hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Reinhold Früsmer (JIRA) <j...@apache.org>
Subject [jira] [Updated] (HTTPCLIENT-1669) Integrated NTLM Windows Authentication doesn't work over HTTPS
Date Tue, 28 Jul 2015 18:53:04 GMT

     [ https://issues.apache.org/jira/browse/HTTPCLIENT-1669?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Reinhold Früsmer updated HTTPCLIENT-1669:
-----------------------------------------
    Priority: Trivial  (was: Blocker)

> Integrated NTLM Windows Authentication doesn't work over HTTPS
> --------------------------------------------------------------
>
>                 Key: HTTPCLIENT-1669
>                 URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1669
>             Project: HttpComponents HttpClient
>          Issue Type: Bug
>          Components: HttpClient
>    Affects Versions: 4.5
>         Environment: Win7 / Squid Proxy 2.7.STABLE8
>            Reporter: Reinhold Früsmer
>            Priority: Trivial
>
> Hi,
> integrated NTLM Windows Authentication is working properly over HTTP connections, but
not over HTTPS. 
> The wireshark sequence is as follows:
> 323	10.584292000	192.168.85.96	192.168.85.236	HTTP	182	 	CONNECT marjory-ttkf.ttsdev.de:443
HTTP/1.1 
> 325	10.584539000	192.168.85.236	192.168.85.96	HTTP	1436 	HTTP/1.0 407 Proxy Authentication
Required  (text/html)
> 336	10.645235000	192.168.85.96	192.168.85.236	HTTP	266	 	CONNECT marjory-ttkf.ttsdev.de:443
HTTP/1.1 , NTLMSSP_NEGOTIATE
> 338	10.658532000	192.168.85.236	192.168.85.96	HTTP	1436 	HTTP/1.0 407 Proxy Authentication
Required  (text/html)
> Connection is closed then.
> With a modified version of MainClientExec#createTunnelToTarget at line 457 it works when
adding the following header to the connect request
> >>>        connect.addHeader("Proxy-Connection", "Keep-Alive");
> I am not very familiar with the HttpClient code, maybe there's a "cleaner" solution for
this or it maybreak other things I am not aware of, but it works in our test cases.
> The Wireshark sequence then becomes:
> 174	4.457754000		192.168.85.96	192.168.85.236	HTTP	212		CONNECT marjory-ttkf.ttsdev.de:443
HTTP/1.1 
> 176	4.458258000		192.168.85.236	192.168.85.96	HTTP	1436	HTTP/1.0 407 Proxy Authentication
Required  (text/html)
> 198	4.513611000		192.168.85.96	192.168.85.236	HTTP	296		CONNECT marjory-ttkf.ttsdev.de:443
HTTP/1.1 , NTLMSSP_NEGOTIATE
> 200	4.519928000		192.168.85.236	192.168.85.96	HTTP	1436	HTTP/1.0 407 Proxy Authentication
Required , NTLMSSP_CHALLENGE (text/html)
> 202	4.545414000		192.168.85.96	192.168.85.236	HTTP	504		CONNECT marjory-ttkf.ttsdev.de:443
HTTP/1.1 , NTLMSSP_AUTH, User: TEAMTRAINING\FruesmerRe
> 224	4.606172000		192.168.85.236	192.168.85.96	HTTP	93		HTTP/1.0 200 Connection established

> And continuing happily  ....



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org


Mime
View raw message