[jira] [Created] (HTTPCLIENT-1300) HttpClient does not retry authentication when multiple challenges are present if the primary one fails

Michael (JIRA) Fri, 18 Jan 2013 07:06:15 -0800

Michael created HTTPCLIENT-1300:
-----------------------------------

             Summary: HttpClient does not retry authentication when multiple 
challenges are present if the primary one fails 
                 Key: HTTPCLIENT-1300
                 URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1300
             Project: HttpComponents HttpClient
          Issue Type: Bug
          Components: HttpClient
    Affects Versions: 4.2.3, 4.2.2
         Environment: Windows 2008 R2 SP1
            Reporter: Michael



Hello, 

When you communicate with a Microsoft SharePoint server (which is IIS 7.5), you 
have only two Providers Authentification configured in following order : 
Negotiate, NTLM. 

HTTPCLIENT tries Negotiate, but never tries NTLMv2 and it's failing. I tried 
with Apache HTTPCOMPONENTS 4.2.2 and 4.2.3. 


 I got following message : 

{errorMessage=Wrong username or password was 
provided;returnCode=-1;Result=PAGE_NOT_FOUND;status=HTTP/1.1 401 
Unauthorized;urls=;responseTimeInMs=6844;responseHeaders=Server: 
Microsoft-IIS/7.5,SPRequestGuid: 
60de579b-9c73-4e61-9638-3dd0de48516d,WWW-Authenticate: 
Negotiate,WWW-Authenticate: NTLM,X-Powered-By: 
ASP.NET,MicrosoftSharePointTeamServices: 14.0.0.6117,X-MS-InvokeApp: 1; 
RequireReadOnly,Date: Fri, 18 Jan 2013 14:06:56 GMT,Content-Length: 
0;document=;httpResult=UNAUTHORIZED;sessionId=iconclude-5340417449766813898;pageLoadTimeInMs=0;resultText=PAGE_NOT_FOUND;URL=http://collaboration-mptf-int.sharepoint.resources.noxiane.net/is/orchesthp/SitePages/Home.aspx;}
 

