DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG� RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://issues.apache.org/bugzilla/show_bug.cgi?id=34909>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND� INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=34909 Summary: Digest authentication problem with domain\user username format Product: HttpClient Version: 3.0 RC2 Platform: PC OS/Version: Windows XP Status: NEW Severity: normal Priority: P2 Component: Commons HttpClient AssignedTo: [email protected] ReportedBy: [EMAIL PROTECTED] It seems like digest authentication, when used with a username of the format: domain\username fails in httpclient-3.0-rc2. I did confirm that digest authentication does work by connecting to a local Apache HTTP 2.0 server, using just a username and password (no domain\username). However, it does not support the MD5-sess algorithm, and the server I am getting the failure from is using MD5-sess. It may turn out the username is not causing the problem, but one thing is consistent--I can connect to the site in the logs below using httpclient-2.0.2. It fails when I use identical Java code, with the addition of AuthScope, when using httpclient-3.0-rc2. I will also attach Java code that reproduces the problem. The following are wire and debug logs from httpclient-2.0.2 and httpclient-3.0-rc2 respectively. The first one connects and gets an 'HTTP 200' response. The second one, using 3.0-rc2 fails with an 'HTTP 401'. LOGS =============================================================== commons-httpclient-2.0.2 (works): 2005/05/13 11:05:15:185 EDT [DEBUG] HttpClient - Java version: 1.3.1 2005/05/13 11:05:15:185 EDT [DEBUG] HttpClient - Java vendor: IBM Corporation 2005/05/13 11:05:15:185 EDT [DEBUG] HttpClient - Java class path: 2005/05/13 11:05:15:205 EDT [DEBUG] HttpClient - Operating system name: Windows XP 2005/05/13 11:05:15:205 EDT [DEBUG] HttpClient - Operating system architecture: x86 2005/05/13 11:05:15:205 EDT [DEBUG] HttpClient - Operating system version: 5.1 2005/05/13 11:05:15:205 EDT [DEBUG] HttpClient - SUN 1.2: SUN (DSA key/parameter generation; DSA signing; SHA-1, MD5 digests; SecureRandom; X.509 certificates; JKS keystore) 2005/05/13 11:05:15:205 EDT [DEBUG] HttpClient - SunJCE 1.22: SunJCE Provider (implements DES, Triple DES, Blowfish, PBE, Diffie-Hellman, HMAC-MD5, HMAC-SHA1) 2005/05/13 11:05:15:205 EDT [DEBUG] HttpClient - SunJSSE 1.0303: Sun JSSE provider(implements RSA Signatures, PKCS12, SunX509 key/trust factories, SSLv3, TLSv1) 2005/05/13 11:05:20:893 EDT [DEBUG] HttpConnection - HttpConnection.setSoTimeout(0) 2005/05/13 11:05:20:893 EDT [DEBUG] HttpMethodBase - Execute loop try 1 2005/05/13 11:05:20:913 EDT [DEBUG] header - >> "GET /CustomerData-30/CustomerDataService.asmx HTTP/1.1[\r][\n]" 2005/05/13 11:05:20:913 EDT [DEBUG] HttpMethodBase - Adding Host request header 2005/05/13 11:05:20:913 EDT [DEBUG] header - >> "User-Agent: Jakarta Commons-HttpClient/2.0.2[\r][\n]" 2005/05/13 11:05:20:913 EDT [DEBUG] header - >> "Host: mappoint-css.partners.extranet.microsoft.com[\r][\n]" 2005/05/13 11:05:21:173 EDT [DEBUG] header - >> "[\r][\n]" 2005/05/13 11:05:21:273 EDT [DEBUG] header - << "HTTP/1.1 401 Unauthorized[\r][\n]" 2005/05/13 11:05:21:273 EDT [DEBUG] header - << "Content-Length: 1656[\r][\n]" 2005/05/13 11:05:21:283 EDT [DEBUG] header - << "Content-Type: text/html[\r][\n]" 2005/05/13 11:05:21:283 EDT [DEBUG] header - << "Server: Microsoft-IIS/6.0[\r][\n]" 2005/05/13 11:05:21:283 EDT [DEBUG] header - << "WWW-Authenticate: Digest qop="auth",algorithm=MD5-sess,nonce="b2a83a38cd57c501af3ad2c91f189512060524424ffc2b818c9920db15cd247a9d47cf5a789d63c6",opaque="1704373a505e74c4ec692978e5c1a539",charset=utf-8,realm="Digest"[\r][\n]" 2005/05/13 11:05:21:283 EDT [DEBUG] header - << "X-Powered-By: ASP.NET[\r][\n]" 2005/05/13 11:05:21:283 EDT [DEBUG] header - << "Date: Fri, 13 May 2005 15:05:37 GMT[\r][\n]" 2005/05/13 11:05:21:283 EDT [DEBUG] HttpMethodBase - Authorization required 2005/05/13 11:05:21:283 EDT [DEBUG] HttpAuthenticator - Authenticating with the 'Digest' authentication realm at mappoint-css.partners.extranet.microsoft.com 2005/05/13 11:05:21:283 EDT [DEBUG] DigestScheme - Using qop method auth 2005/05/13 11:05:21:283 EDT [DEBUG] HttpMethodBase - HttpMethodBase.execute(): Server demanded authentication credentials, will try again. 2005/05/13 11:05:21:293 EDT [DEBUG] HttpMethodBase - Resorting to protocol version default close connection policy 2005/05/13 11:05:21:293 EDT [DEBUG] HttpMethodBase - Should NOT close connection, using HTTP/1.1. 2005/05/13 11:05:21:293 EDT [DEBUG] HttpMethodBase - Execute loop try 2 2005/05/13 11:05:21:293 EDT [DEBUG] header - >> "GET /CustomerData-30/CustomerDataService.asmx HTTP/1.1[\r][\n]" 2005/05/13 11:05:21:293 EDT [DEBUG] HttpMethodBase - Request to add Host header ignored: header already added 2005/05/13 11:05:21:293 EDT [DEBUG] header - >> "User-Agent: Jakarta Commons-HttpClient/2.0.2[\r][\n]" 2005/05/13 11:05:21:293 EDT [DEBUG] header - >> "Host: mappoint-css.partners.extranet.microsoft.com[\r][\n]" 2005/05/13 11:05:21:293 EDT [DEBUG] header - >> "Authorization: Digest username="domain\user", realm="Digest", nonce="b2a83a38cd57c501af3ad2c91f189512060524424ffc2b818c9920db15cd247a9d47cf5a789d63c6", uri="/CustomerData-30/CustomerDataService.asmx", qop="auth", algorithm="MD5-sess", nc=00000001, cnonce="393a8abf65cd20f85ffdf46a9273b28b", response="854bf54261112caf2e86652276cb2ce6", opaque="1704373a505e74c4ec692978e5c1a539"[\r][\n]" 2005/05/13 11:05:21:293 EDT [DEBUG] header - >> "[\r][\n]" 2005/05/13 11:05:21:994 EDT [DEBUG] header - << "HTTP/1.1 200 OK[\r][\n]"HTTP result: 200 =========================================================== commons-httpclient-3.0-rc2 (does not work): 2005/05/13 11:16:54:881 EDT [DEBUG] DefaultHttpParams - -Set parameter http.useragent = Jakarta Commons-HttpClient/3.0-rc2 2005/05/13 11:16:54:881 EDT [DEBUG] DefaultHttpParams - -Set parameter http.protocol.version = HTTP/1.1 2005/05/13 11:16:54:881 EDT [DEBUG] DefaultHttpParams - -Set parameter http.connection-manager.class = class org.apache.commons.httpclient.SimpleHttpConnectionManager 2005/05/13 11:16:54:891 EDT [DEBUG] DefaultHttpParams - -Set parameter http.protocol.cookie-policy = rfc2109 2005/05/13 11:16:54:891 EDT [DEBUG] DefaultHttpParams - -Set parameter http.protocol.element-charset = US-ASCII 2005/05/13 11:16:54:891 EDT [DEBUG] DefaultHttpParams - -Set parameter http.protocol.content-charset = ISO-8859-1 2005/05/13 11:16:54:891 EDT [DEBUG] DefaultHttpParams - -Set parameter http.method.retry-handler = [EMAIL PROTECTED] 2005/05/13 11:16:54:891 EDT [DEBUG] DefaultHttpParams - -Set parameter http.dateparser.patterns = [EEE, dd MMM yyyy HH:mm:ss zzz, EEEE, dd-MMM-yy HH:mm:ss zzz, EEE MMM d HH:mm:ss yyyy, EEE, dd-MMM-yyyy HH:mm:ss z, EEE, dd-MMM-yyyy HH-mm-ss z, EEE, dd MMM yy HH:mm:ss z, EEE dd-MMM-yyyy HH:mm:ss z, EEE dd MMM yyyy HH:mm:ss z, EEE dd-MMM-yyyy HH-mm-ss z, EEE dd-MMM-yy HH:mm:ss z, EEE dd MMM yy HH:mm:ss