[jira] Commented: (HTTPCLIENT-523) SPNEGO authentication scheme
[ https://issues.apache.org/jira/browse/HTTPCLIENT-523?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12913957#action_12913957 ] daniel winz commented on HTTPCLIENT-523: Hello all, can somebody provide an example for delegation? Or tell what I have to configure to enable delegation. Thank you Daniel > SPNEGO authentication scheme > > > Key: HTTPCLIENT-523 > URL: https://issues.apache.org/jira/browse/HTTPCLIENT-523 > Project: HttpComponents HttpClient > Issue Type: Improvement > Components: HttpAuth >Affects Versions: Snapshot > Environment: Operating System: All > Platform: All >Reporter: Mikael Wikström >Priority: Minor > Fix For: 4.1 Alpha1 > > Attachments: bcsLogin.conf, > CustomAuthenticationNegotiateExample.java, > CustomAuthenticationNegotiateExample.java, ExUpdateAndMinorFixes.patch, > httpclient4kerb20090710.zip, KerberosHttpClient.zip, NegotiateScheme.java, > NegotiateScheme.java, run.sh, SPNEGO.patch, SPNEGO_cropped.png, > submitclient.tar.gz > > > Consider integrating the SPNEGO auth scheme from Commons HttpClient contrib > package into HttpClient 4.0 -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online. - To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
[jira] Commented: (HTTPCLIENT-523) SPNEGO authentication scheme
[ https://issues.apache.org/jira/browse/HTTPCLIENT-523?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12836987#action_12836987 ] Dave Whitla commented on HTTPCLIENT-523: I'll check out and take a look. I actually only found this JIRA issue because someone at work was looking for a SPNEGO enabled client library and was also unaware of my 3.x add-on. So we will be able to drive some improvement by our own requirements. ASLv2 is fine. Dave > SPNEGO authentication scheme > > > Key: HTTPCLIENT-523 > URL: https://issues.apache.org/jira/browse/HTTPCLIENT-523 > Project: HttpComponents HttpClient > Issue Type: Improvement > Components: HttpAuth >Affects Versions: Snapshot > Environment: Operating System: All > Platform: All >Reporter: Mikael Wikström >Priority: Minor > Fix For: 4.1 Alpha1 > > Attachments: bcsLogin.conf, > CustomAuthenticationNegotiateExample.java, > CustomAuthenticationNegotiateExample.java, ExUpdateAndMinorFixes.patch, > httpclient4kerb20090710.zip, KerberosHttpClient.zip, NegotiateScheme.java, > NegotiateScheme.java, run.sh, SPNEGO.patch, SPNEGO_cropped.png, > submitclient.tar.gz > > > Consider integrating the SPNEGO auth scheme from Commons HttpClient contrib > package into HttpClient 4.0 -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online. - To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
[jira] Commented: (HTTPCLIENT-523) SPNEGO authentication scheme
[ https://issues.apache.org/jira/browse/HTTPCLIENT-523?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12834697#action_12834697 ] Oleg Kalnichevski commented on HTTPCLIENT-523: -- Dave, I was simply not aware of your work on SPNEGO support for HttpClient 3.x. You should have let us know about it. Anyhow, support for SPNEGO in HttpClient 4.0 is still very much work in progress. If you are willing to port your code to 4.0 API and license in under ASLv2 we would be happy to incorporate it into the official HttpClient code base. Cheers Oleg > SPNEGO authentication scheme > > > Key: HTTPCLIENT-523 > URL: https://issues.apache.org/jira/browse/HTTPCLIENT-523 > Project: HttpComponents HttpClient > Issue Type: Improvement > Components: HttpAuth >Affects Versions: Snapshot > Environment: Operating System: All > Platform: All >Reporter: Mikael Wikström >Priority: Minor > Fix For: 4.1 Alpha1 > > Attachments: bcsLogin.conf, > CustomAuthenticationNegotiateExample.java, > CustomAuthenticationNegotiateExample.java, ExUpdateAndMinorFixes.patch, > httpclient4kerb20090710.zip, KerberosHttpClient.zip, NegotiateScheme.java, > NegotiateScheme.java, run.sh, SPNEGO.patch, SPNEGO_cropped.png, > submitclient.tar.gz > > > Consider integrating the SPNEGO auth scheme from Commons HttpClient contrib > package into HttpClient 4.0 -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online. - To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
[jira] Commented: (HTTPCLIENT-523) SPNEGO authentication scheme
[ https://issues.apache.org/jira/browse/HTTPCLIENT-523?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12834581#action_12834581 ] Dave Whitla commented on HTTPCLIENT-523: Hi all, I authored httpclient-auth-spnego (in April 2007) and the SPNego module for Glassfish and am kinda surprised that noone emailed me on this. I understand a lot of users make use of httpclient-auth-spnego in testing their SPNego enabled servers and would like the work not to have been duplicated. Dave > SPNEGO authentication scheme > > > Key: HTTPCLIENT-523 > URL: https://issues.apache.org/jira/browse/HTTPCLIENT-523 > Project: HttpComponents HttpClient > Issue Type: Improvement > Components: HttpAuth >Affects Versions: Snapshot > Environment: Operating System: All > Platform: All >Reporter: Mikael Wikström >Priority: Minor > Fix For: 4.1 Alpha1 > > Attachments: bcsLogin.conf, > CustomAuthenticationNegotiateExample.java, > CustomAuthenticationNegotiateExample.java, ExUpdateAndMinorFixes.patch, > httpclient4kerb20090710.zip, KerberosHttpClient.zip, NegotiateScheme.java, > NegotiateScheme.java, run.sh, SPNEGO.patch, SPNEGO_cropped.png, > submitclient.tar.gz > > > Consider integrating the SPNEGO auth scheme from Commons HttpClient contrib > package into HttpClient 4.0 -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online. - To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
[jira] Commented: (HTTPCLIENT-523) SPNEGO authentication scheme
