[jira] Created: (HTTPCLIENT-856) Proxy NTLM Authentication Redirecting to different address fails saying Proxy Auth Required.

[Raj (JIRA)]

Proxy NTLM Authentication  Redirecting to different address fails saying Proxy 
Auth Required.
---------------------------------------------------------------------------------------------

                 Key: HTTPCLIENT-856
                 URL: https://issues.apache.org/jira/browse/HTTPCLIENT-856
             Project: HttpComponents HttpClient
          Issue Type: Bug
          Components: HttpAuth
    Affects Versions: 4.0 Beta 2, 3.1 Final
         Environment: HttpClient , Proxy Authentication (Microsoft ISA server) 
            Reporter: Raj


The issue has been discussed in,
http://www.nabble.com/redirect-fails-when-NTLM-authentication-is-used-for-proxy-tt23867531.html

This was found in http client 3.1 release,  where NTLM proxy authentication is 
must and the server ask the redirect to a new url, in this case, when 
redirecting, the earlier proxy auth status is not cleared, so, it does not do 
proxy authentication for the new URL and hence fails.

Target Host Authenticaiton NTLM authentication - redirect also had problem and 
fixed as said,
http://issues.apache.org/jira/browse/HTTPCLIENT-211
Proxy Authentication - redirect has to be fixed, 

The wire logs for the release 
https://repository.apache.org/content/repositories/snapshots/org/apache/httpcomponents/httpclient/4.0-beta3-SNAPSHOT/
is given below,

