Re: JAVA Client on Windows 7 talking to ISS 6 with no HTTPs but Integrated Windows Authentication turned ON

Milind Kadam Tue, 15 Nov 2011 06:47:43 -0800

Thanks again. I tried NTCredentials too and still failed to connect.

                        // Set credentials on the client
                        Credentials credentials = new NTCredentials( user,
password, host, domain );


httpclient.getCredentialsProvider().setCredentials(new AuthScope(authhost),
credentials);

Below is the wired log. In FireFox where the URL works fine  (and IE too);
the FireBug output shows:

*Response Headers:*

*Date:*  Tue, 15 Nov 2011 14:28:45 GMT
*Server:*  Microsoft-IIS/6.0
*Cache-Control:*  no-cache
*Content-Type:*  text/xml;charset=UTF-8
*Content-Length:*  7

*Request Headers:*
**
*Host:*   wkqasv0304
*User-Agent:*  Mozilla/5.0 (Windows NT 6.1; WOW64; rv:6.0.2) Gecko/20100101
Firefox/6.0.2
*Accept:*  text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
*Accept-Language:*  en-us,en;q=0.5
*Accept-Encoding:*  gzip, deflate
*Accept-Charset:*  ISO-8859-1,utf-8;q=0.7,*;q=0.7
*Connection:*  keep-alive
*Cookie:*  cw_loginOption=advanced; cw_socket=6050; cw_user=sysadmin;
cw_database=cetest; cw_portalNode=10.102.2.19
*Authorization:*  NTLM
TlRMTVNTUAADAAAAGAAYAIYAAAA0ATQBngAAAAAAAABYAAAAGgAaAFgAAAAUABQAcgAAAAAAAADSAQAABYKIogYBsR0AAAAPEvzMLqhfab0DHVZD20uvomEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAVwBLAEUATgBNAEsAQQBEAEEATQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC5uB7m9kF8rrdJn0LvXH9YAQEAAAAAAADhePDhoqPMARwKhNVfQviNAAAAAAIADABHAEwATwBCAEEATAABABQAVwBLAFEAQQBTAFYAMAAzADAANAAEAB4AZwBsAG8AYgBhAGwALgBzAGQAbAAuAGMAbwByAHAAAwA0AHcAawBxAGEAcwB2ADAAMwAwADQALgBnAGwAbwBiAGEAbAAuAHMAZABsAC4AYwBvAHIAcAAFABAAcwBkAGwALgBjAG8AcgBwAAgAMAAwAAAAAAAAAAAAAAAAMAAAaxAzfB10hnRHun/6nwKTJL4uExMsefwOJVkaWV9VsRQKABAAAAAAAAAAAAAAAAAAAAAAAAkAHgBIAFQAVABQAC8AdwBrAHEAYQBzAHYAMAAzADAANAAAAAAAAAAAAA==


