Re: redirect fails when NTLM authentication is used for proxy

RajK Mon, 22 Jun 2009 21:36:35 -0700

HI Oleg,
   Thanks for the reply, here is the wire logs, 

[DEBUG] header - >> "GET http://verisign.com/ HTTP/1.1[\r][\n]"
[DEBUG] header - >> "User-Agent: Jakarta Commons-HttpClient/3.1[\r][\n]"
[DEBUG] header - >> "Host: verisign.com[\r][\n]"
[DEBUG] header - >> "Proxy-Connection: Keep-Alive[\r][\n]"
[DEBUG] header - >> "[\r][\n]"
[DEBUG] header - << "HTTP/1.1 407 Proxy Authentication Required ( The ISA
Server requires authorization to fulfill the request. Access to the Web
Proxy filter is denied.  )[\r][\n]"
[DEBUG] header - << "HTTP/1.1 407 Proxy Authentication Required ( The ISA
Server requires authorization to fulfill the request. Access to the Web
Proxy filter is denied.  )[\r][\n]"
[DEBUG] header - << "Via: 1.1 lab1[\r][\n]"
[DEBUG] header - << "Proxy-Authenticate: Negotiate[\r][\n]"
[DEBUG] header - << "Proxy-Authenticate: Kerberos[\r][\n]"
[DEBUG] header - << "Proxy-Authenticate: NTLM[\r][\n]"
[DEBUG] header - << "Proxy-Authenticate: Basic realm="lab1."[\r][\n]"
[DEBUG] header - << "Connection: Keep-Alive[\r][\n]"
[DEBUG] header - << "Proxy-Connection: Keep-Alive[\r][\n]"
[DEBUG] header - << "Pragma: no-cache[\r][\n]"
[DEBUG] header - << "Cache-Control: no-cache[\r][\n]"
[DEBUG] header - << "Content-Type: text/html[\r][\n]"
[DEBUG] header - << "Content-Length: 4106  [\r][\n]"
[DEBUG] header - << "[\r][\n]"
[INFO] AuthChallengeProcessor - ntlm authentication scheme selected
[DEBUG] header - >> "GET http://verisign.com/ HTTP/1.1[\r][\n]"
[DEBUG] header - >> "User-Agent: Jakarta Commons-HttpClient/3.1[\r][\n]"
[DEBUG] header - >> "Proxy-Connection: Keep-Alive[\r][\n]"
[DEBUG] header - >> "Proxy-Authorization: NTLM
TlRMTVNTUAABAAAABlIAAA0ADQAiAAAAAgACACAAAABOVDE3Mi4yNi4yMzAuODY=[\r][\n]"
[DEBUG] header - >> "Host: verisign.com[\r][\n]"
[DEBUG] header - >> "[\r][\n]"
[DEBUG] header - << "HTTP/1.1 407 Proxy Authentication Required ( Access is
denied.  )[\r][\n]"
[DEBUG] header - << "HTTP/1.1 407 Proxy Authentication Required ( Access is
denied.  )[\r][\n]"
[DEBUG] header - << "Via: 1.1 lab1[\r][\n]"
[DEBUG] header - << "Proxy-Authenticate: NTLM
TlRMTVNTUAACAAAACQAJADgAAAAGAoECE6EfrShmucQAAAAAAAAAAJ4AngBBAAAABQLODgAAAA9DSElMRElCQUMCABIAQwBIAEkATABEAEkAQgBBAEMAAQAYAFMAVQBOAEkATABOAEsALQBMAEEAQgAxAAQAKABjAGgAaQBsAGQALgBpAHMAbQAuAG0AYwBhAGYAZQBlAC4AYwBvAG0AAwAYAHMAdQBuAGkAbABuAGsALQBsAGEAYgAxAAUAHABpAHMAbQAuAG0AYwBhAGYAZQBlAC4AYwBvAG0AAAAAAA==[\r][\n]"
[DEBUG] header - << "Connection: Keep-Alive[\r][\n]"
[DEBUG] header - << "Proxy-Connection: Keep-Alive[\r][\n]"
[DEBUG] header - << "Pragma: no-cache[\r][\n]"
[DEBUG] header - << "Cache-Control: no-cache[\r][\n]"
[DEBUG] header - << "Content-Type: text/html[\r][\n]"
[DEBUG] header - << "Content-Length: 0     [\r][\n]"
[DEBUG] header - << "[\r][\n]"
[DEBUG] header - >> "GET http://verisign.com/ HTTP/1.1[\r][\n]"
[DEBUG] header - >> "User-Agent: Jakarta Commons-HttpClient/3.1[\r][\n]"
[DEBUG] header - >> "Proxy-Connection: Keep-Alive[\r][\n]"
[DEBUG] header - >> "Proxy-Authorization: NTLM
TlRMTVNTUAADAAAAGAAYAFwAAAAAAAAAdAAAAA0ADQBAAAAADQANAE0AAAACAAIAWgAAAAAAAAB0AAAABlIAADE3Mi4yNi4yMzAuODZBRE1JTklTVFJBVE9STlTpGOVYkkr+LQRybRsJCgxl2lYVu2N/vb8=[\r][\n]"
[DEBUG] header - >> "Host: verisign.com[\r][\n]"
[DEBUG] header - >> "[\r][\n]"
[DEBUG] header - << "HTTP/1.1 301 Unknown reason[\r][\n]"
[DEBUG] header - << "HTTP/1.1 301 Unknown reason[\r][\n]"
[DEBUG] header - << "Via: 1.1 lab1[\r][\n]"
[DEBUG] header - << "Connection: Keep-Alive[\r][\n]"
[DEBUG] header - << "Proxy-Connection: Keep-Alive[\r][\n]"
[DEBUG] header - << "Content-length: 0[\r][\n]"
[DEBUG] header - << "Date: Tue, 23 Jun 2009 04:19:48 GMT[\r][\n]"
[DEBUG] header - << "Location: http://www.verisign.com/[\r][\n]";
[DEBUG] header - << "Content-type: text/html[\r][\n]"
[DEBUG] header - << "Server: Netscape-Enterprise/4.1[\r][\n]"
[DEBUG] header - << "[\r][\n]"
[DEBUG] header - >> "GET http://www.verisign.com/ HTTP/1.1[\r][\n]"
[DEBUG] header - >> "User-Agent: Jakarta Commons-HttpClient/3.1[\r][\n]"
[DEBUG] header - >> "Proxy-Connection: Keep-Alive[\r][\n]"
[DEBUG] header - >> "Host: www.verisign.com[\r][\n]"
[DEBUG] header - >> "[\r][\n]"
[DEBUG] header - << "HTTP/1.1 407 Proxy Authentication Required ( The ISA
Server requires authorization to fulfill the request. Access to the Web
Proxy filter is denied.  )[\r][\n]"
[DEBUG] header - << "HTTP/1.1 407 Proxy Authentication Required ( The ISA
Server requires authorization to fulfill the request. Access to the Web
Proxy filter is denied.  )[\r][\n]"
[DEBUG] header - << "Via: 1.1 lab1[\r][\n]"
[DEBUG] header - << "Proxy-Authenticate: Negotiate[\r][\n]"
[DEBUG] header - << "Proxy-Authenticate: Kerberos[\r][\n]"
[DEBUG] header - << "Proxy-Authenticate: NTLM[\r][\n]"
[DEBUG] header - << "Proxy-Authenticate: Basic realm="lab1."[\r][\n]"
[DEBUG] header - << "Connection: Keep-Alive[\r][\n]"
[DEBUG] header - << "Proxy-Connection: Keep-Alive[\r][\n]"
[DEBUG] header - << "Pragma: no-cache[\r][\n]"
[DEBUG] header - << "Cache-Control: no-cache[\r][\n]"
[DEBUG] header - << "Content-Type: text/html[\r][\n]"
[DEBUG] header - << "Content-Length: 4106  [\r][\n]"
[DEBUG] header - << "[\r][\n]"
[INFO] HttpMethodDirector - Failure authenticating with NTLM <any
realm>@172.16.100.16:8080


