[ http://issues.apache.org/jira/browse/HTTPCLIENT-586?page=all ]
Anton Passiouk updated HTTPCLIENT-586:
--------------------------------------
Attachment: ntlm_scheme_jakarta_vs_custom.zip
Sorry for misunderstanding, I thought "wire log" meant the log of the packets
on the wire (ethernet) ;-)
The only reason we wrote the custom scheme is because the NTLM scheme provided
by Jakarta apparently does not work with Microsoft's ISA server. We have done
the testing again with Jakarta "native" NTLM scheme and with ours, in HTTP and
HTTPS.
The file "ntlm_scheme_jakarta_vs_custom.zip" contains 4 log files (with full
wire log) generated during these 4 sessions: *_jakarta.log : application using
Jakarta's NTLM auth scheme, *_custom.log: uses custom scheme.
Both applications request an URL that contains "<htlm>Hello World</html>" and
one can see that the Jakarta's NTLM implementation doesn't manage to
authenticate because in the returned content the proxy says it can't retrieve
the page, while with the custom scheme it works fine.
During HTTPS session none of the schemes work.
Is seems that there are actually 2 different bugs:
1/ the NTLM scheme provided by Jakarta doesn't work with Microsoft's NTLM
server
2/ NTLM + HTTPS doesn't work
feel free to use the code of our NTLM implementation in HttpClient, as I
already said we just changed few lines to hash the passwords differently
> HttpClient v3: NTLM + SSL problem
> ---------------------------------
>
> Key: HTTPCLIENT-586
> URL: http://issues.apache.org/jira/browse/HTTPCLIENT-586
> Project: Jakarta HttpClient
> Type: Bug
> Versions: 3.0.1
> Environment: 1.4.2 Java plugin with MS IE 6
> Reporter: Anton Passiouk
> Attachments: logs_https_ntlm.zip, ntlm+https.log,
> ntlm_scheme_jakarta_vs_custom.zip, snippet.zip
>
> Our application is a simple applet that tries to retrieve URLs contents from
> a web site.
> It detects browser's proxy parameters and uses the Jakarta HttpClient to
> request the needed URL.
> First we had problems to simply authenticate ourselves with NTLM so we
> slightly changed the implementation of the NTLM protocol to hash the password
> differently (you will find it in the snippet attached to this bug).
> But now we can't get the application working with this proxy when the target
> web site is secured (HTTPS, no authentication). And it works just fine with
> another proxy using "Basic" auth scheme (regardless if the site is in HTTP
> and HTTPS).
> To summarize:
> Basic proxy:
> HTTP: OK
> HTTPS: OK
> NTLM proxy:
> HTTP: OK
> HTTPS: NOK -> logs are attached
> The exact proxy version is: Microsoft ISA 2000 3.0.1200.365 SP2
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