Here is the log4j debugger: 
DEBUG (15:00:26,777) org.apache.http.client.protocol.RequestAddCookies - 
CookieSpec selected: best-match 
DEBUG (15:00:26,929) org.apache.http.client.protocol.RequestAuthCache - Auth 
cache not set in the context 
DEBUG (15:00:26,929) 
org.apache.http.client.protocol.RequestTargetAuthentication - Target auth 
state: UNCHALLENGED 
DEBUG (15:00:26,935) org.apache.http.client.protocol.RequestProxyAuthentication 
- Proxy auth state: UNCHALLENGED 
DEBUG (15:00:26,935) org.apache.http.impl.client.DefaultHttpClient - Attempt 1 
to execute request 
DEBUG (15:00:26,949) org.apache.http.wire - >> "GET 
/is/orchesthp/SitePages/Home.aspx HTTP/1.1[\r][\n]" 
DEBUG (15:00:26,972) org.apache.http.wire - >> "Host: 
collaboration-mptf-int.sharepoint.resources.noxiane.net[\r][\n]" 
DEBUG (15:00:26,972) org.apache.http.wire - >> "Connection: Keep-Alive[\r][\n]" 
DEBUG (15:00:26,972) org.apache.http.wire - >> "User-Agent: 
Apache-HttpClient/4.2.2 (java 1.5)[\r][\n]" 
DEBUG (15:00:26,972) org.apache.http.wire - >> "[\r][\n]" 
DEBUG (15:00:26,977) org.apache.http.wire - << "HTTP/1.1 401 
Unauthorized[\r][\n]" 
DEBUG (15:00:27,007) org.apache.http.wire - << "Server: 
Microsoft-IIS/7.5[\r][\n]" 
DEBUG (15:00:27,007) org.apache.http.wire - << "SPRequestGuid: 
90d86bed-0465-4485-9cbc-e561497b7da2[\r][\n]" 
DEBUG (15:00:27,007) org.apache.http.wire - << "WWW-Authenticate: 
Negotiate[\r][\n]" 
DEBUG (15:00:27,007) org.apache.http.wire - << "WWW-Authenticate: NTLM[\r][\n]" 
DEBUG (15:00:27,007) org.apache.http.wire - << "X-Powered-By: ASP.NET[\r][\n]" 
DEBUG (15:00:27,007) org.apache.http.wire - << 
"MicrosoftSharePointTeamServices: 14.0.0.6117[\r][\n]" 
DEBUG (15:00:27,007) org.apache.http.wire - << "X-MS-InvokeApp: 1; 
RequireReadOnly[\r][\n]" 
DEBUG (15:00:27,007) org.apache.http.wire - << "Date: Fri, 18 Jan 2013 14:00:06 
GMT[\r][\n]" 
DEBUG (15:00:27,007) org.apache.http.wire - << "Content-Length: 0[\r][\n]" 
DEBUG (15:00:27,008) org.apache.http.wire - << "[\r][\n]" 
DEBUG (15:00:27,056) org.apache.http.impl.client.DefaultHttpClient - Connection 
can be kept alive indefinitely 
DEBUG (15:00:27,057) org.apache.http.impl.client.DefaultHttpClient - 
Authentication required 
DEBUG (15:00:27,057) org.apache.http.impl.client.DefaultHttpClient - 
collaboration-mptf-int.sharepoint.resources.noxiane.net:80 requested 
authentication 
DEBUG (15:00:27,075) org.apache.http.impl.client.TargetAuthenticationStrategy - 
Authentication schemes in the order of preference: [negotiate, Kerberos, NTLM, 
Digest, Basic] 
DEBUG (15:00:27,151) org.apache.http.impl.client.TargetAuthenticationStrategy - 
Challenge for Kerberos authentication scheme not available 
DEBUG (15:00:27,217) org.apache.http.impl.client.TargetAuthenticationStrategy - 
Challenge for Digest authentication scheme not available 
DEBUG (15:00:27,218) org.apache.http.impl.client.TargetAuthenticationStrategy - 
Challenge for Basic authentication scheme not available 
DEBUG (15:00:27,218) org.apache.http.impl.client.DefaultHttpClient - Selected 
authentication options: [NEGOTIATE, NTLM] 
DEBUG (15:00:27,224) org.apache.http.client.protocol.RequestAddCookies - 
CookieSpec selected: best-match 
DEBUG (15:00:27,225) org.apache.http.client.protocol.RequestAuthCache - Auth 
cache not set in the context 
DEBUG (15:00:27,225) 
org.apache.http.client.protocol.RequestTargetAuthentication - Target auth 
state: CHALLENGED 
DEBUG (15:00:27,225) 
org.apache.http.client.protocol.RequestTargetAuthentication - Generating 
response to an authentication challenge using Negotiate scheme 
 WARN (15:00:34,353) 
org.apache.http.client.protocol.RequestTargetAuthentication - NEGOTIATE 
authentication error: No valid credentials provided (Mechanism level: No valid 
credentials provided (Mechanism level: Failed to find any Kerberos tgt)) 
DEBUG (15:00:34,353) 
org.apache.http.client.protocol.RequestTargetAuthentication - Generating 
response to an authentication challenge using ntlm scheme 
DEBUG (15:00:34,366) org.apache.http.client.protocol.RequestProxyAuthentication 
- Proxy auth state: UNCHALLENGED 
DEBUG (15:00:34,366) org.apache.http.impl.client.DefaultHttpClient - Attempt 2 
to execute request 
DEBUG (15:00:34,367) org.apache.http.wire - >> "GET 
/is/orchesthp/SitePages/Home.aspx HTTP/1.1[\r][\n]" 
DEBUG (15:00:34,367) org.apache.http.wire - >> "Host: 
collaboration-mptf-int.sharepoint.resources.noxiane.net[\r][\n]" 
DEBUG (15:00:34,367) org.apache.http.wire - >> "Connection: Keep-Alive[\r][\n]" 
DEBUG (15:00:34,367) org.apache.http.wire - >> "User-Agent: 
Apache-HttpClient/4.2.2 (java 1.5)[\r][\n]" 
DEBUG (15:00:34,367) org.apache.http.wire - >> "Authorization: NTLM 
TlRMTVNTUAABAAAANQIIIAgACABMAAAALAAsACAAAABDAE8ATABMAEEAQgBPAFIAQQBUAEkATwBOAC0ATQBQAFQARgAtAEkATgBUAEMATwBSAFAA[\r][\n]"
 