[ https://issues.apache.org/jira/browse/HTTPCLIENT-523?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12763217#action_12763217 ] Matthew Stevenson commented on HTTPCLIENT-523: -- Not sure if you fixed any but I only found the one instance of JbossNegotiate. Patch to fix below. I drew the diagram using gliffy. Index: src/docbkx/authentication.xml === --- src/docbkx/authentication.xml (revision 822859) +++ src/docbkx/authentication.xml (working copy) @@ -454,7 +454,7 @@ login.conf file The following configuration is a basic setup that works in Windows XP against both -IIS7 and JbossNegotiate modules. +IIS7 and JBoss Negotiation modules. The system property java.security.auth.login.config can be use to point at the login.conf file. login.conf content may look like the following: > SPNEGO authentication scheme > > > Key: HTTPCLIENT-523 > URL: https://issues.apache.org/jira/browse/HTTPCLIENT-523 > Project: HttpComponents HttpClient > Issue Type: Improvement > Components: HttpAuth >Affects Versions: Snapshot > Environment: Operating System: All > Platform: All >Reporter: Mikael Wikström >Priority: Minor > Fix For: 4.1.0 > > Attachments: bcsLogin.conf, > CustomAuthenticationNegotiateExample.java, > CustomAuthenticationNegotiateExample.java, ExUpdateAndMinorFixes.patch, > httpclient4kerb20090710.zip, KerberosHttpClient.zip, NegotiateScheme.java, > NegotiateScheme.java, run.sh, SPNEGO.patch, SPNEGO_cropped.png, > submitclient.tar.gz > > > Consider integrating the SPNEGO auth scheme from Commons HttpClient contrib > package into HttpClient 4.0 -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online. - To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
[jira] Commented: (HTTPCLIENT-523) SPNEGO authentication scheme
[ https://issues.apache.org/jira/browse/HTTPCLIENT-523?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12760929#action_12760929 ] Oleg Kalnichevski commented on HTTPCLIENT-523: -- > JbossNegotiation is a SPNEGO auth handler for JBoss/Tomcat I see. We should be referring to it as JBoss Negotiation, not JbossNegotiate, to avoid confusion. > It's referenced as I used it to test against as well as IIS7. Its worth while > to keep in? I think it is. > Also I noticed that SPNEGO_cropped.png wasn't added to the > docbkx/resources/images directory Unless you are the author of that picture, we should not include content whose origin and licensing terms are known or not specified. I think the SPNEGO description is perfectly fine even without the image. Oleg > SPNEGO authentication scheme > > > Key: HTTPCLIENT-523 > URL: https://issues.apache.org/jira/browse/HTTPCLIENT-523 > Project: HttpComponents HttpClient > Issue Type: Improvement > Components: HttpAuth >Affects Versions: Snapshot > Environment: Operating System: All > Platform: All >Reporter: Mikael Wikström >Priority: Minor > Fix For: 4.1.0 > > Attachments: bcsLogin.conf, > CustomAuthenticationNegotiateExample.java, > CustomAuthenticationNegotiateExample.java, ExUpdateAndMinorFixes.patch, > httpclient4kerb20090710.zip, KerberosHttpClient.zip, NegotiateScheme.java, > NegotiateScheme.java, run.sh, SPNEGO.patch, SPNEGO_cropped.png, > submitclient.tar.gz > > > Consider integrating the SPNEGO auth scheme from Commons HttpClient contrib > package into HttpClient 4.0 -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online. - To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
[jira] Commented: (HTTPCLIENT-523) SPNEGO authentication scheme
[ https://issues.apache.org/jira/browse/HTTPCLIENT-523?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12760357#action_12760357 ] Matthew Stevenson commented on HTTPCLIENT-523: -- Also I noticed that SPNEGO_cropped.png wasn't added to the docbkx/resources/images directory and was removed from the first SPNEGO section. > SPNEGO authentication scheme > > > Key: HTTPCLIENT-523 > URL: https://issues.apache.org/jira/browse/HTTPCLIENT-523 > Project: HttpComponents HttpClient > Issue Type: Improvement > Components: HttpAuth >Affects Versions: Snapshot > Environment: Operating System: All > Platform: All >Reporter: Mikael Wikström >Priority: Minor > Fix For: 4.1.0 > > Attachments: bcsLogin.conf, > CustomAuthenticationNegotiateExample.java, > CustomAuthenticationNegotiateExample.java, ExUpdateAndMinorFixes.patch, > httpclient4kerb20090710.zip, KerberosHttpClient.zip, NegotiateScheme.java, > NegotiateScheme.java, run.sh, SPNEGO.patch, SPNEGO_cropped.png, > submitclient.tar.gz > > > Consider integrating the SPNEGO auth scheme from Commons HttpClient contrib > package into HttpClient 4.0 -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online. - To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
[jira] Commented: (HTTPCLIENT-523) SPNEGO authentication scheme
[ https://issues.apache.org/jira/browse/HTTPCLIENT-523?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12760353#action_12760353 ] Matthew Stevenson commented on HTTPCLIENT-523: -- JbossNegotiation is a SPNEGO auth handler for JBoss/Tomcat http://www.jboss.org/index.html?module=bb&op=viewtopic&t=149589 . It's referenced as I used it to test against as well as IIS7. Its worth while to keep in? > SPNEGO authentication scheme > > > Key: HTTPCLIENT-523 > URL: https://issues.apache.org/jira/browse/HTTPCLIENT-523 > Project: HttpComponents HttpClient > Issue Type: Improvement > Components: HttpAuth >Affects Versions: Snapshot > Environment: Operating System: All > Platform: All >Reporter: Mikael Wikström >Priority: Minor > Fix For: 4.1.0 > > Attachments: bcsLogin.conf, > CustomAuthenticationNegotiateExample.java, > CustomAuthenticationNegotiateExample.java, ExUpdateAndMinorFixes.patch, > httpclient4kerb20090710.zip, KerberosHttpClient.zip, NegotiateScheme.java, > NegotiateScheme.java, run.sh, SPNEGO.patch, SPNEGO_cropped.png, > submitclient.tar.gz > > > Consider integrating the SPNEGO auth scheme from Commons HttpClient contrib > package into HttpClient 4.0 -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online. - To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
[jira] Commented: (HTTPCLIENT-523) SPNEGO authentication scheme
[ https://issues.apache.org/jira/browse/HTTPCLIENT-523?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12759225#action_12759225 ] Oleg Kalnichevski commented on HTTPCLIENT-523: -- Matthew, Both the Kerberos example and the tutorial refer to something called JbossNegotiate, which I believe does not exist in the official repository. Could you please fix that? Oleg > SPNEGO authentication scheme > > > Key: HTTPCLIENT-523 > URL: https://issues.apache.org/jira/browse/HTTPCLIENT-523 > Project: HttpComponents HttpClient > Issue Type: Improvement > Components: HttpAuth >Affects Versions: Snapshot > Environment: Operating System: All > Platform: All >Reporter: Mikael Wikström >Priority: Minor > Fix For: 4.1.0 > > Attachments: bcsLogin.conf, > CustomAuthenticationNegotiateExample.java, > CustomAuthenticationNegotiateExample.java, ExUpdateAndMinorFixes.patch, > httpclient4kerb20090710.zip, KerberosHttpClient.zip, NegotiateScheme.java, > NegotiateScheme.java, run.sh, SPNEGO.patch, SPNEGO_cropped.png, > submitclient.tar.gz > > > Consider integrating the SPNEGO auth scheme from Commons HttpClient contrib > package into HttpClient 4.0 -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online. - To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
