Hi Malcolm, If you take a look at the default WinHttpClient[1], specifically the createBuilder() function, you'll see that null is always being provided as the principle name. I was hoping there would be a way to automatically inject HTTP/<hostname>. I planned to examine how this could be made possible :-)
Currently, in our own code code, we are creating an specific client with a specific auth scheme and specifically filling in the correct SPN for the request. Regards, kl [1] https://fisheye6.atlassian.com/browse/httpcomponents/httpclient/trunk/httpclient-win/src/main/java/org/apache/http/impl/client/WinHttpClients.java?r=1602401 On Thu, Aug 14, 2014 at 9:37 AM, Malcolm Smith <[email protected]> wrote: > Hi Ka-Lok, > > I¹m wondering what you expect the out of the box behaviour to be here? The > service principal needs to be specified by the client, so there is no > valid default. > > I submitted the original patch to enable the SPN to be specified, and > wrote the SO response you linked to. Are you just looking to provide a > simpler way of injecting the SPN into the WindowsNegotiateSchemeFactory? > Admittedly it is slightly clunky having to construct an anonymous class, > but I couldn¹t find a simpler way of injecting the SPN into the > WindowsNegotiateSchemeFactory. > > Regards, > > Malcolm. > > > On 13/08/2014 22:14, "K Fung" <[email protected]> wrote: > >>Hello, >> >>If we use WinHttpClients as, HTTP Negotiate authentication won't work >>because the ticket being generated always uses 'null' service >>principle name (SPN). Can this be filed as a bug? >> >>According to the informational RFC 4559 >>(http://www.rfc-editor.org/rfc/rfc4559.txt), the service principle >>name (SPN) should be in the following form: HTTP/hostname. >> >>Of course, we can work around it ourselves if we did something similar >>to http://stackoverflow.com/a/22865583 but it would be great if the >>sample code works out of the box :-) >> >>Regards, >>kl >> >>--------------------------------------------------------------------- >>To unsubscribe, e-mail: [email protected] >>For additional commands, e-mail: [email protected] >> > > Confidentiality - This email is confidential. > Not meant for you? - If you don't think this email is meant for you, please > let us know. Do not copy or forward the information it contains, and delete > this email from your system. > Views expressed - Any personal views or opinions expressed in this email are > the sender's, and do not necessarily reflect the views of Standard Life group. > Monitoring - We filter and monitor emails to protect our systems and to keep > them running smoothly. > Emailing us - Email isn't a secure form of communication. If you want to send > us confidential information please send it by post. However, if you do > communicate with us by email on any subject, you are giving us permission to > email you back. > Phoning us - Calls may be monitored and/or recorded to protect both you and > us and help with our training. Call charges will vary. > Standard Life group - Standard Life group comprises Standard Life plc and its > subsidiaries. For more information on Standard Life group visit our website > http://www.standardlife.com/. > Standard Life plc (SC286832), Standard Life Assurance Limited (SC286833) and > Standard Life Employee Services Limited (SC271355) are all registered in > Scotland at Standard Life House, 30 Lothian Road, Edinburgh EH1 2DH. Standard > Life Assurance Limited is authorised by the Prudential Regulation Authority > and regulated by the Financial Conduct Authority and the Prudential > Regulation Authority. > For more information on Standard Life Assurance limited visit our website > http://www.standardlife.co.uk > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