DEBUG (15:00:34,367) org.apache.http.wire - >> "[\r][\n]" 
DEBUG (15:00:34,370) org.apache.http.wire - << "HTTP/1.1 401 
Unauthorized[\r][\n]" 
DEBUG (15:00:34,370) org.apache.http.wire - << "Server: 
Microsoft-IIS/7.5[\r][\n]" 
DEBUG (15:00:34,370) org.apache.http.wire - << "SPRequestGuid: 
cfb6e459-429e-46da-b161-6d960808d5b8[\r][\n]" 
DEBUG (15:00:34,370) org.apache.http.wire - << "WWW-Authenticate: NTLM 
TlRMTVNTUAACAAAAFAAUADgAAAA1AokiFxDqE0xWbnYAAAAAAAAAACABIAFMAAAABgGxHQAAAA9TAEgAQQBSAEUAUABPAEkATgBUAAIAFABTAEgAQQBSAEUAUABPAEkATgBUAAEAHgBNAFAAVABGAC0ASQBOAFQALQBXAEYARQAtADAAMgAEAEAAcwBoAGEAcgBlAHAAbwBpAG4AdAAuAHIAZQBzAG8AdQByAGMAZQBzAC4AbgBvAHgAaQBhAG4AZQAuAG4AZQB0AAMAYABNAFAAVABGAC0ASQBOAFQALQBXAEYARQAtADAAMgAuAHMAaABhAHIAZQBwAG8AaQBuAHQALgByAGUAcwBvAHUAcgBjAGUAcwAuAG4AbwB4AGkAYQBuAGUALgBuAGUAdAAFACoAcgBlAHMAbwB1AHIAYwBlAHMALgBuAG8AeABpAGEAbgBlAC4AbgBlAHQABwAIABqLNyOE9c0BAAAAAA==[\r][\n]"
 
DEBUG (15:00:34,370) org.apache.http.wire - << "WWW-Authenticate: 
Negotiate[\r][\n]" 
DEBUG (15:00:34,370) org.apache.http.wire - << "X-Powered-By: ASP.NET[\r][\n]" 
DEBUG (15:00:34,370) org.apache.http.wire - << 
"MicrosoftSharePointTeamServices: 14.0.0.6117[\r][\n]" 
DEBUG (15:00:34,370) org.apache.http.wire - << "X-MS-InvokeApp: 1; 
RequireReadOnly[\r][\n]" 
DEBUG (15:00:34,370) org.apache.http.wire - << "Date: Fri, 18 Jan 2013 14:00:13 
GMT[\r][\n]" 
DEBUG (15:00:34,370) org.apache.http.wire - << "Content-Length: 0[\r][\n]" 
DEBUG (15:00:34,370) org.apache.http.wire - << "[\r][\n]" 
DEBUG (15:00:34,371) org.apache.http.impl.client.DefaultHttpClient - Connection 
can be kept alive indefinitely 
DEBUG (15:00:34,371) org.apache.http.impl.client.DefaultHttpClient - 
Authentication required 
DEBUG (15:00:34,371) org.apache.http.impl.client.DefaultHttpClient - 
collaboration-mptf-int.sharepoint.resources.noxiane.net:80 requested 
authentication 
DEBUG (15:00:34,371) org.apache.http.impl.client.DefaultHttpClient - 
Authorization challenge processed 
DEBUG (15:00:34,371) org.apache.http.client.protocol.RequestAddCookies - 
CookieSpec selected: best-match 
DEBUG (15:00:34,371) org.apache.http.client.protocol.RequestAuthCache - Auth 
cache not set in the context 
DEBUG (15:00:34,372) 
org.apache.http.client.protocol.RequestTargetAuthentication - Target auth 
state: HANDSHAKE 
DEBUG (15:00:34,408) org.apache.http.client.protocol.RequestProxyAuthentication 
- Proxy auth state: UNCHALLENGED 
DEBUG (15:00:34,408) org.apache.http.impl.client.DefaultHttpClient - Attempt 3 
to execute request 
DEBUG (15:00:34,409) org.apache.http.wire - >> "GET 
/is/orchesthp/SitePages/Home.aspx HTTP/1.1[\r][\n]" 
DEBUG (15:00:34,409) org.apache.http.wire - >> "Host: 
collaboration-mptf-int.sharepoint.resources.noxiane.net[\r][\n]" 
DEBUG (15:00:34,409) org.apache.http.wire - >> "Connection: Keep-Alive[\r][\n]" 
DEBUG (15:00:34,409) org.apache.http.wire - >> "User-Agent: 
Apache-HttpClient/4.2.2 (java 1.5)[\r][\n]" 
DEBUG (15:00:34,409) org.apache.http.wire - >> "Authorization: NTLM 
TlRMTVNTUAADAAAAGAAYAEAAAABMAUwBWAAAAAgACACkAQAADgAOAKwBAAAsACwAugEAAAAAAADmAQAANQIIICipdbok35bE6eJidUu0pi4IMMUcKJouzIX2Ucophb8Nl5+9qtEuOzoBAQAAAAAAAICucS+E9c0BCDDFHCiaLswAAAAAAgAUAFMASABBAFIARQBQAE8ASQBOAFQAAQAeAE0AUABUAEYALQBJAE4AVAAtAFcARgBFAC0AMAAyAAQAQABzAGgAYQByAGUAcABvAGkAbgB0AC4AcgBlAHMAbwB1AHIAYwBlAHMALgBuAG8AeABpAGEAbgBlAC4AbgBlAHQAAwBgAE0AUABUAEYALQBJAE4AVAAtAFcARgBFAC0AMAAyAC4AcwBoAGEAcgBlAHAAbwBpAG4AdAAuAHIAZQBzAG8AdQByAGMAZQBzAC4AbgBvAHgAaQBhAG4AZQAuAG4AZQB0AAUAKgByAGUAcwBvAHUAcgBjAGUAcwAuAG4AbwB4AGkAYQBuAGUALgBuAGUAdAAHAAgAGos3I4T1zQEAAAAAQwBPAFIAUABwADAANgA2ADIAOAAzAEMATwBMAEwAQQBCAE8AUgBBAFQASQBPAE4ALQBNAFAAVABGAC0ASQBOAFQA[\r][\n]"
 