[jira] Commented: (HTTPCLIENT-523) SPNEGO authentication scheme
[ https://issues.apache.org/jira/browse/HTTPCLIENT-523?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12755991#action_12755991 ] Oleg Kalnichevski commented on HTTPCLIENT-523: -- Matthew, I checked the patch in. As soon as you tell me you are through with your work, I'll put some final touches on the sample code and tutorial and close the issue. Oleg > SPNEGO authentication scheme > > > Key: HTTPCLIENT-523 > URL: https://issues.apache.org/jira/browse/HTTPCLIENT-523 > Project: HttpComponents HttpClient > Issue Type: Improvement > Components: HttpAuth >Affects Versions: Snapshot > Environment: Operating System: All > Platform: All >Reporter: Mikael Wikström >Priority: Minor > Fix For: 4.1.0 > > Attachments: bcsLogin.conf, > CustomAuthenticationNegotiateExample.java, > CustomAuthenticationNegotiateExample.java, ExUpdateAndMinorFixes.patch, > httpclient4kerb20090710.zip, KerberosHttpClient.zip, NegotiateScheme.java, > NegotiateScheme.java, run.sh, SPNEGO.patch, SPNEGO_cropped.png, > submitclient.tar.gz > > > Consider integrating the SPNEGO auth scheme from Commons HttpClient contrib > package into HttpClient 4.0 -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online. - To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
[jira] Commented: (HTTPCLIENT-523) SPNEGO authentication scheme
[ https://issues.apache.org/jira/browse/HTTPCLIENT-523?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12754695#action_12754695 ] Oleg Kalnichevski commented on HTTPCLIENT-523: -- Matthew, I committed your patch with some minor changes to the SVN head. Please review / double-check http://svn.apache.org/viewvc?view=rev&revision=814311 A few notes: (1) I copied content of krb5.conf and login.conf files to the ClientKerberosAuthentication sample to make it self-contained. Ideally the example should have a little more documentation in the javadocs. Please consider putting some more work into it. (2) We cannot have dependencies on external libraries such as BouncyCastle JCE implementation in examples. Ideally sample files should be functional with the standard set of dependencies. Worst case I would rather have that example require Java 1.6 to run as long as it complies with Java 1.5 and the runtime dependency on 1.6 is clearly documented in the javadocs (3) I moved BouncySpnegoTokenGenerator class to the contrib (unsupported) area for the reason given above: http://svn.apache.org/repos/asf/httpcomponents/httpclient/trunk/contrib/org/apache/http/contrib/auth/BouncySpnegoTokenGenerator.java Many thanks for this contribution. I am sure quite a few people are going to be quite happy about it! I'll close this issue as resolved as soon as the BouncyCastle dependency issue is sorted out and the tutorial content is brushed up a little. Oleg > SPNEGO authentication scheme > > > Key: HTTPCLIENT-523 > URL: https://issues.apache.org/jira/browse/HTTPCLIENT-523 > Project: HttpComponents HttpClient > Issue Type: Improvement > Components: HttpAuth >Affects Versions: Snapshot > Environment: Operating System: All > Platform: All >Reporter: Mikael Wikström >Priority: Minor > Fix For: 4.1.0 > > Attachments: bcsLogin.conf, > CustomAuthenticationNegotiateExample.java, > CustomAuthenticationNegotiateExample.java, httpclient4kerb20090710.zip, > KerberosHttpClient.zip, NegotiateScheme.java, NegotiateScheme.java, run.sh, > SPNEGO.patch, SPNEGO_cropped.png, submitclient.tar.gz > > > Consider integrating the SPNEGO auth scheme from Commons HttpClient contrib > package into HttpClient 4.0 -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online. - To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
[jira] Commented: (HTTPCLIENT-523) SPNEGO authentication scheme
[ https://issues.apache.org/jira/browse/HTTPCLIENT-523?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12754545#action_12754545 ] Zhiyong Li commented on HTTPCLIENT-523: --- Matt, Thank you for your response to my question dated on 09/02/2009. I have the TCP or UDP problem resolved. I am still hoping someone can answer my question related with GetMethod and PostMethod. > SPNEGO authentication scheme > > > Key: HTTPCLIENT-523 > URL: https://issues.apache.org/jira/browse/HTTPCLIENT-523 > Project: HttpComponents HttpClient > Issue Type: Improvement > Components: HttpAuth >Affects Versions: Snapshot > Environment: Operating System: All > Platform: All >Reporter: Mikael Wikström >Priority: Minor > Fix For: 4.1.0 > > Attachments: bcsLogin.conf, > CustomAuthenticationNegotiateExample.java, > CustomAuthenticationNegotiateExample.java, httpclient4kerb20090710.zip, > KerberosHttpClient.zip, NegotiateScheme.java, NegotiateScheme.java, run.sh, > SPNEGO.patch, SPNEGO_cropped.png, submitclient.tar.gz > > > Consider integrating the SPNEGO auth scheme from Commons HttpClient contrib > package into HttpClient 4.0 -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online. - To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
[jira] Commented: (HTTPCLIENT-523) SPNEGO authentication scheme
[ https://issues.apache.org/jira/browse/HTTPCLIENT-523?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12753940#action_12753940 ] Zhiyong Li commented on HTTPCLIENT-523: --- I tried Mikael Wikström's HttpClient 3.x code such as CustomAuthenticationNegotiateExample.java. It works fine for me. However, when I changed the following line: GetMethod httpget = new GetMethod(args[0]); To PostMethod httpget = new PostMethod(args[0]); I am getting the error: HTTP/1.1 302 Moved Temporarily. Can anyone let me know why I can not use PostMethod in this case? I am trying to use this with Spring HttpInvoker, which only supports "Post". Thus, I need to get "Post" to work. Thanks. > SPNEGO authentication scheme > > > Key: HTTPCLIENT-523 > URL: https://issues.apache.org/jira/browse/HTTPCLIENT-523 > Project: HttpComponents HttpClient > Issue Type: Improvement > Components: HttpAuth >Affects Versions: Snapshot > Environment: Operating System: All > Platform: All >Reporter: Mikael Wikström >Priority: Minor > Fix For: 4.1.0 > > Attachments: bcsLogin.conf, > CustomAuthenticationNegotiateExample.java, > CustomAuthenticationNegotiateExample.java, httpclient4kerb20090710.zip, > KerberosHttpClient.zip, NegotiateScheme.java, NegotiateScheme.java, run.sh, > submitclient.tar.gz > > > Consider integrating the SPNEGO auth scheme from Commons HttpClient contrib > package into HttpClient 4.0 -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online. - To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