z, EEE,dd-MMM-yy HH:mm:ss z, EEE,dd-MMM-yyyy HH:mm:ss z, EEE, dd-MM-yyyy HH:mm:ss z] 2005/05/13 11:16:54:911 EDT [DEBUG] HttpClient - -Java version: 1.3.1 2005/05/13 11:16:54:911 EDT [DEBUG] HttpClient - -Java vendor: IBM Corporation 2005/05/13 11:16:54:911 EDT [DEBUG] HttpClient - -Java class path: 2005/05/13 11:16:54:941 EDT [DEBUG] HttpClient - -Operating system name: Windows XP 2005/05/13 11:16:54:941 EDT [DEBUG] HttpClient - -Operating system architecture: x86 2005/05/13 11:16:54:941 EDT [DEBUG] HttpClient - -Operating system version: 5.1 2005/05/13 11:16:54:941 EDT [DEBUG] HttpClient - -SUN 1.2: SUN (DSA key/parameter generation; DSA signing; SHA-1, MD5 digests; SecureRandom; X.509 certificates; JKS keystore) 2005/05/13 11:16:54:951 EDT [DEBUG] HttpClient - -SunJCE 1.22: SunJCE Provider (implements DES, Triple DES, Blowfish, PBE, Diffie-Hellman, HMAC-MD5, HMAC-SHA1) 2005/05/13 11:16:54:951 EDT [DEBUG] HttpClient - -SunJSSE 1.0303: Sun JSSE provider(implements RSA Signatures, PKCS12, SunX509 key/trust factories, SSLv3, TLSv1) 2005/05/13 11:16:54:961 EDT [DEBUG] HttpConnection - -Open connection to mappoint-css.partners.extranet.microsoft.com:443 2005/05/13 11:17:00:629 EDT [DEBUG] header - ->> "GET /CustomerData-30/CustomerDataService.asmx HTTP/1.1[\r][\n]" 2005/05/13 11:17:00:629 EDT [DEBUG] HttpMethodBase - -Adding Host request header 2005/05/13 11:17:00:639 EDT [DEBUG] header - ->> "User-Agent: Jakarta Commons-HttpClient/3.0-rc2[\r][\n]" 2005/05/13 11:17:00:639 EDT [DEBUG] header - ->> "Host: mappoint-css.partners.extranet.microsoft.com[\r][\n]" 2005/05/13 11:17:00:639 EDT [DEBUG] header - ->> "[\r][\n]" 2005/05/13 11:17:00:989 EDT [DEBUG] header - -<< "HTTP/1.1 401 Unauthorized[\r][\n]" 2005/05/13 11:17:00:999 EDT [DEBUG] header - -<< "Content-Length: 1656[\r][\n]" 2005/05/13 11:17:00:999 EDT [DEBUG] header - -<< "Content-Type: text/html[\r][\n]" 2005/05/13 11:17:00:999 EDT [DEBUG] header - -<< "Server: Microsoft-IIS/6.0[\r][\n]" 2005/05/13 11:17:00:999 EDT [DEBUG] header - -<< "WWW-Authenticate: Digest qop="auth",algorithm=MD5-sess,nonce="c66759cace57c5016cf5645c6dee5b649ed29067f652939d6aaf7239310bb333eeb0153783ae445f",opaque="e7e259c137b65766c971d6cfc4115789",charset=utf-8,realm="Digest"[\r][\n]" 2005/05/13 11:17:00:999 EDT [DEBUG] header - -<< "X-Powered-By: ASP.NET[\r][\n]" 2005/05/13 11:17:00:999 EDT [DEBUG] header - -<< "Date: Fri, 13 May 2005 15:16:51 GMT[\r][\n]" 2005/05/13 11:17:00:999 EDT [DEBUG] HttpMethodDirector - -Authorization required 2005/05/13 11:17:01:009 EDT [DEBUG] AuthChallengeProcessor - -Supported authentication schemes in the order of preference: [ntlm, digest, basic] 2005/05/13 11:17:01:009 EDT [DEBUG] AuthChallengeProcessor - -Challenge for ntlm authentication scheme not available 2005/05/13 11:17:01:009 EDT [INFO] AuthChallengeProcessor - -digest authentication scheme selected 2005/05/13 11:17:01:009 EDT [DEBUG] AuthChallengeProcessor - -Using authentication scheme: digest 2005/05/13 11:17:01:009 EDT [DEBUG] AuthChallengeProcessor - -Authorization challenge processed 2005/05/13 11:17:01:009 EDT [DEBUG] HttpMethodDirector - -Authentication scope: DIGEST 'Digest'@mappoint-css.partners.extranet.microsoft.com:443 2005/05/13 11:17:01:009 EDT [DEBUG] HttpMethodDirector - -Retry authentication 2005/05/13 11:17:01:019 EDT [DEBUG] HttpMethodBase - -Resorting to protocol version default close connection policy 2005/05/13 11:17:01:019 EDT [DEBUG] HttpMethodBase - -Should NOT close connection, using HTTP/1.1 2005/05/13 11:17:01:019 EDT [DEBUG] HttpConnection - -Connection is locked. Call to releaseConnection() ignored. 