[DEBUG] wire - >> "GET http://verisign.com HTTP/1.1[EOL]"
[DEBUG] wire - >> "Host: verisign.com[EOL]"
[DEBUG] wire - >> "Proxy-Connection: Keep-Alive[EOL]"
[DEBUG] wire - >> "User-Agent: Apache-HttpClient/UNAVAILABLE (java 1.5)[EOL]"
[DEBUG] wire - >> "[EOL]"
[DEBUG] wire - << "HTTP/1.1 407 Proxy Authentication Required ( The ISA Server 
requires authorization to fulfill the request. Access to the Web Proxy filter 
is denied.  )[EOL]"
[DEBUG] wire - << "Via: 1.1 lab1[EOL]"
[DEBUG] wire - << "Proxy-Authenticate: Negotiate[EOL]"
[DEBUG] wire - << "Proxy-Authenticate: Kerberos[EOL]"
[DEBUG] wire - << "Proxy-Authenticate: NTLM[EOL]"
[DEBUG] wire - << "Proxy-Authenticate: Basic realm="lab1."[EOL]"
[DEBUG] wire - << "Connection: Keep-Alive[EOL]"
[DEBUG] wire - << "Proxy-Connection: Keep-Alive[EOL]"
[DEBUG] wire - << "Pragma: no-cache[EOL]"
[DEBUG] wire - << "Cache-Control: no-cache[EOL]"
[DEBUG] wire - << "Content-Type: text/html[EOL]"
[DEBUG] wire - << "Content-Length: 4107  [EOL]"
[DEBUG] wire - << "[EOL]"
[DEBUG] wire - << "<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 
Transitional//EN">[\r][\n]"
[DEBUG] wire - << "<HTML><HEAD><TITLE>Error Message</TITLE>[\r][\n]"
[DEBUG] wire - << "<META http-equiv=Content-Type content="text/html; 
charset=UTF-8">[\r][\n]"
[DEBUG] wire - << "<STYLE id=L_default_1>A {[\r][\n]"
[DEBUG] wire - << "[0x9]FONT-WEIGHT: bold; FONT-SIZE: 10pt; COLOR: #005a80; 
FONT-FAMILY: tahoma[\r][\n]"
[DEBUG] wire - << "}[\r][\n]"
[DEBUG] wire - << "A:hover {[\r][\n]"
[DEBUG] wire - << "[0x9]FONT-WEIGHT: bold; FONT-SIZE: 10pt; COLOR: #0d3372; 
FONT-FAMILY: tahoma[\r][\n]"
[DEBUG] wire - << "}[\r][\n]"
[DEBUG] wire - << "TD {[\r][\n]"
[DEBUG] wire - << "[0x9]FONT-SIZE: 8pt; FONT-FAMILY: tahoma[\r][\n]"
[DEBUG] wire - << "}[\r][\n]"
[DEBUG] wire - << "TD.titleBorder {[\r][\n]"
[DEBUG] wire - << "[0x9]BORDER-RIGHT: #955319 1px solid; BORDER-TOP: #955319 
1px solid; PADDING-LEFT: 8px; FONT-WEIGHT: bold; FONT-SIZE: 12pt; 
VERTICAL-ALIGN: middle; BORDER-LEFT: #955319 0px solid; COLOR: #955319; 
BORDER-BOTTOM: #955319 1px solid; FONT-FAMILY: tahoma; HEIGHT: 35px; 
BACKGROUND-COLOR: #d2b87a; TEXT-ALIGN: left[\r][\n]"
[DEBUG] wire - << "}[\r][\n]"
[DEBUG] wire - << "TD.titleBorder_x {[\r][\n]"
[DEBUG] wire - << "[0x9]BORDER-RIGHT: #955319 0px solid; BORDER-TOP: #955319 
1px solid; PADDING-LEFT: 8px; FONT-WEIGHT: bold; FONT-SIZE: 12pt; 
VERTICAL-ALIGN: middle; BORDER-LEFT: #955319 1px solid; COLOR: #978c79; 
BORDER-BOTTOM: #955319 1px solid; FONT-FAMILY: tahoma; HEIGHT: 35px; 
BACKGROUND-COLOR: #d2b87a; TEXT-ALIGN: left[\r][\n]"
[DEBUG] wire - << "}[\r][\n]"
[DEBUG] wire - << ".TitleDescription {[\r][\n]"
[DEBUG] wire - << "[0x9]FONT-WEIGHT: bold; FONT-SIZE: 12pt; COLOR: black; 
FONT-FAMILY: tahoma[\r][\n]"
[DEBUG] wire - << "}[\r][\n]"
[DEBUG] wire - << "SPAN.explain {[\r][\n]"