[jira] Commented: (HTTPCLIENT-523) SPNEGO authentication scheme
[ https://issues.apache.org/jira/browse/HTTPCLIENT-523?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12751125#action_12751125 ] Zhiyong Li commented on HTTPCLIENT-523: --- It is not UDP vs TCP issue. I have to uncomment: NegotiateScheme.setSTRIPPORT(true); Thanks. > SPNEGO authentication scheme > > > Key: HTTPCLIENT-523 > URL: https://issues.apache.org/jira/browse/HTTPCLIENT-523 > Project: HttpComponents HttpClient > Issue Type: Improvement > Components: HttpAuth >Affects Versions: Snapshot > Environment: Operating System: All > Platform: All >Reporter: Mikael Wikström >Priority: Minor > Fix For: 4.1.0 > > Attachments: bcsLogin.conf, > CustomAuthenticationNegotiateExample.java, > CustomAuthenticationNegotiateExample.java, httpclient4kerb20090710.zip, > KerberosHttpClient.zip, NegotiateScheme.java, NegotiateScheme.java, run.sh, > submitclient.tar.gz > > > Consider integrating the SPNEGO auth scheme from Commons HttpClient contrib > package into HttpClient 4.0 -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online. - To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
[jira] Commented: (HTTPCLIENT-523) SPNEGO authentication scheme
[ https://issues.apache.org/jira/browse/HTTPCLIENT-523?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12750669#action_12750669 ] Zhiyong Li commented on HTTPCLIENT-523: --- I tried to use Matthew's 22/Jun/09 code of "protected void init(String server) throws GSSException". It gets me further, but I am still getting the following exception. I also have a sample which uses Java 6 HTTP/SPNEGO implementation, that one works fine. I noticed that for the success code, UDP is used instead of TCP, for example: kdc=bcidcvm01.bci.sas.com UDP:88. Can someone explain this and also can I configure httpclient to use UDP? Found ticket for [email protected] to go to krbtgt/[email protected] expiring on Wed Sep 02 2 1:46:08 EDT 2009 Entered Krb5Context.initSecContext with state=STATE_NEW Service ticket not found in the subject >>> Credentials acquireServiceCreds: same realm default etypes for default_tgs_enctypes: 3 23. >>> CksumType: sun.security.krb5.internal.crypto.RsaMd5CksumType >>> EType: sun.security.krb5.internal.crypto.DesCbcMd5EType >>> KrbKdcReq send: kdc=bcidcvm01.bci.sas.com TCP:88, timeout=3, number of >>> retries =3, #bytes=12 30 >>>DEBUG: TCPClient reading 108 bytes >>> KrbKdcReq send: #bytes read=108 >>> KrbKdcReq send: #bytes read=108 >>> KDCRep: init() encoding tag is 126 req type is 13 >>>KRBError: sTime is Wed Sep 02 17:03:11 EDT 2009 1251925391000 suSec is 381067 error code is 7 error Message is Server not found in Kerberos database realm is BCI.SAS.COM sname is HTTP/WINDOWPAIN.bci.sas.com:8080 msgType is 30 KrbException: Server not found in Kerberos database (7) at sun.security.krb5.KrbTgsRep.(KrbTgsRep.java:61) at sun.security.krb5.KrbTgsReq.getReply(KrbTgsReq.java:185) at sun.security.krb5.internal.CredentialsUtil.serviceCreds(CredentialsUtil.java:294) at sun.security.krb5.internal.CredentialsUtil.acquireServiceCreds(CredentialsUtil.java:106) at sun.security.krb5.Credentials.acquireServiceCreds(Credentials.java:562) at sun.security.jgss.krb5.Krb5Context.initSecContext(Krb5Context.java:594) at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:230) at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:162) at org.apache.http.impl.auth.NegotiateScheme.authenticate(NegotiateScheme.java:152) at org.apache.http.client.protocol.RequestTargetAuthentication.process(RequestTargetAuthenti cation.java:101) at org.apache.http.protocol.BasicHttpProcessor.process(BasicHttpProcessor.java:251) at org.apache.http.protocol.HttpRequestExecutor.preProcess(HttpRequestExecutor.java:168) at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:39 3) at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:555) at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:487) at org.apache.http.examples.client.KerberosHttpClient.main(KerberosHttpClient.java:124) Caused by: KrbException: Identifier doesn't match expected value (906) at sun.security.krb5.internal.KDCRep.init(KDCRep.java:133) at sun.security.krb5.internal.TGSRep.init(TGSRep.java:58) at sun.security.krb5.internal.TGSRep.(TGSRep.java:53) at sun.security.krb5.KrbTgsRep.(KrbTgsRep.java:46) ... 15 more > SPNEGO authentication scheme > > > Key: HTTPCLIENT-523 > URL: https://issues.apache.org/jira/browse/HTTPCLIENT-523 > Project: HttpComponents HttpClient > Issue Type: Improvement > Components: HttpAuth >Affects Versions: Snapshot > Environment: Operating System: All > Platform: All >Reporter: Mikael Wikström >Priority: Minor > Fix For: 4.1.0 > > Attachments: bcsLogin.conf, > CustomAuthenticationNegotiateExample.java, > CustomAuthenticationNegotiateExample.java, httpclient4kerb20090710.zip, > KerberosHttpClient.zip, NegotiateScheme.java, NegotiateScheme.java, run.sh, > submitclient.tar.gz > > > Consider integrating the SPNEGO auth scheme from Commons HttpClient contrib > package into HttpClient 4.0 -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online. - To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
[jira] Commented: (HTTPCLIENT-523) SPNEGO authentication scheme
[ https://issues.apache.org/jira/browse/HTTPCLIENT-523?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12730791#action_12730791 ] Oleg Kalnichevski commented on HTTPCLIENT-523: -- Matthew, Things are shaping up pretty good. However, ideally I would like to have a few fairly minor points addressed before I go ahead and commit the code to the official repository. (1) What is the reason for using mutable static variables (STRIPPORT, SPNEGOCREATE, SpengoGenerator)? Could you please consider changing those variables into regular instance variables? (2) Ideally I would prefer to have the SPNEGO documentation converted to the docbkx format and if possible integrated into the HttpClient tutorial [1] Oleg [1] http://svn.apache.org/repos/asf/httpcomponents/httpclient/trunk/src/docbkx/ > SPNEGO authentication scheme > > > Key: HTTPCLIENT-523 > URL: https://issues.apache.org/jira/browse/HTTPCLIENT-523 > Project: HttpComponents HttpClient > Issue Type: Improvement > Components: HttpAuth >Affects Versions: Snapshot > Environment: Operating System: All > Platform: All >Reporter: Mikael Wikström >Priority: Minor > Fix For: 4.1.0 > > Attachments: bcsLogin.conf, > CustomAuthenticationNegotiateExample.java, > CustomAuthenticationNegotiateExample.java, httpclient4kerb20090710.zip, > KerberosHttpClient.zip, NegotiateScheme.java, NegotiateScheme.java, run.sh, > submitclient.tar.gz > > > Consider integrating the SPNEGO auth scheme from Commons HttpClient contrib > package into HttpClient 4.0 -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online. - To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