*The wire log:*

Trying:: 1
executing request GET
http://wkqasv0304/cw_common/servlet/PingCaSServlet?request=init HTTP/1.1
2011/11/15 09:32:52:037 EST [DEBUG] PoolingClientConnectionManager -
Connection request: [route: {}->http://wkqasv0304][total kept alive: 0;
route allocated: 0 of 2; total allocated: 0 of 20]
2011/11/15 09:32:52:037 EST [DEBUG] PoolingClientConnectionManager -
Connection leased: [id: 0][route: {}->http://wkqasv0304][total kept alive:
0; route allocated: 1 of 2; total allocated: 1 of 20]
2011/11/15 09:32:52:037 EST [DEBUG] DefaultClientConnectionOperator -
Connecting to wkqasv0304:80
2011/11/15 09:32:52:052 EST [DEBUG] RequestAddCookies - CookieSpec
selected: best-match
2011/11/15 09:32:52:052 EST [DEBUG] RequestAuthCache - Auth cache not set
in the context
2011/11/15 09:32:52:052 EST [DEBUG] RequestTargetAuthentication - Target
auth state: UNCHALLENGED
2011/11/15 09:32:52:052 EST [DEBUG] RequestProxyAuthentication - Proxy auth
state: UNCHALLENGED
2011/11/15 09:32:52:052 EST [DEBUG] DefaultHttpClient - Attempt 1 to
execute request
2011/11/15 09:32:52:052 EST [DEBUG] DefaultClientConnection - Sending
request: GET /cw_common/servlet/PingCaSServlet?request=init HTTP/1.1
2011/11/15 09:32:52:052 EST [DEBUG] headers - >> GET
/cw_common/servlet/PingCaSServlet?request=init HTTP/1.1
2011/11/15 09:32:52:052 EST [DEBUG] headers - >> Host: wkqasv0304
2011/11/15 09:32:52:052 EST [DEBUG] headers - >> Connection: Keep-Alive
2011/11/15 09:32:52:052 EST [DEBUG] headers - >> User-Agent:
Apache-HttpClient/4.2-alpha1 (java 1.5)
2011/11/15 09:32:52:068 EST [DEBUG] DefaultClientConnection - Receiving
response: HTTP/1.1 401 Unauthorized
2011/11/15 09:32:52:068 EST [DEBUG] headers - << HTTP/1.1 401 Unauthorized
2011/11/15 09:32:52:068 EST [DEBUG] headers - << Content-Length: 1656
2011/11/15 09:32:52:068 EST [DEBUG] headers - << Content-Type: text/html
2011/11/15 09:32:52:068 EST [DEBUG] headers - << Server: Microsoft-IIS/6.0
2011/11/15 09:32:52:068 EST [DEBUG] headers - << WWW-Authenticate: Negotiate
2011/11/15 09:32:52:068 EST [DEBUG] headers - << WWW-Authenticate: NTLM
2011/11/15 09:32:52:068 EST [DEBUG] headers - << Date: Tue, 15 Nov 2011
14:32:51 GMT
2011/11/15 09:32:52:068 EST [DEBUG] DefaultHttpClient - Connection can be
kept alive indefinitely
2011/11/15 09:32:52:068 EST [DEBUG] DefaultHttpClient - wkqasv0304:80
requested authentication
2011/11/15 09:32:52:068 EST [DEBUG] TargetAuthenticationStrategy -
Authentication schemes in the order of preference: [negotiate, NTLM,
Digest, Basic]
2011/11/15 09:32:52:068 EST [DEBUG] NegotiateScheme - Received challenge ''
from the auth server
2011/11/15 09:32:52:068 EST [DEBUG] TargetAuthenticationStrategy -
Challenge for Digest authentication scheme not available
2011/11/15 09:32:52:068 EST [DEBUG] TargetAuthenticationStrategy -
Challenge for Basic authentication scheme not available
----------------------------------------
HTTP/1.1 401 Unauthorized
2011/11/15 09:32:52:068 EST [DEBUG] PoolingClientConnectionManager -
Connection [id: 0][route: {}->http://wkqasv0304] can be kept alive
indefinitely
2011/11/15 09:32:52:068 EST [DEBUG] PoolingClientConnectionManager -
Connection released: [id: 0][route: {}->http://wkqasv0304][total kept
alive: 1; route allocated: 1 of 2; total allocated: 1 of 20]
----------------------------------------
Trying:: 2
executing request GET
http://wkqasv0304/cw_common/servlet/PingCaSServlet?request=init HTTP/1.1
2011/11/15 09:32:52:068 EST [DEBUG] PoolingClientConnectionManager -
Connection request: [route: {}->http://wkqasv0304][total kept alive: 1;
route allocated: 1 of 2; total allocated: 1 of 20]
2011/11/15 09:32:52:083 EST [DEBUG] PoolingClientConnectionManager -
Connection leased: [id: 0][route: {}->http://wkqasv0304][total kept alive:
0; route allocated: 1 of 2; total allocated: 1 of 20]
2011/11/15 09:32:52:083 EST [DEBUG] DefaultHttpClient - Stale connection
check
2011/11/15 09:32:52:099 EST [DEBUG] RequestAddCookies - CookieSpec
selected: best-match
