[
https://issues.apache.org/jira/browse/HTTPCLIENT-1272?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13528320#comment-13528320
]
Oleg Kalnichevski commented on HTTPCLIENT-1272:
-----------------------------------------------
Hi Daz
I am not entirely sure HttpClient's behaviour is that wrong. Out of 3
challenges provided by the server it picks up 'Negotiate' first. Failing to
generate a response using 'Negotiate' it moves onto the next preferred scheme
NTLM. (So, evidently, HTTPCLIENT-1107 fix works as intended). It succeeds in
generating a response to the challenge using NTLM, which is then rejected by
the server due to invalid credentials. I am not quite sure HttpClient should
re-attempt authentication using a weaker scheme at this point.
---
08:32:14.340 [DEBUG]
[org.apache.http.client.protocol.RequestProxyAuthentication] Generating
response to an authentication challenge using Negotiate scheme
08:32:14.340 [DEBUG] [org.apache.http.impl.auth.SPNegoScheme] init MYPROXY:8080
08:32:14.372 [WARN]
[org.apache.http.client.protocol.RequestProxyAuthentication] NEGOTIATE
authentication error: Invalid name provided (Mechanism level: Could not load
configuration file C:\WINDOWS\krb5.ini (The system cannot find the file
specified))
08:32:14.372 [DEBUG]
[org.apache.http.client.protocol.RequestProxyAuthentication] Generating
response to an authentication challenge using ntlm scheme
---
Oleg
> HttpClient does not retry failed PROXY authentication when multiple
> challenges are present
> ------------------------------------------------------------------------------------------
>
> Key: HTTPCLIENT-1272
> URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1272
> Project: HttpComponents HttpClient
> Issue Type: Bug
> Components: HttpClient
> Affects Versions: 4.2.2
> Reporter: Daz DeBoer
>
> Similar to HTTPCLIENT-1107, but for Proxy authentication. It appears that
> subsequent authentication schemes are not attempted if an earlier scheme
> fails.
> In our case, a proxy supports Negotiate, NTLM and BASIC authentication. When
> NTML authentication fails due to the wrong credentials being supplied, BASIC
> authentication is never attempted against the proxy.
> I am a Gradle core developer, and we use HttpClient internally for dependency
> resolution. This issue was reported by one of our users.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
