I thought about that, yet in this situation neither the Type 1 nor the
Type 2 message includes the Negotiate_NTLM2_Key flag.
However, when firefox or IE talks to the same proxy, the type 1
message includes Negotiate_NTLM2_Key as does the type 2 message.
If the proxy were required to use NTLM2, wouldn't it return that flag
set in the type 2?
The type 1 message has the following flags set:
Negotiate_Domain_Supplied,Negotiate_Local_Call,Negotiate_NTLM,Negotiate_OEM,Request_Target
And the type 2 messge has the following flags set:
Negotiate_NTLM,Negotiate_OEM,Negotiate_Target_Info,Request_Target,Target_Type_Domain
I see in the log I sent where it says Credential Charset not provided.
using HTTP element charset.
I'm not sure if that charset is the same as "OEM" [Ascii]. I could see
how the server would reject the password hash if it is hashed with the
wrong charset.
I recognize that the httpclient 3.x NTLM support is sort of a boat
anchor and that the true solution will be with httpclient 4.x if and
when it supports NTLM
Thanks
JJ
On 3/7/08, Oleg Kalnichevski <[EMAIL PROTECTED]> wrote:
>
> On Wed, 2008-03-05 at 14:03 -0800, John Jamison wrote:
> > I was ohh so close - I am attempting to code a simple app that
> > performs NTLM proxy authentication against a proxy server that
> > supports NTLM and basic authentication.
> >
> > It took me some time to determine the correct value for the Domain
> > field in the NTCredentials instance, but decoding the NTLM message 2
> > structure gave it to me (its the NT domain name).
> >
> > Now though it seems I still always get 407 responses.
> >
> > Here's the code:
> >
> > System.setProperty("org.apache.commons.logging.Log",
> > "org.apache.commons.logging.impl.SimpleLog");
> > System.setProperty
> > ("org.apache.commons.logging.simplelog.showdatetime",
> > "true");
> > System.setProperty
> >
> > ("org.apache.commons.logging.simplelog.log.httpclient.wire.header",
> > "debug");
> > System.setProperty
> >
> > ("org.apache.commons.logging.simplelog.log.org.apache.commons.httpclient",
> > "debug");
> >
> > HttpClient httpclient = new HttpClient();
> >
> > // set the proxy host and port
> > httpclient.getHostConfiguration().setProxy("XXXPROXYHOSTXXX", 80);
> >
> > // tried this, triggers BASIC authentication automatically
> > // httpclient.getParams().setAuthenticationPreemptive(true);
> >
> > // not sure if the following applies to proxy authentication
> > List authPrefs = new ArrayList(1);
> > authPrefs.add(AuthPolicy.NTLM);
> > httpclient.getParams().setParameter
> > (AuthPolicy.AUTH_SCHEME_PRIORITY,
> > authPrefs);
> >
> > //
> > // set the proxy credentials
> > //
> > httpclient.getState().setProxyCredentials(
> > new AuthScope(AuthScope.ANY_HOST, 80, AuthScope.ANY_REALM),
> > new NTCredentials("XXXUSERNAMEXXX",
> > "XXXPASSSWORDXXX",
> > "","XXXDOMAINXXXcom")
> > );
> >
> > GetMethod get = new GetMethod("http://www.google.com/";);
> > get.setFollowRedirects(true);
> >
> > int status = httpclient.executeMethod(get);
> >
> > System.out.println(status);
> > ...
> >
> > Here's the scrubbed debug trace -
> >
> > Frankly I'm stumped as to why the credentials provided are not being
> > accepted.
> >
>
> John,
>
> Quite likely because the server has been configured to accept NTLMv2
> authentication only, whereas HttpClient supports NTLMv1 only
>
> Oleg
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
--
John Jamison
[EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
