HTTPCLIENT-1669
>                 URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1669
>             Project: HttpComponents HttpClient
>          Issue Type: Bug
>          Components: HttpClient
>    Affects Versions: 4.5
>         Environment: Win7 / Squid Proxy 2.7.STABLE8
>            Reporter: Reinhold Früsmer
>            Priority: Blocker
>
> Hi,
> integrated NTLM Windows Authentication is working properly over HTTP connections, but
not over HTTPS. 
> The wireshark sequence is as follows:
> 323	10.584292000	192.168.85.96	192.168.85.236	HTTP	182	 	CONNECT marjory-ttkf.ttsdev.de:443
HTTP/1.1 
> 325	10.584539000	192.168.85.236	192.168.85.96	HTTP	1436 	HTTP/1.0 407 Proxy Authentication
Required  (text/html)
> 336	10.645235000	192.168.85.96	192.168.85.236	HTTP	266	 	CONNECT marjory-ttkf.ttsdev.de:443
HTTP/1.1 , NTLMSSP_NEGOTIATE
> 338	10.658532000	192.168.85.236	192.168.85.96	HTTP	1436 	HTTP/1.0 407 Proxy Authentication
Required  (text/html)
> Connection is closed then.
> With a modified version of MainClientExec#createTunnelToTarget at line 457 it works when
adding the following header to the connect request
> >>>        connect.addHeader("Proxy-Connection", "Keep-Alive");
> I am not very familiar with the HttpClient code, maybe there's a "cleaner" solution for
this or it maybreak other things I am not aware of, but it works in our test cases.
> The Wireshark sequence then becomes:
> 174	4.457754000		192.168.85.96	192.168.85.236	HTTP	212		CONNECT marjory-ttkf.ttsdev.de:443
HTTP/1.1 
> 176	4.458258000		192.168.85.236	192.168.85.96	HTTP	1436	HTTP/1.0 407 Proxy Authentication
Required  (text/html)
> 198	4.513611000		192.168.85.96	192.168.85.236	HTTP	296		CONNECT marjory-ttkf.ttsdev.de:443
HTTP/1.1 , NTLMSSP_NEGOTIATE
> 200	4.519928000		192.168.85.236	192.168.85.96	HTTP	1436	HTTP/1.0 407 Proxy Authentication
Required , NTLMSSP_CHALLENGE (text/html)
> 202	4.545414000		192.168.85.96	192.168.85.236	HTTP	504		CONNECT marjory-ttkf.ttsdev.de:443
HTTP/1.1 , NTLMSSP_AUTH, User: TEAMTRAINING\FruesmerRe
> 224	4.606172000		192.168.85.236	192.168.85.96	HTTP	93		HTTP/1.0 200 Connection established

> And continuing happily  ....



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org


Mime
View raw message