2011/11/15 09:32:52:099 EST [DEBUG] RequestAuthCache - Auth cache not set
in the context
2011/11/15 09:32:52:099 EST [DEBUG] RequestTargetAuthentication - Target
auth state: UNCHALLENGED
2011/11/15 09:32:52:099 EST [DEBUG] RequestProxyAuthentication - Proxy auth
state: UNCHALLENGED
2011/11/15 09:32:52:099 EST [DEBUG] DefaultHttpClient - Attempt 1 to
execute request
2011/11/15 09:32:52:099 EST [DEBUG] DefaultClientConnection - Sending
request: GET /cw_common/servlet/PingCaSServlet?request=init HTTP/1.1
2011/11/15 09:32:52:099 EST [DEBUG] headers - >> GET
/cw_common/servlet/PingCaSServlet?request=init HTTP/1.1
2011/11/15 09:32:52:099 EST [DEBUG] headers - >> Host: wkqasv0304
2011/11/15 09:32:52:099 EST [DEBUG] headers - >> Connection: Keep-Alive
2011/11/15 09:32:52:099 EST [DEBUG] headers - >> User-Agent:
Apache-HttpClient/4.2-alpha1 (java 1.5)
2011/11/15 09:32:52:099 EST [DEBUG] DefaultClientConnection - Receiving
response: HTTP/1.1 401 Unauthorized
2011/11/15 09:32:52:099 EST [DEBUG] headers - << HTTP/1.1 401 Unauthorized
2011/11/15 09:32:52:099 EST [DEBUG] headers - << Content-Length: 1656
2011/11/15 09:32:52:099 EST [DEBUG] headers - << Content-Type: text/html
2011/11/15 09:32:52:099 EST [DEBUG] headers - << Server: Microsoft-IIS/6.0
2011/11/15 09:32:52:099 EST [DEBUG] headers - << WWW-Authenticate: Negotiate
2011/11/15 09:32:52:099 EST [DEBUG] headers - << WWW-Authenticate: NTLM
2011/11/15 09:32:52:099 EST [DEBUG] headers - << Date: Tue, 15 Nov 2011
14:32:51 GMT
2011/11/15 09:32:52:099 EST [DEBUG] DefaultHttpClient - Connection can be
kept alive indefinitely
2011/11/15 09:32:52:099 EST [DEBUG] DefaultHttpClient - wkqasv0304:80
requested authentication
2011/11/15 09:32:52:099 EST [DEBUG] TargetAuthenticationStrategy -
Authentication schemes in the order of preference: [negotiate, NTLM,
Digest, Basic]
2011/11/15 09:32:52:099 EST [DEBUG] NegotiateScheme - Received challenge ''
from the auth server
2011/11/15 09:32:52:099 EST [DEBUG] TargetAuthenticationStrategy -
Challenge for Digest authentication scheme not available
2011/11/15 09:32:52:099 EST [DEBUG] TargetAuthenticationStrategy -
Challenge for Basic authentication scheme not available
2011/11/15 09:32:52:099 EST [DEBUG] RequestAddCookies - CookieSpec
selected: best-match
2011/11/15 09:32:52:099 EST [DEBUG] RequestAuthCache - Auth cache not set
in the context
2011/11/15 09:32:52:099 EST [DEBUG] RequestTargetAuthentication - Target
auth state: CHALLENGED
2011/11/15 09:32:52:099 EST [DEBUG] RequestTargetAuthentication -
Generating response to an authentication challenge using Negotiate scheme
2011/11/15 09:32:52:099 EST [DEBUG] NegotiateScheme - init wkqasv0304
2011/11/15 09:32:52:130 EST [WARN] RequestTargetAuthentication - NEGOTIATE
authentication error: Invalid name provided (Mechanism level: Could not
load configuration file C:\Windows\krb5.ini (The system cannot find the
file specified))
2011/11/15 09:32:52:130 EST [DEBUG] RequestTargetAuthentication -
Generating response to an authentication challenge using ntlm scheme
2011/11/15 09:32:52:130 EST [DEBUG] RequestProxyAuthentication - Proxy auth
state: UNCHALLENGED
2011/11/15 09:32:52:130 EST [DEBUG] DefaultHttpClient - Attempt 2 to
execute request
2011/11/15 09:32:52:130 EST [DEBUG] DefaultClientConnection - Sending
request: GET /cw_common/servlet/PingCaSServlet?request=init HTTP/1.1
2011/11/15 09:32:52:130 EST [DEBUG] headers - >> GET
/cw_common/servlet/PingCaSServlet?request=init HTTP/1.1
2011/11/15 09:32:52:130 EST [DEBUG] headers - >> Host: wkqasv0304
2011/11/15 09:32:52:130 EST [DEBUG] headers - >> Connection: Keep-Alive
2011/11/15 09:32:52:130 EST [DEBUG] headers - >> User-Agent:
Apache-HttpClient/4.2-alpha1 (java 1.5)
2011/11/15 09:32:52:130 EST [DEBUG] headers - >> Authorization: NTLM
TlRMTVNTUAABAAAANQIIIAwADAA0AAAAFAAUACAAAABXAEsAUQBBAFMAVgAwADMAMAA0AEcATABPAEIAQQBMAA==
2011/11/15 09:32:52:130 EST [DEBUG] DefaultClientConnection - Receiving
response: HTTP/1.1 401 Unauthorized