[jira] Commented: (HTTPCLIENT-523) SPNEGO authentication scheme
[ https://issues.apache.org/jira/browse/HTTPCLIENT-523?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12729978#action_12729978 ] Matthew Stevenson commented on HTTPCLIENT-523: -- The updated files contains a frist run at documentation. I'll fix them up a little but running short of time at the moment. I've also added a SPNEGO wrapping option for java 1.5. This allows the use of Jboss + JbossNegotiate with java 1.5. It does require external classes (http://www.bouncycastle.org/java.html) so it's done via an interface and optional class. It shouldn't be hard to do the wrapping by hand to avoid using bouncycastle, but probably easier just to jump to java 1.6. I've done a little testing mainly with Java 1.5/1.6 and Jboss/IIS7. Regards Matt > SPNEGO authentication scheme > > > Key: HTTPCLIENT-523 > URL: https://issues.apache.org/jira/browse/HTTPCLIENT-523 > Project: HttpComponents HttpClient > Issue Type: Improvement > Components: HttpAuth >Affects Versions: Snapshot > Environment: Operating System: All > Platform: All >Reporter: Mikael Wikström >Priority: Minor > Fix For: 4.1.0 > > Attachments: bcsLogin.conf, > CustomAuthenticationNegotiateExample.java, > CustomAuthenticationNegotiateExample.java, httpclient4kerb20090710.zip, > KerberosHttpClient.zip, NegotiateScheme.java, NegotiateScheme.java, run.sh, > submitclient.tar.gz > > > Consider integrating the SPNEGO auth scheme from Commons HttpClient contrib > package into HttpClient 4.0 -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online. - To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
[jira] Commented: (HTTPCLIENT-523) SPNEGO authentication scheme
[ https://issues.apache.org/jira/browse/HTTPCLIENT-523?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12725784#action_12725784 ] Matthew Stevenson commented on HTTPCLIENT-523: -- @Marko It should support credential delegation however I haven't tested it. Hopefully you can, I'm not sure I'll have a chance for a while. @Oleg I'll put somethiing together. Matt > SPNEGO authentication scheme > > > Key: HTTPCLIENT-523 > URL: https://issues.apache.org/jira/browse/HTTPCLIENT-523 > Project: HttpComponents HttpClient > Issue Type: Improvement > Components: HttpAuth >Affects Versions: Snapshot > Environment: Operating System: All > Platform: All >Reporter: Mikael Wikström >Priority: Minor > Fix For: 4.1.0 > > Attachments: bcsLogin.conf, > CustomAuthenticationNegotiateExample.java, > CustomAuthenticationNegotiateExample.java, KerberosHttpClient.zip, > NegotiateScheme.java, NegotiateScheme.java, run.sh, submitclient.tar.gz > > > Consider integrating the SPNEGO auth scheme from Commons HttpClient contrib > package into HttpClient 4.0 -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online. - To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
[jira] Commented: (HTTPCLIENT-523) SPNEGO authentication scheme
[ https://issues.apache.org/jira/browse/HTTPCLIENT-523?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12724950#action_12724950 ] Oleg Kalnichevski commented on HTTPCLIENT-523: -- @Matthew If you can contribute a section on SPNEGO authentication to the HttpClient tutorial, I'll commit your code to the official 4.1 branch of HttpClient http://wiki.apache.org/HttpComponents/HttpClientTutorial Oleg > SPNEGO authentication scheme > > > Key: HTTPCLIENT-523 > URL: https://issues.apache.org/jira/browse/HTTPCLIENT-523 > Project: HttpComponents HttpClient > Issue Type: Improvement > Components: HttpAuth >Affects Versions: Snapshot > Environment: Operating System: All > Platform: All >Reporter: Mikael Wikström >Priority: Minor > Fix For: 4.1.0 > > Attachments: bcsLogin.conf, > CustomAuthenticationNegotiateExample.java, > CustomAuthenticationNegotiateExample.java, KerberosHttpClient.zip, > NegotiateScheme.java, NegotiateScheme.java, run.sh, submitclient.tar.gz > > > Consider integrating the SPNEGO auth scheme from Commons HttpClient contrib > package into HttpClient 4.0 -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online. - To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
[jira] Commented: (HTTPCLIENT-523) SPNEGO authentication scheme
[ https://issues.apache.org/jira/browse/HTTPCLIENT-523?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12723244#action_12723244 ] Marko Asplund commented on HTTPCLIENT-523: -- Matt, Thanks for sharing the code! Does the patch support Kerberos credential delegation? > SPNEGO authentication scheme > > > Key: HTTPCLIENT-523 > URL: https://issues.apache.org/jira/browse/HTTPCLIENT-523 > Project: HttpComponents HttpClient > Issue Type: Improvement > Components: HttpAuth >Affects Versions: Snapshot > Environment: Operating System: All > Platform: All >Reporter: Mikael Wikström >Priority: Minor > Fix For: 4.1.0 > > Attachments: bcsLogin.conf, > CustomAuthenticationNegotiateExample.java, > CustomAuthenticationNegotiateExample.java, KerberosHttpClient.zip, > NegotiateScheme.java, NegotiateScheme.java, run.sh, submitclient.tar.gz > > > Consider integrating the SPNEGO auth scheme from Commons HttpClient contrib > package into HttpClient 4.0 -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online. - To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
[jira] Commented: (HTTPCLIENT-523) SPNEGO authentication scheme
[
https://issues.apache.org/jira/browse/HTTPCLIENT-523?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12722842#action_12722842
]
Matthew Stevenson commented on HTTPCLIENT-523:
--
Below should work with Jboss Negotiation package with jdk 1.6. IIS7 works with
Kerberos v5 Oid, Jboss does not. Not sure about other implementations. Would be
nice if SPNEGO was back ported to 1.5 but not going to happen.
protected void init(String server) throws GSSException {
LOG.debug("init " + server);
/* Kerberos v5 GSS-API mechanism defined in RFC 1964.*/
// Oid krb5Oid = new Oid("1.2.840.113554.1.2.2");
/* Using the SPNEGO OID seems to be the correct method.
* Above Kerberos v5 works for IIS but not JBoss. Unwrapping
* the initial token when using SPNEGO OID looks like what is
* described here...
