[jira] [Created] (HTTPCLIENT-1669) Integrated NTLM Windows Authentication doesn't work over HTTPS

JIRA Mon, 27 Jul 2015 06:29:51 -0700

Reinhold Früsmer created HTTPCLIENT-1669:
--------------------------------------------


             Summary: Integrated NTLM Windows Authentication doesn't work over 
HTTPS
                 Key: HTTPCLIENT-1669
                 URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1669
             Project: HttpComponents HttpClient
          Issue Type: Bug
          Components: HttpClient
    Affects Versions: 4.5
         Environment: Win7 / Squid Proxy 2.7.STABLE8
            Reporter: Reinhold Früsmer
            Priority: Blocker


Hi,

integrated NTLM Windows Authentication is working properly over HTTP 
connections, but not over HTTPS. 

The wireshark sequence is as follows:

323     10.584292000    192.168.85.96   192.168.85.236  HTTP    182             
CONNECT marjory-ttkf.ttsdev.de:443 HTTP/1.1 
325     10.584539000    192.168.85.236  192.168.85.96   HTTP    1436    
HTTP/1.0 407 Proxy Authentication Required  (text/html)
336     10.645235000    192.168.85.96   192.168.85.236  HTTP    266             
CONNECT marjory-ttkf.ttsdev.de:443 HTTP/1.1 , NTLMSSP_NEGOTIATE
338     10.658532000    192.168.85.236  192.168.85.96   HTTP    1436    
HTTP/1.0 407 Proxy Authentication Required  (text/html)

Connection is closed then.

With a modified version of MainClientExec#createTunnelToTarget at line 457 it 
works when adding the following header to the connect request

>>>        connect.addHeader("Proxy-Connection", "Keep-Alive");

I am not very familiar with the HttpClient code, maybe there's a "cleaner" 
solution for this or it maybreak other things I am not aware of, but it works 
in our test cases.

The Wireshark sequence then becomes:

174     4.457754000             192.168.85.96   192.168.85.236  HTTP    212     
        CONNECT marjory-ttkf.ttsdev.de:443 HTTP/1.1 
176     4.458258000             192.168.85.236  192.168.85.96   HTTP    1436    
HTTP/1.0 407 Proxy Authentication Required  (text/html)
198     4.513611000             192.168.85.96   192.168.85.236  HTTP    296     
        CONNECT marjory-ttkf.ttsdev.de:443 HTTP/1.1 , NTLMSSP_NEGOTIATE
200     4.519928000             192.168.85.236  192.168.85.96   HTTP    1436    
HTTP/1.0 407 Proxy Authentication Required , NTLMSSP_CHALLENGE (text/html)
202     4.545414000             192.168.85.96   192.168.85.236  HTTP    504     
        CONNECT marjory-ttkf.ttsdev.de:443 HTTP/1.1 , NTLMSSP_AUTH, User: 
TEAMTRAINING\FruesmerRe
224     4.606172000             192.168.85.236  192.168.85.96   HTTP    93      
        HTTP/1.0 200 Connection established 

And continuing happily  ....



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

[jira] [Created] (HTTPCLIENT-1669) Integrated NTLM Windows Authentication doesn't work over HTTPS

Reply via email to