[DEBUG] wire - << "[0x9]FONT-WEIGHT: normal; FONT-SIZE: 10pt; COLOR: 
#934225[\r][\n]"
[DEBUG] wire - << "}[\r][\n]"
[DEBUG] wire - << "SPAN.TryThings {[\r][\n]"
[DEBUG] wire - << "[0x9]FONT-WEIGHT: normal; FONT-SIZE: 10pt; COLOR: 
#934225[\r][\n]"
[DEBUG] wire - << "}[\r][\n]"
[DEBUG] wire - << ".TryList {[\r][\n]"
[DEBUG] wire - << "[0x9]MARGIN-TOP: 5px; FONT-WEIGHT: normal; FONT-SIZE: 8pt; 
COLOR: black; FONT-FAMILY: tahoma[\r][\n]"
[DEBUG] wire - << "}[\r][\n]"
[DEBUG] wire - << ".X {[\r][\n]"
[DEBUG] wire - << "[0x9]BORDER-RIGHT: #955319 1px solid; BORDER-TOP: #955319 
1px solid; FONT-WEIGHT: normal; FONT-SIZE: 12pt; BORDER-LEFT: #955319 1px 
solid; COLOR: #7b3807; BORDER-BOTTOM: #955319 1px solid; FONT-FAMILY: verdana; 
BACKGROUND-COLOR: #d1c2b4[\r][\n]"
[DEBUG] wire - << "}[\r][\n]"
[DEBUG] wire - << ".adminList {[\r][\n]"
[DEBUG] wire - << "[0x9]MARGIN-TOP: 2px[\r][\n]"
[DEBUG] wire - << "}[\r][\n]"
[DEBUG] wire - << "</STYLE>[\r][\n]"
[DEBUG] wire - << "<META content="MSHTML 6.00.2800.1170" 
name=GENERATOR></HEAD>[\r][\n]"
[DEBUG] wire - << "<BODY bgColor=#f3f3ed>[\r][\n]"
[DEBUG] wire - << "<TABLE cellSpacing=0 cellPadding=0 width="100%">[\r][\n]"
[DEBUG] wire - << "  <TBODY>[\r][\n]"
[DEBUG] wire - << "  <TR>[\r][\n]"
[DEBUG] wire - << "    <TD class=titleborder_x width=30>[\r][\n]"
[DEBUG] wire - << "      <TABLE height=25 cellSpacing=2 cellPadding=0 width=25 
bgColor=black>[\r][\n]"
[DEBUG] wire - << "        <TBODY>[\r][\n]"
[DEBUG] wire - << "        <TR>[\r][\n]"
[DEBUG] wire - << "          <TD class=x vAlign=center alig"
[DEBUG] wire - << "n=middle>X</TD>[\r][\n]"
[DEBUG] wire - << "        </TR>[\r][\n]"
[DEBUG] wire - << "        </TBODY>[\r][\n]"
[DEBUG] wire - << "      </TABLE>[\r][\n]"
[DEBUG] wire - << "    </TD>[\r][\n]"
[DEBUG] wire - << "    <TD class=titleBorder id=L_default_2>Network Access 
Message:<SPAN class=TitleDescription> The page cannot be displayed</SPAN> 
</TD>[\r][\n]"
[DEBUG] wire - << "  </TR>[\r][\n]"
[DEBUG] wire - << "  </TBODY>[\r][\n]"
[DEBUG] wire - << "</TABLE>[\r][\n]"
[DEBUG] wire - << "[\r][\n]"
[DEBUG] wire - << "<TABLE id=spacer>[\r][\n]"
[DEBUG] wire - << "  <TBODY>[\r][\n]"
[DEBUG] wire - << "  <TR>[\r][\n]"
[DEBUG] wire - << "    <TD height=10></TD></TR></TBODY></TABLE>[\r][\n]"
[DEBUG] wire - << "<TABLE width=400>[\r][\n]"
[DEBUG] wire - << "  <TBODY>[\r][\n]"
[DEBUG] wire - << "  <TR>[\r][\n]"
[DEBUG] wire - << "    <TD noWrap width=25></TD>[\r][\n]"
[DEBUG] wire - << "    <TD width=400><SPAN class=explain><ID 
id=L_default_3><B>Explanation:</B></ID></SPAN><ID id=L_default_4> There is a 
problem with the page you are trying to reach and it cannot be displayed. 
</ID><BR><BR>[\r][\n]"
[DEBUG] wire - << "    <B><SPAN class=tryThings><ID id=L_default_5><B>Try the 
following:</B></ID></SPAN></B> [\r][\n]"
[DEBUG] wire - << "      <UL class=TryList>[\r][\n]"