*
* http://msdn.microsoft.com/en-us/library/ms995330.aspx
*
* Another helpful URL...
*
*
http://publib.boulder.ibm.com/infocenter/wasinfo/v7r0/index.jsp?topic=/com.ibm.websphere.express.doc/info/exp/ae/tsec_SPNEGO_token.html
*
* Unfortunately SPNEGO is JRE >=1.6.
*/
String javaVersion = System.getProperty("java.runtime.version");
LOG.debug("System.getProperty(\"java.runtime.version\") = " +
javaVersion);
Oid negotiationOid = null;
if( javaVersion.matches("1\\.6.*") ){
LOG.debug("Using SPNEGO OID");
negotiationOid = new Oid("1.3.6.1.5.5.2");
}else{
LOG.debug("Using Kerberos OID");
negotiationOid = new Oid("1.2.840.113554.1.2.2");
}
GSSManager manager = GSSManager.getInstance();
GSSName serverName = manager.createName("HTTP/"+server, null);
context = manager.createContext(
serverName.canonicalize(negotiationOid),
negotiationOid, null,
GSSContext.DEFAULT_LIFETIME);
context.requestMutualAuth(true);
context.requestCredDeleg(true);
state = INITIATED;
}
> SPNEGO authentication scheme
>
>
> Key: HTTPCLIENT-523
> URL: https://issues.apache.org/jira/browse/HTTPCLIENT-523
> Project: HttpComponents HttpClient
> Issue Type: Improvement
> Components: HttpAuth
>Affects Versions: Snapshot
> Environment: Operating System: All
> Platform: All
>Reporter: Mikael Wikström
>Priority: Minor
> Fix For: 4.1.0
>
> Attachments: bcsLogin.conf,
> CustomAuthenticationNegotiateExample.java,
> CustomAuthenticationNegotiateExample.java, KerberosHttpClient.zip,
> NegotiateScheme.java, NegotiateScheme.java, run.sh, submitclient.tar.gz
>
>
> Consider integrating the SPNEGO auth scheme from Commons HttpClient contrib
> package into HttpClient 4.0
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
-
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
[jira] Commented: (HTTPCLIENT-523) SPNEGO authentication scheme
[ https://issues.apache.org/jira/browse/HTTPCLIENT-523?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12721444#action_12721444 ] Matthew Stevenson commented on HTTPCLIENT-523: -- @Zhiyong That looks like an issue with the jboss implementation. I added some debugging and got the same issue will IE and HTTPClient. Jboss does it's own ASN1 decoding, I'll have to look into it a little more. > SPNEGO authentication scheme > > > Key: HTTPCLIENT-523 > URL: https://issues.apache.org/jira/browse/HTTPCLIENT-523 > Project: HttpComponents HttpClient > Issue Type: Improvement > Components: HttpAuth >Affects Versions: Snapshot > Environment: Operating System: All > Platform: All >Reporter: Mikael Wikström >Priority: Minor > Fix For: 4.1.0 > > Attachments: bcsLogin.conf, > CustomAuthenticationNegotiateExample.java, > CustomAuthenticationNegotiateExample.java, KerberosHttpClient.zip, > NegotiateScheme.java, NegotiateScheme.java, run.sh, submitclient.tar.gz > > > Consider integrating the SPNEGO auth scheme from Commons HttpClient contrib > package into HttpClient 4.0 -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online. - To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
[jira] Commented: (HTTPCLIENT-523) SPNEGO authentication scheme
[ https://issues.apache.org/jira/browse/HTTPCLIENT-523?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12718124#action_12718124 ] Zhiyong Li commented on HTTPCLIENT-523: --- I tried to run Matt's example against Jboss (4.2.0 with its SPNEGO support package). However, it does not give me the succeful result. The last couple of lines are as follows: 46670 [main] DEBUG org.apache.http.wire - << "HTTP/1.1 200 OK[EOL]" 46670 [main] DEBUG org.apache.http.wire - << "Server: Apache-Coyote/1.1[EOL]" 46670 [main] DEBUG org.apache.http.wire - << "Pragma: No-cache[EOL]" 46670 [main] DEBUG org.apache.http.wire - << "Cache-Control: no-cache[EOL]" 46670 [main] DEBUG org.apache.http.wire - << "Expires: Wed, 31 Dec 1969 19:00:00 EST[EOL]" 46670 [main] DEBUG org.apache.http.wire - << "Set-Cookie: JSESSIONID=EB8B50DFCEE15A45E1D6FC1F20303B 93; Path=/[EOL]" 46670 [main] DEBUG org.apache.http.wire - << "Transfer-Encoding: chunked[EOL]" 46670 [main] DEBUG org.apache.http.wire - << "Date: Wed, 10 Jun 2009 14:49:52 GMT[EOL]" 46670 [main] DEBUG org.apache.http.headers - << HTTP/1.1 200 OK 46670 [main] DEBUG org.apache.http.headers - << Server: Apache-Coyote/1.1 46670 [main] DEBUG org.apache.http.headers - << Pragma: No-cache 46670 [main] DEBUG org.apache.http.headers - << Cache-Control: no-cache 46670 [main] DEBUG org.apache.http.headers - << Expires: Wed, 31 Dec 1969 19:00:00 EST 46670 [main] DEBUG org.apache.http.headers - << Set-Cookie: JSESSIONID=EB8B50DFCEE15A45E1D6FC1F2030 3B93; Path=/ 46670 [main] DEBUG org.apache.http.headers - << Transfer-Encoding: chunked 46670 [main] DEBUG org.apache.http.headers - << Date: Wed, 10 Jun 2009 14:49:52 GMT 46686 [main] DEBUG org.apache.http.client.protocol.ResponseProcessCookies - Cookie accepted: "[vers ion: 0][name: JSESSIONID][value: EB8B50DFCEE15A45E1D6FC1F20303B93][domain: windowpain][path: /][expi ry: null]". 46686 [main] DEBUG org.apache.http.impl.client.DefaultRequestDirector - Connection can be kept aliv e for -1 ms 46686 [main] DEBUG org.apache.http.impl.auth.NegotiateScheme - enter isComplete() Response content length: -1 46702 [main] DEBUG org.apache.http.wire - << "0[EOL]" 46702 [main] DEBUG org.apache.http.impl.conn.SingleClientConnManager - Releasing connection org.apa che.http.impl.conn.singleclientconnmanager$connadap...@37fb1e On the Jboss side, I noticed that there is a piece of code of decoding NogToken and that failed since the "sequence type" (48) in the auth token is beyong what is expected. Any suggestions? Zhiyong > SPNEGO authentication scheme > > > Key: HTTPCLIENT-523 > URL: https://issues.apache.org/jira/browse/HTTPCLIENT-523 > Project: HttpComponents HttpClient > Issue Type: Improvement > Components: HttpAuth >Affects Versions: Snapshot > Environment: Operating System: All > Platform: All >Reporter: Mikael Wikström >Priority: Minor > Fix For: Future > > Attachments: bcsLogin.conf, > CustomAuthenticationNegotiateExample.java, > CustomAuthenticationNegotiateExample.java, KerberosHttpClient.zip, > NegotiateScheme.java, NegotiateScheme.java, run.sh, submitclient.tar.gz > > > Consider integrating the SPNEGO auth scheme from Commons HttpClient contrib > package into HttpClient 4.0 -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online. - To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
