Return-Path: X-Original-To: apmail-hc-httpclient-users-archive@www.apache.org Delivered-To: apmail-hc-httpclient-users-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id A556ED183 for ; Tue, 18 Dec 2012 11:52:51 +0000 (UTC) Received: (qmail 79323 invoked by uid 500); 18 Dec 2012 11:52:50 -0000 Delivered-To: apmail-hc-httpclient-users-archive@hc.apache.org Received: (qmail 78930 invoked by uid 500); 18 Dec 2012 11:52:49 -0000 Mailing-List: contact httpclient-users-help@hc.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "HttpClient User Discussion" Delivered-To: mailing list httpclient-users@hc.apache.org Received: (qmail 78740 invoked by uid 99); 18 Dec 2012 11:52:46 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 18 Dec 2012 11:52:46 +0000 X-ASF-Spam-Status: No, hits=1.7 required=5.0 tests=FREEMAIL_ENVFROM_END_DIGIT,HTML_MESSAGE,RCVD_IN_DNSWL_LOW,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of dkmishra001@gmail.com designates 209.85.212.48 as permitted sender) Received: from [209.85.212.48] (HELO mail-vb0-f48.google.com) (209.85.212.48) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 18 Dec 2012 11:52:37 +0000 Received: by mail-vb0-f48.google.com with SMTP id fc21so677416vbb.35 for ; Tue, 18 Dec 2012 03:52:17 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:content-type; bh=tVuB5/hA8FgYUdgZqSl6766pynFKyVht4WyNRnL7lfA=; b=C0xYmbSZRF5iiL2PCaQSs4rOaOf7BbB6nQLp6poKESUw1bcrFllO1KnuYZBR7JofzF 9AfeJN52k0LdGoytms6DKnQ1qDuVQhP0dOHRuuVsu12MVyZTVGehYA5ukjZEfCqfza+s u0tYmBCxqNMBOr0i+uwN+YzbUS5ys9A+Vz6nBEnGuYpCN5i07qCMrZYzOkhqBWaY5Gie LKsROkm1JQTBIdNRK6X4PiH8UWsSUh1vl+QLzsB2yhYBzLqqCfsHT/Ral78UVeIli+on 617bjJExe8rOQ9kUmljYML0sPmIUFOfyQW9KZlSVvb2GDXypwIcOY7hnyUumDH9GJUic hQ+w== MIME-Version: 1.0 Received: by 10.220.154.148 with SMTP id o20mr2396607vcw.54.1355831536914; Tue, 18 Dec 2012 03:52:16 -0800 (PST) Received: by 10.59.1.101 with HTTP; Tue, 18 Dec 2012 03:52:16 -0800 (PST) Date: Tue, 18 Dec 2012 17:22:16 +0530 Message-ID: Subject: "Proxy Authentication Required" error in using kerberos authentication with Proxy Server From: Deepak Mishra To: httpclient-users@hc.apache.org Content-Type: multipart/alternative; boundary=f46d0438936f22125904d11f21c8 X-Virus-Checked: Checked by ClamAV on apache.org --f46d0438936f22125904d11f21c8 Content-Type: text/plain; charset=ISO-8859-1 Hi, We need to communicate to an internet URL through a Proxy Server, the Proxy Server has kerberos authentication integrated with an active directory. I am using HttpClient-4.2 with JRE 1.6.0_37. When I try to connect to an internet URL through the Proxy server, it returns "Proxy Authentication Required" error. On the other hand, when I try to communicate to a target host which has kerberos authentication, the communication succeeds. After debugging I found that in GGSSchemeBase.java, in method "authenticate" we get the token from KDC and then create a header "Authorization" with value "Negotiate token(in base 64 encoded format)". So, using this header the communication with Target Server succeeds but communication with Proxy Server fails. Because for Proxy Server, the Header name should be "Proxy-Authenticate". I have not modified the HttpClient code for my purpose, but it seems that for successful Proxy Server authentication using kerberos, the header name in request should be "Proxy-Authenticate". Can any one please look into this problem and help me in getting a patch that will work with Proxy Server using Kerberos authentication? Thank You, Deepak --f46d0438936f22125904d11f21c8--