[DEBUG] wire - << "        <LI id=L_default_6><B>Refresh page:</B> Search for 
the page again by clicking the Refresh button. The timeout may have occurred 
due to Internet congestion.[\r][\n]"
[DEBUG] wire - << "<LI id=L_default_7><B>Check spelling:</B> Check that you 
typed the Web page address correctly. The address may have been 
mistyped.[\r][\n]"
[DEBUG] wire - << "<LI id=L_default_8><B>Access from a link:</B> If there is a 
link to the page you are looking for, try accessing the page from that 
link.[\r][\n]"
[DEBUG] wire - << "[\r][\n]"
[DEBUG] wire - << "      </UL>[\r][\n]"
[DEBUG] wire - << "<ID id=L_default_9>If you are still not able to view the 
requested page, try contacting your administrator or Helpdesk.</ID> 
<BR><BR>[\r][\n]"
[DEBUG] wire - << "    </TD>[\r][\n]"
[DEBUG] wire - << "  </TR>[\r][\n]"
[DEBUG] wire - << "  </TBODY>[\r][\n]"
[DEBUG] wire - << "</TABLE>[\r][\n]"
[DEBUG] wire - << "[\r][\n]"
[DEBUG] wire - << "<TABLE id=spacer><TBODY><TR><TD 
height=15></TD></TR></TBODY></TABLE>[\r][\n]"
[DEBUG] wire - << "[\r][\n]"
[DEBUG] wire - << "<TABLE width=400>[\r][\n]"
[DEBUG] wire - << "  <TBODY>[\r][\n]"
[DEBUG] wire - << "  <TR>[\r][\n]"
[DEBUG] wire - << "    <TD noWrap width=25></TD>[\r][\n]"
[DEBUG] wire - << "    <TD width=400 id=L_default_10><B>Technical Information 
(for support personnel)</B> [\r][\n]"
[DEBUG] wire - << "      <UL class=adminList>[\r][\n]"
[DEBUG] wire - << "        <LI id=L_default_11>Error Code: 407 Proxy 
Authentication Required. The ISA Server requires authorization to fulfill the 
request. Access to the Web Proxy filter is denied. (12209)[\r][\n]"
[DEBUG] wire - << "<LI id=L_default_12>IP Address: x.x.x.x[\r][\n]"
[DEBUG] wire - << "<LI id=L_default_13>Date: 6/29/2009 11:15:15 AM 
[GMT][\r][\n]"
[DEBUG] wire - << "<LI id=L_default_14>Server: lab1[\r][\n]"
[DEBUG] wire - << "<LI id=L_default_15>Source: proxy[\r][\n]"
[DEBUG] wire - << "[\r][\n]"
[DEBUG] wire - << "      </UL>[\r][\n]"
[DEBUG] wire - << "    </TD>[\r][\n]"
[DEBUG] wire - << "  </TR>[\r][\n]"
[DEBUG] wire - << "  </TBODY>[\r][\n]"
[DEBUG] wire - << "</TABLE>[\r][\n]"
[DEBUG] wire - << "[\r][\n]"
[DEBUG] wire - << "</BODY>[\r][\n]"
[DEBUG] wire - << "</HTML>[\r][\n]"
[DEBUG] wire - << "[\r][\n]"
[DEBUG] wire - >> "GET http://verisign.com HTTP/1.1[EOL]"
[DEBUG] wire - >> "Host: verisign.com[EOL]"
[DEBUG] wire - >> "Proxy-Connection: Keep-Alive[EOL]"
[DEBUG] wire - >> "User-Agent: Apache-HttpClient/UNAVAILABLE (java 1.5)[EOL]"
[DEBUG] wire - >> "Proxy-Authorization: NTLM 
TlRMTVNTUAABAAAAATIAAAgACAAgAAAADgAOACgAAABNWURPTUFJTkpDSUZTMjMwXzg2Xzkx[EOL]"
[DEBUG] wire - >> "[EOL]"
[DEBUG] wire - << "HTTP/1.1 407 Proxy Authentication Required ( Access is 
denied.  )[EOL]"
[DEBUG] wire - << "Via: 1.1 lab1[EOL]"
[DEBUG] wire - << "Proxy-Authenticate: NTLM 
TlRMTVNTUAACAAAAAAAAADgAAAABAgACqbXrIWnZ3i4AAAAAAAAAAAAAAAA4AAAABQLODgAAAA8=[EOL]"