DEBUG (15:00:34,409) org.apache.http.wire - >> "[\r][\n]" 
DEBUG (15:00:34,512) org.apache.http.wire - << "HTTP/1.1 401 
Unauthorized[\r][\n]" 
DEBUG (15:00:34,512) org.apache.http.wire - << "Server: 
Microsoft-IIS/7.5[\r][\n]" 
DEBUG (15:00:34,512) org.apache.http.wire - << "SPRequestGuid: 
bbb2a76b-1aa8-465c-9335-3a01acfac313[\r][\n]" 
DEBUG (15:00:34,512) org.apache.http.wire - << "WWW-Authenticate: 
Negotiate[\r][\n]" 
DEBUG (15:00:34,512) org.apache.http.wire - << "WWW-Authenticate: NTLM[\r][\n]" 
DEBUG (15:00:34,513) org.apache.http.wire - << "X-Powered-By: ASP.NET[\r][\n]" 
DEBUG (15:00:34,513) org.apache.http.wire - << 
"MicrosoftSharePointTeamServices: 14.0.0.6117[\r][\n]" 
DEBUG (15:00:34,513) org.apache.http.wire - << "X-MS-InvokeApp: 1; 
RequireReadOnly[\r][\n]" 
DEBUG (15:00:34,513) org.apache.http.wire - << "Date: Fri, 18 Jan 2013 14:00:13 
GMT[\r][\n]" 
DEBUG (15:00:34,513) org.apache.http.wire - << "Content-Length: 0[\r][\n]" 
DEBUG (15:00:34,513) org.apache.http.wire - << "[\r][\n]" 
DEBUG (15:00:34,513) org.apache.http.impl.client.DefaultHttpClient - Connection 
can be kept alive indefinitely 
DEBUG (15:00:34,513) org.apache.http.impl.client.DefaultHttpClient - 
Authentication required 
DEBUG (15:00:34,513) org.apache.http.impl.client.DefaultHttpClient - 
collaboration-mptf-int.sharepoint.resources.noxiane.net:80 requested 
authentication 
DEBUG (15:00:34,514) org.apache.http.impl.client.DefaultHttpClient - 
Authorization challenge processed 
DEBUG (15:00:34,514) org.apache.http.impl.client.DefaultHttpClient - 
Authentication failed 


Thanks very much for your help. Remove Ads. 

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

[jira] [Created] (HTTPCLIENT-1300) HttpClient does not retry authentication when multiple challenges are present if the primary one fails

Reply via email to