2005/05/13 11:17:01:019 EDT [DEBUG] HttpMethodDirector - -Authenticating with DIGEST 'Digest'@mappoint-css.partners.extranet.microsoft.com:443 2005/05/13 11:17:01:019 EDT [DEBUG] HttpMethodParams - -Credential charset not configured, using HTTP element charset 2005/05/13 11:17:01:019 EDT [DEBUG] DigestScheme - -Using qop method auth 2005/05/13 11:17:01:019 EDT [DEBUG] HttpConnection - -Connection is stale, closing... 2005/05/13 11:17:01:019 EDT [DEBUG] HttpConnection - -Open connection to mappoint-css.partners.extranet.microsoft.com:443 2005/05/13 11:17:01:110 EDT [DEBUG] header - ->> "GET /CustomerData-30/CustomerDataService.asmx HTTP/1.1[\r][\n]" 2005/05/13 11:17:01:110 EDT [DEBUG] HttpMethodBase - -Adding Host request header 2005/05/13 11:17:01:110 EDT [DEBUG] header - ->> "User-Agent: Jakarta Commons-HttpClient/3.0-rc2[\r][\n]" 2005/05/13 11:17:01:110 EDT [DEBUG] header - ->> "Authorization: Digest username="domain\user", realm="Digest", nonce="c66759cace57c5016cf5645c6dee5b649ed29067f652939d6aaf7239310bb333eeb0153783ae445f", uri="/CustomerData-30/CustomerDataService.asmx", response="9cab4fcdb2d09f57523aec80d7b51e95", qop="auth", nc=00000001, cnonce="b27507ee79c880b2bb565d363598ce07", algorithm="MD5-sess", opaque="e7e259c137b65766c971d6cfc4115789"[\r][\n]" 2005/05/13 11:17:01:120 EDT [DEBUG] header - ->> "Host: mappoint-css.partners.extranet.microsoft.com[\r][\n]" 2005/05/13 11:17:01:120 EDT [DEBUG] header - ->> "[\r][\n]" 2005/05/13 11:17:01:540 EDT [DEBUG] header - -<< "HTTP/1.1 401 Unauthorized[\r][\n]" 2005/05/13 11:17:01:540 EDT [DEBUG] header - -<< "Content-Length: 1539[\r][\n]" 2005/05/13 11:17:01:540 EDT [DEBUG] header - -<< "Content-Type: text/html[\r][\n]" 2005/05/13 11:17:01:550 EDT [DEBUG] header - -<< "Server: Microsoft-IIS/6.0[\r][\n]" 2005/05/13 11:17:01:550 EDT [DEBUG] header - -<< "WWW-Authenticate: Digest qop="auth",algorithm=MD5-sess,nonce="3296b0dace57c5012fe314f8c6f8cafd10abc7a61c09484b2be5c7ef19ecb3c080da1f82c3f5a532",opaque="87578a7f0871280654aed868cb9497fb",charset=utf-8,realm="Digest"[\r][\n]" 2005/05/13 11:17:01:550 EDT [DEBUG] header - -<< "X-Powered-By: ASP.NET[\r][\n]" 2005/05/13 11:17:01:550 EDT [DEBUG] header - -<< "Date: Fri, 13 May 2005 15:17:19 GMT[\r][\n]" 2005/05/13 11:17:01:550 EDT [DEBUG] HttpMethodDirector - -Authorization required 2005/05/13 11:17:01:550 EDT [DEBUG] AuthChallengeProcessor - -Using authentication scheme: digest 2005/05/13 11:17:01:550 EDT [DEBUG] AuthChallengeProcessor - -Authorization challenge processed 2005/05/13 11:17:01:550 EDT [DEBUG] HttpMethodDirector - -Authentication scope: DIGEST 'Digest'@mappoint-css.partners.extranet.microsoft.com:443 2005/05/13 11:17:01:550 EDT [DEBUG] HttpMethodDirector - -Credentials required HTTP result: 401 2005/05/13 11:17:01:550 EDT [DEBUG] HttpMethodDirector - -Credentials provider not available 2005/05/13 11:17:01:580 EDT [INFO] HttpMethodDirector - -Failure authenticating with DIGEST 'Digest'@mappoint-css.partners.extranet.microsoft.com:443 2005/05/13 11:17:01:580 EDT [DEBUG] HttpMethodBase - -Buffering response body 2005/05/13 11:17:01:580 EDT [DEBUG] HttpMethodBase - -Resorting to protocol version default close connection policy 2005/05/13 11:17:01:580 EDT [DEBUG] HttpMethodBase - -Should NOT close connection, using HTTP/1.1 2005/05/13 11:17:01:580 EDT [DEBUG] HttpConnection - -Releasing connection back to connection manager. -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