[DEBUG] wire - << "Connection: Keep-Alive[EOL]"
[DEBUG] wire - << "Proxy-Connection: Keep-Alive[EOL]"
[DEBUG] wire - << "Pragma: no-cache[EOL]"
[DEBUG] wire - << "Cache-Control: no-cache[EOL]"
[DEBUG] wire - << "Content-Type: text/html[EOL]"
[DEBUG] wire - << "Content-Length: 0     [EOL]"
[DEBUG] wire - << "[EOL]"
[DEBUG] wire - >> "GET http://verisign.com HTTP/1.1[EOL]"
[DEBUG] wire - >> "Host: verisign.com[EOL]"
[DEBUG] wire - >> "Proxy-Connection: Keep-Alive[EOL]"
[DEBUG] wire - >> "User-Agent: Apache-HttpClient/UNAVAILABLE (java 1.5)[EOL]"
[DEBUG] wire - >> "Proxy-Authorization: NTLM 
TlRMTVNTUAADAAAAGAAYAEAAAAAwADAAWAAAABAAEACIAAAAGgAaAJgAAAAcABwAsgAAAAAAAAAAAAAAAQIAAAXLpW40q7jqh7E6FgFnJqy9529ANaSLqfTiwjyF2BrUP9F8ObYOyYsBAQAAAAAAACDgxRg9+skBRt4mUOFFCs0AAAAAAAAAAE0AWQBEAE8ATQBBAEkATgBBAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAEoAQwBJAEYAUwAyADMAMABfADgANgBfADkAMQA=[EOL]"
[DEBUG] wire - >> "[EOL]"
[DEBUG] wire - << "HTTP/1.1 301 Unknown reason[EOL]"
[DEBUG] wire - << "Via: 1.1 lab1[EOL]"
[DEBUG] wire - << "Connection: Keep-Alive[EOL]"
[DEBUG] wire - << "Proxy-Connection: Keep-Alive[EOL]"
[DEBUG] wire - << "Content-length: 0[EOL]"
[DEBUG] wire - << "Date: Mon, 29 Jun 2009 11:16:50 GMT[EOL]"
[DEBUG] wire - << "Location: http://www.verisign.com/[EOL]";
[DEBUG] wire - << "Content-type: text/html[EOL]"
[DEBUG] wire - << "Server: Netscape-Enterprise/4.1[EOL]"
[DEBUG] wire - << "[EOL]"
[ERROR] RequestProxyAuthentication - Proxy authentication error: Unexpected 
state: MSG_TYPE3_GENERATED
[DEBUG] wire - >> "GET http://www.verisign.com/ HTTP/1.1[EOL]"
[DEBUG] wire - >> "Host: www.verisign.com[EOL]"
[DEBUG] wire - >> "Proxy-Connection: Keep-Alive[EOL]"
[DEBUG] wire - >> "User-Agent: Apache-HttpClient/UNAVAILABLE (java 1.5)[EOL]"
[DEBUG] wire - >> "[EOL]"
[DEBUG] wire - << "HTTP/1.1 407 Proxy Authentication Required ( The ISA Server 
requires authorization to fulfill the request. Access to the Web Proxy filter 
is denied.  )[EOL]"
[DEBUG] wire - << "Via: 1.1 lab1[EOL]"
[DEBUG] wire - << "Proxy-Authenticate: Negotiate[EOL]"
[DEBUG] wire - << "Proxy-Authenticate: Kerberos[EOL]"
[DEBUG] wire - << "Proxy-Authenticate: NTLM[EOL]"
[DEBUG] wire - << "Proxy-Authenticate: Basic realm="lab1."[EOL]"
[DEBUG] wire - << "Connection: Keep-Alive[EOL]"
[DEBUG] wire - << "Proxy-Connection: Keep-Alive[EOL]"
[DEBUG] wire - << "Pragma: no-cache[EOL]"
[DEBUG] wire - << "Cache-Control: no-cache[EOL]"
[DEBUG] wire - << "Content-Type: text/html[EOL]"
[DEBUG] wire - << "Content-Length: 4107  [EOL]"
[DEBUG] wire - << "[EOL]"
----------------------------------------
HTTP/1.1 407 Proxy Authentication Required ( The ISA Server requires 
authorization to fulfill the request. Access to the Web Proxy filter is denied. 
 )

Thanks,
Raj







-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org
For additional commands, e-mail: dev-h...@hc.apache.org