2011/11/15 09:32:52:130 EST [DEBUG] headers - << HTTP/1.1 401 Unauthorized
2011/11/15 09:32:52:130 EST [DEBUG] headers - << Content-Length: 1539
2011/11/15 09:32:52:130 EST [DEBUG] headers - << Content-Type: text/html
2011/11/15 09:32:52:130 EST [DEBUG] headers - << Server: Microsoft-IIS/6.0
2011/11/15 09:32:52:130 EST [DEBUG] headers - << WWW-Authenticate: NTLM
TlRMTVNTUAACAAAADAAMADgAAAA1Aokioz2NReOdjjEAAAAAAAAAAJoAmgBEAAAABQLODgAAAA9HAEwATwBCAEEATAACAAwARwBMAE8AQgBBAEwAAQAUAFcASwBRAEEAUwBWADAAMwAwADQABAAeAGcAbABvAGIAYQBsAC4AcwBkAGwALgBjAG8AcgBwAAMANAB3AGsAcQBhAHMAdgAwADMAMAA0AC4AZwBsAG8AYgBhAGwALgBzAGQAbAAuAGMAbwByAHAABQAQAHMAZABsAC4AYwBvAHIAcAAAAAAA
2011/11/15 09:32:52:130 EST [DEBUG] headers - << Date: Tue, 15 Nov 2011
14:32:51 GMT
2011/11/15 09:32:52:130 EST [DEBUG] DefaultHttpClient - Connection can be
kept alive indefinitely
2011/11/15 09:32:52:130 EST [DEBUG] DefaultHttpClient - wkqasv0304:80
requested authentication
2011/11/15 09:32:52:130 EST [DEBUG] DefaultHttpClient - Authorization
challenge processed
2011/11/15 09:32:52:130 EST [DEBUG] RequestAddCookies - CookieSpec
selected: best-match
2011/11/15 09:32:52:130 EST [DEBUG] RequestAuthCache - Auth cache not set
in the context
2011/11/15 09:32:52:130 EST [DEBUG] RequestTargetAuthentication - Target
auth state: HANDSHAKE
2011/11/15 09:32:52:130 EST [DEBUG] RequestProxyAuthentication - Proxy auth
state: UNCHALLENGED
2011/11/15 09:32:52:130 EST [DEBUG] DefaultHttpClient - Attempt 3 to
execute request
2011/11/15 09:32:52:130 EST [DEBUG] DefaultClientConnection - Sending
request: GET /cw_common/servlet/PingCaSServlet?request=init HTTP/1.1
2011/11/15 09:32:52:130 EST [DEBUG] headers - >> GET
/cw_common/servlet/PingCaSServlet?request=init HTTP/1.1
2011/11/15 09:32:52:130 EST [DEBUG] headers - >> Host: wkqasv0304
2011/11/15 09:32:52:130 EST [DEBUG] headers - >> Connection: Keep-Alive
2011/11/15 09:32:52:130 EST [DEBUG] headers - >> User-Agent:
Apache-HttpClient/4.2-alpha1 (java 1.5)
2011/11/15 09:32:52:130 EST [DEBUG] headers - >> Authorization: NTLM
TlRMTVNTUAADAAAAGAAYAEAAAADGAMYAWAAAAAwADAAeAQAAGgAaACoBAAAUABQARAEAAAAAAABYAQAANQIIILSQ0oov0UPrrEPz9qPc3yv+kmCyOZd7DQvlcbZj8y0jhZwR7wjytMsBAQAAAAAAACAYynSjo8wB/pJgsjmXew0AAAAAAgAMAEcATABPAEIAQQBMAAEAFABXAEsAUQBBAFMAVgAwADMAMAA0AAQAHgBnAGwAbwBiAGEAbAAuAHMAZABsAC4AYwBvAHIAcAADADQAdwBrAHEAYQBzAHYAMAAzADAANAAuAGcAbABvAGIAYQBsAC4AcwBkAGwALgBjAG8AcgBwAAUAEABzAGQAbAAuAGMAbwByAHAAAAAAAEcATABPAEIAQQBMAGEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAVwBLAFEAQQBTAFYAMAAzADAANAA=
2011/11/15 09:32:52:255 EST [DEBUG] DefaultClientConnection - Receiving
response: HTTP/1.1 500 Internal Server Error
2011/11/15 09:32:52:255 EST [DEBUG] headers - << HTTP/1.1 500 Internal
Server Error
2011/11/15 09:32:52:255 EST [DEBUG] headers - << Content-Length: 112
2011/11/15 09:32:52:255 EST [DEBUG] headers - << Content-Type: text/html
2011/11/15 09:32:52:255 EST [DEBUG] headers - << Server: Microsoft-IIS/6.0
2011/11/15 09:32:52:255 EST [DEBUG] headers - << Date: Tue, 15 Nov 2011
14:32:51 GMT
2011/11/15 09:32:52:255 EST [DEBUG] headers - << Connection: close
----------------------------------------
HTTP/1.1 500 Internal Server Error
2011/11/15 09:32:52:255 EST [DEBUG] PoolingClientConnectionManager -
Connection [id: 0][route: {}->http://wkqasv0304][state:
GLOBAL/administrator] can be kept alive indefinitely
2011/11/15 09:32:52:255 EST [DEBUG] PoolingClientConnectionManager -
Connection released: [id: 0][route: {}->http://wkqasv0304][state:
GLOBAL/administrator][total kept alive: 1; route allocated: 1 of 2; total
allocated: 1 of 20]
2011/11/15 09:32:52:255 EST [DEBUG] PoolingClientConnectionManager -
Connection manager is shutting down
2011/11/15 09:32:52:255 EST [DEBUG] DefaultClientConnection - Connection
0.0.0.0:55123<->10.102.11.40:80 closed
2011/11/15 09:32:52:255 EST [DEBUG] DefaultClientConnection - Connection
0.0.0.0:55123<->10.102.11.40:80 closed
2011/11/15 09:32:52:255 EST [DEBUG] PoolingClientConnectionManager -
Connection manager shut down