Re: [jira] Commented: (HTTPCLIENT-523) SPNEGO authentication scheme
On 03/06/2009, Matt032 wrote: > > Hi, > > I just happened to have to get Kerberos, HTTPClient 4 and AD working for a > demo. Attached should be the required code. The list does not support attachments. Please attach the file to the appropriate JIRA issue; make sure you select the check-box to grant rights to the ASF. > It is updated of HTTPClient 3 > code contributed by Mikael Wikström. > > I wrote portions of this code and I agree to have it released under Apache > Software License v2 > > http://www.apache.org/licenses/LICENSE-2.0.txt > > Any code I did not write was already under the Apache Software License v2. > > Regards > Matt Stevenson > > > JIRA [email protected] wrote: > > > > > > [ > > > https://issues.apache.org/jira/browse/HTTPCLIENT-523?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12709893#action_12709893 > > ] > > > > Oleg Kalnichevski commented on HTTPCLIENT-523: > > -- > > > > Marko > > There is currently nobody both capable AND willing to support SPNEGO in > > HttpClient. It is pretty much pointless to include additional features we > > are not able to adequately support. I am, for one, pretty happy we are no > > longer maintaining our own NTLM engine. > > > > Oleg > > > >> SPNEGO authentication scheme > >> > >> > >> Key: HTTPCLIENT-523 > >> URL: https://issues.apache.org/jira/browse/HTTPCLIENT-523 > >> Project: HttpComponents HttpClient > >> Issue Type: Improvement > >> Components: HttpAuth > >>Affects Versions: Snapshot > >> Environment: Operating System: All > >> Platform: All > >>Reporter: Mikael Wikström > >>Priority: Minor > >> Fix For: Future > >> > >> Attachments: bcsLogin.conf, > >> CustomAuthenticationNegotiateExample.java, > >> CustomAuthenticationNegotiateExample.java, NegotiateScheme.java, > >> NegotiateScheme.java, run.sh, submitclient.tar.gz > >> > >> > >> Consider integrating the SPNEGO auth scheme from Commons HttpClient > >> contrib package into HttpClient 4.0 > > > > -- > > This message is automatically generated by JIRA. > > - > > You can reply to this email to add a comment to the issue online. > > > > > > - > > To unsubscribe, e-mail: [email protected] > > For additional commands, e-mail: [email protected] > > > > > > > http://www.nabble.com/file/p23848153/KerberosHttpClient.zip > KerberosHttpClient.zip > > -- > View this message in context: > http://www.nabble.com/-jira--Commented%3A-%28HTTPCLIENT-523%29-SPNEGO-authentication-scheme-tp23563008p23848153.html > Sent from the HttpComponents-Dev mailing list archive at Nabble.com. > > > - > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > > - To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
Re: [jira] Commented: (HTTPCLIENT-523) SPNEGO authentication scheme
Hi, I just happened to have to get Kerberos, HTTPClient 4 and AD working for a demo. Attached should be the required code. It is updated of HTTPClient 3 code contributed by Mikael Wikström. I wrote portions of this code and I agree to have it released under Apache Software License v2 http://www.apache.org/licenses/LICENSE-2.0.txt Any code I did not write was already under the Apache Software License v2. Regards Matt Stevenson JIRA [email protected] wrote: > > > [ > https://issues.apache.org/jira/browse/HTTPCLIENT-523?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12709893#action_12709893 > ] > > Oleg Kalnichevski commented on HTTPCLIENT-523: > -- > > Marko > There is currently nobody both capable AND willing to support SPNEGO in > HttpClient. It is pretty much pointless to include additional features we > are not able to adequately support. I am, for one, pretty happy we are no > longer maintaining our own NTLM engine. > > Oleg > >> SPNEGO authentication scheme >> >> >> Key: HTTPCLIENT-523 >> URL: https://issues.apache.org/jira/browse/HTTPCLIENT-523 >> Project: HttpComponents HttpClient >> Issue Type: Improvement >> Components: HttpAuth >>Affects Versions: Snapshot >> Environment: Operating System: All >> Platform: All >>Reporter: Mikael Wikström >>Priority: Minor >> Fix For: Future >> >> Attachments: bcsLogin.conf, >> CustomAuthenticationNegotiateExample.java, >> CustomAuthenticationNegotiateExample.java, NegotiateScheme.java, >> NegotiateScheme.java, run.sh, submitclient.tar.gz >> >> >> Consider integrating the SPNEGO auth scheme from Commons HttpClient >> contrib package into HttpClient 4.0 > > -- > This message is automatically generated by JIRA. > - > You can reply to this email to add a comment to the issue online. > > > - > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > > > http://www.nabble.com/file/p23848153/KerberosHttpClient.zip KerberosHttpClient.zip -- View this message in context: http://www.nabble.com/-jira--Commented%3A-%28HTTPCLIENT-523%29-SPNEGO-authentication-scheme-tp23563008p23848153.html Sent from the HttpComponents-Dev mailing list archive at Nabble.com. - To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
[jira] Commented: (HTTPCLIENT-523) SPNEGO authentication scheme
[ https://issues.apache.org/jira/browse/HTTPCLIENT-523?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12709893#action_12709893 ] Oleg Kalnichevski commented on HTTPCLIENT-523: -- Marko There is currently nobody both capable AND willing to support SPNEGO in HttpClient. It is pretty much pointless to include additional features we are not able to adequately support. I am, for one, pretty happy we are no longer maintaining our own NTLM engine. Oleg > SPNEGO authentication scheme > > > Key: HTTPCLIENT-523 > URL: https://issues.apache.org/jira/browse/HTTPCLIENT-523 > Project: HttpComponents HttpClient > Issue Type: Improvement > Components: HttpAuth >Affects Versions: Snapshot > Environment: Operating System: All > Platform: All >Reporter: Mikael Wikström >Priority: Minor > Fix For: Future > > Attachments: bcsLogin.conf, > CustomAuthenticationNegotiateExample.java, > CustomAuthenticationNegotiateExample.java, NegotiateScheme.java, > NegotiateScheme.java, run.sh, submitclient.tar.gz > > > Consider integrating the SPNEGO auth scheme from Commons HttpClient contrib > package into HttpClient 4.0 -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online. - To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
[jira] Commented: (HTTPCLIENT-523) SPNEGO authentication scheme
