On Tue, 2012-12-18 at 17:22 +0530, Deepak Mishra wrote: > Hi, > We need to communicate to an internet URL through a Proxy Server, the Proxy > Server has kerberos authentication integrated with an active directory. > I am using HttpClient-4.2 with JRE 1.6.0_37. When I try to connect to an > internet URL through the Proxy server, it returns "Proxy Authentication > Required" error. > > On the other hand, when I try to communicate to a target host which has > kerberos authentication, the communication succeeds. > After debugging I found that in GGSSchemeBase.java, in method > "authenticate" we get the token from KDC and then create a header > "Authorization" with value "Negotiate token(in base 64 encoded format)". > So, using this header the communication with Target Server succeeds but > communication with Proxy Server fails. Because for Proxy Server, the Header > name should be "Proxy-Authenticate". > > I have not modified the HttpClient code for my purpose, but it seems that > for successful Proxy Server authentication using kerberos, the header name > in request should be "Proxy-Authenticate". > Can any one please look into this problem and help me in getting a patch > that will work with Proxy Server using Kerberos authentication? > > Thank You, > Deepak
Deepak HttpClient should decide whether to use 'WWW-Authorization' or 'Proxy-Authorization' header based on the authentication challenge received from the opposite endpoint (be it a proxy of the target host). GGSSchemeBase class is wrong in always generating 'Authorization' regardless of the challenge. Please raise a JIRA for this defect. Oleg --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
