Hi, I'm trying to authenticate with HTTP through DIGEST.
I set the <default scheme="DIGEST"/> in my conf. The webserver supports ntlmv2 and digest. As ntlmv2 is not supported by httpclient, i'd like to force to use digest. The problem is that as both ntlm and digest are negotiated from the webserver, nutch still tries only ntlm. Here are the logs: 2011-01-11 15:10:53,800 TRACE httpclient.Http - Credentials - username: cm; set as default for realm: 192.168.10.210:8090; scheme: digest [...] 2011-01-11 14:40:27,781 DEBUG wire.header - << "Server: Microsoft-IIS/6.0[\r][\n]" 2011-01-11 14:40:27,781 DEBUG wire.header - << "WWW-Authenticate: Negotiate[\r][\n]" 2011-01-11 14:40:27,782 DEBUG wire.header - << "WWW-Authenticate: NTLM[\r][\n]" 2011-01-11 14:40:27,782 DEBUG wire.header - << "WWW-Authenticate: Digest qop="auth",algorithm=MD5-sess,nonce="+Upgraded+v1df768737f223ab92f2de931c95b1cb01a23417361f3196f75258730e42c66de8880242a9455ccac90972955276d42451",charset=utf-8,realm="Digest"[\r][\n]" [...] 2011-01-11 15:10:53,885 DEBUG httpclient.HttpMethodDirector - Authorization required 2011-01-11 15:10:53,893 DEBUG auth.AuthChallengeProcessor - Supported authentication schemes in the order of preference: [ntlm, digest, basic] 2011-01-11 15:10:53,893 INFO auth.AuthChallengeProcessor - ntlm authentication scheme selected 2011-01-11 15:10:53,893 DEBUG auth.AuthChallengeProcessor - Using authentication scheme: ntlm 2011-01-11 15:10:53,893 DEBUG auth.AuthChallengeProcessor - Authorization challenge processed 2011-01-11 15:10:53,893 DEBUG httpclient.HttpMethodDirector - Authentication scope: NTLM <any realm>@192.168.10.210:8090 2011-01-11 15:10:53,893 DEBUG httpclient.HttpMethodDirector - Credentials required 2011-01-11 15:10:53,893 DEBUG httpclient.HttpMethodDirector - Credentials provider not available 2011-01-11 15:10:53,893 INFO httpclient.HttpMethodDirector - No credentials available for NTLM <any realm>@192.168.10.210:8090 By the way the documentation should be fixed. In order to see the credentials set in the logs the log4j should be set to TRACE and not DEBUG. Why isn't the Digest scheme being tried at all? The credentials are set and the server negotiates it. I wrote a sample httpclient application that forces the usage of digest and it does authenticate. Any suggestion? Thanks Claudio -- Claudio Martella Digital Technologies Unit Research & Development - Analyst TIS innovation park Via Siemens 19 | Siemensstr. 19 39100 Bolzano | 39100 Bozen Tel. +39 0471 068 123 Fax +39 0471 068 129 [email protected] http://www.tis.bz.it