[ https://issues.apache.org/jira/browse/HTTPCLIENT-523?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12709860#action_12709860 ] Marko Asplund commented on HTTPCLIENT-523: -- I think SPNEGO support would be a very important thing to have in order to be able to talk to Windows based servers. I'm currently trying to integrate a Java based web application with Microsoft Sharepoint server and authentication has proven to be the trickiest part. HttpClient 3.1 only seems to support NTLM v1 which is not enabled by default on Windows servers and administrators don't usually allow using it. NTLM autentication works well with HttpClient 4.0 + JCIFS but in many cases SPNEGO / Kerberos would be much better choice due because many Windows server administrators prefer that nowadays and because of features such as credential delegation that are extremely useful in many web applications. > SPNEGO authentication scheme > > > Key: HTTPCLIENT-523 > URL: https://issues.apache.org/jira/browse/HTTPCLIENT-523 > Project: HttpComponents HttpClient > Issue Type: Improvement > Components: HttpAuth >Affects Versions: Snapshot > Environment: Operating System: All > Platform: All >Reporter: Mikael Wikström >Priority: Minor > Fix For: Future > > Attachments: bcsLogin.conf, > CustomAuthenticationNegotiateExample.java, > CustomAuthenticationNegotiateExample.java, NegotiateScheme.java, > NegotiateScheme.java, run.sh, submitclient.tar.gz > > > Consider integrating the SPNEGO auth scheme from Commons HttpClient contrib > package into HttpClient 4.0 -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online. - To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
[jira] Commented: (HTTPCLIENT-523) SPNEGO authentication scheme
[ https://issues.apache.org/jira/browse/HTTPCLIENT-523?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12611963#action_12611963 ] Oleg Kalnichevski commented on HTTPCLIENT-523: -- Trygve, HttpClient 4.0 has had four official ALPHAs to this point and is about to go BETA1 (API freeze). Even at this stage it is _massively_ better than HttpClient 3.1. Version 4.0 requires JRE 1.5 or better. Take a look at the code written by Mikael Wikström for Httpclient 3.1. I believe it should be in a reasonably good shape. Oleg > SPNEGO authentication scheme > > > Key: HTTPCLIENT-523 > URL: https://issues.apache.org/jira/browse/HTTPCLIENT-523 > Project: HttpComponents HttpClient > Issue Type: Improvement > Components: HttpAuth >Affects Versions: Snapshot > Environment: Operating System: All > Platform: All >Reporter: Mikael Wikström >Priority: Minor > Fix For: 4.0 Final > > Attachments: bcsLogin.conf, > CustomAuthenticationNegotiateExample.java, > CustomAuthenticationNegotiateExample.java, NegotiateScheme.java, > NegotiateScheme.java, run.sh, submitclient.tar.gz > > > Consider integrating the SPNEGO auth scheme from Commons HttpClient contrib > package into HttpClient 4.0 -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[jira] Commented: (HTTPCLIENT-523) SPNEGO authentication scheme
[ https://issues.apache.org/jira/browse/HTTPCLIENT-523?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12611931#action_12611931 ] Trygve Laugstæø commented on HTTPCLIENT-523: I have a working glassfish which support SPNEGO from [1] and I've tried to get [2] going but that wasn't much good, not yet at least. [2] also has a (seemlingly) complete implementation of SPNEGO which could be used. How far off is 4.0? Does 4.0 require jdk 1.4? [1]: http://dev.taglab.com/sites/taglab-public/support/spnego.html [2]: http://spnego.ocean.net.au/ > SPNEGO authentication scheme > > > Key: HTTPCLIENT-523 > URL: https://issues.apache.org/jira/browse/HTTPCLIENT-523 > Project: HttpComponents HttpClient > Issue Type: Improvement > Components: HttpAuth >Affects Versions: Snapshot > Environment: Operating System: All > Platform: All >Reporter: Mikael Wikström >Priority: Minor > Fix For: 4.0 Final > > Attachments: bcsLogin.conf, > CustomAuthenticationNegotiateExample.java, > CustomAuthenticationNegotiateExample.java, NegotiateScheme.java, > NegotiateScheme.java, run.sh, submitclient.tar.gz > > > Consider integrating the SPNEGO auth scheme from Commons HttpClient contrib > package into HttpClient 4.0 -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[jira] Commented: (HTTPCLIENT-523) SPNEGO authentication scheme
[ https://issues.apache.org/jira/browse/HTTPCLIENT-523?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12610896#action_12610896 ] Oleg Kalnichevski commented on HTTPCLIENT-523: -- Not really much, unless someone with a good knowledge of the SPNEGO scheme could give us a helping hand. Oleg > SPNEGO authentication scheme > > > Key: HTTPCLIENT-523 > URL: https://issues.apache.org/jira/browse/HTTPCLIENT-523 > Project: HttpComponents HttpClient > Issue Type: Improvement > Components: HttpAuth >Affects Versions: Snapshot > Environment: Operating System: All > Platform: All >Reporter: Mikael Wikström >Priority: Minor > Fix For: 4.0 Final > > Attachments: bcsLogin.conf, > CustomAuthenticationNegotiateExample.java, > CustomAuthenticationNegotiateExample.java, NegotiateScheme.java, > NegotiateScheme.java, run.sh, submitclient.tar.gz > > > Consider integrating the SPNEGO auth scheme from Commons HttpClient contrib > package into HttpClient 4.0 -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[jira] Commented: (HTTPCLIENT-523) SPNEGO authentication scheme
[ https://issues.apache.org/jira/browse/HTTPCLIENT-523?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12610873#action_12610873 ] Trygve Laugst?l commented on HTTPCLIENT-523: Is there any hope of getting this into a proper release? > SPNEGO authentication scheme > > > Key: HTTPCLIENT-523 > URL: https://issues.apache.org/jira/browse/HTTPCLIENT-523 > Project: HttpComponents HttpClient > Issue Type: Improvement > Components: HttpAuth >Affects Versions: Snapshot > Environment: Operating System: All > Platform: All >Reporter: Mikael Wikström >Priority: Minor > Fix For: 4.0 Final > > Attachments: bcsLogin.conf, > CustomAuthenticationNegotiateExample.java, > CustomAuthenticationNegotiateExample.java, NegotiateScheme.java, > NegotiateScheme.java, run.sh, submitclient.tar.gz > > > Consider integrating the SPNEGO auth scheme from Commons HttpClient contrib > package into HttpClient 4.0 -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