On Tue, Nov 15, 2011 at 3:51 AM, Oleg Kalnichevski <[email protected]> wrote:

> On Mon, Nov 14, 2011 at 11:51:36AM -0500, Milind Kadam wrote:
> > Hi Oleg,
> >
> > I commented the line which use "AuthScheme" to print the Realm to console
> > and generated the output. Don't know whether this will help or not; but
> > with correct username/password; it fails to connect to IIS 6 web server
> > when "Integrated Windows authentication" is set.
> > Thanks,
> > Milind
> >
> >
>
> ...
>
> > 2011/11/14 11:43:16:322 EST [DEBUG] RequestTargetAuthentication -
> > Generating response to an authentication challenge using ntlm scheme
> > 2011/11/14 11:43:16:322 EST [WARN] RequestTargetAuthentication - NTLM
> > authentication error: Credentials cannot be used for NTLM authentication:
> > org.apache.http.auth.UsernamePasswordCredentials
>
> You are using UsernamePasswordCredentials that are not sufficient for NTLM
> authentication. You should be using NTCrednetials instead.
>
> Oleg
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [email protected]
> For additional commands, e-mail: [email protected]
>
>

Re: JAVA Client on Windows 7 talking to ISS 6 with no HTTPs but Integrated Windows Authentication turned ON

Reply via email to