When I tried the with the code changes as
In processRedirectResponse {
        method.getHostAuthState().invalidate();
        I added the below line, 
        method.getProxyAuthState().invalidate();
       }
       This works
Thanks,
RajK


olegk wrote:
> 
> On Thu, Jun 04, 2009 at 03:41:53AM -0700, RajK wrote:
>> 
>> HI all,
>>     During redirect time, the auth has to be cleared as the below issues
>> says, 
>> http://issues.apache.org/jira/browse/HTTPCLIENT-211
>> but, it does it only for the hosts NTLM authentication,
>> But, when we have NTLM at proxy, redirect fails.
>> 
>> Should we have it cleared for proxy also, right? please let me know
>> otherwise, please let me know.
>> 
>> Thanks,
>> Raj
>> 
>> 
> 
> Post wire / context log
> 
> Oleg
> 
> 
>> 
>> -- 
>> View this message in context:
>> http://www.nabble.com/redirect-fails-when-NTLM-authentication-is-used-for-proxy-tp23867531p23867531.html
>> Sent from the HttpClient-User mailing list archive at Nabble.com.
>> 
>> 
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: [email protected]
>> For additional commands, e-mail: [email protected]
>> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [email protected]
> For additional commands, e-mail: [email protected]
> 
> 
> 

-- 
View this message in context: 
http://www.nabble.com/redirect-fails-when-NTLM-authentication-is-used-for-proxy-tp23867531p24158833.html
Sent from the HttpClient-User mailing list archive at Nabble.com.


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Re: redirect fails when NTLM authentication is used for proxy

Reply via email to