Am 2022-12-07 um 21:34 schrieb Luis Gabriel Gomez:
HiI'm trying to establish a connection via a Kerberos authenticated proxy; I have a working code based on the 4.x client which works with minimal setup using a noop Credential (use_jaas_creds), this way the client authenticates via its ExtendedGSSManager and JAAS: CredentialsProvider credsProvider = new BasicCredentialsProvider(); credsProvider.setCredentials(new AuthScope(null, -1, null), use_jaas_creds); Registry<AuthSchemeProvider> authSchemeRegistry = RegistryBuilder .<AuthSchemeProvider>create() .register(AuthSchemes.SPNEGO, new SPNegoSchemeFactory(true)) .build(); I'm trying to perform the same in 5.x but facing some issues final Credentials use_jaas_creds = new UseJaasCredentials(); credentialsProvider.setCredentials(new AuthScope(null, null, -1, null, null), use_jaas_creds); final Registry<AuthSchemeFactory> authSchemeRegistry = RegistryBuilder.<AuthSchemeFactory>create() .register(StandardAuthScheme.SPNEGO, kerberosSchemeFactory) .build(); Setup is roughly the same, with the addition of the kerberosSchemeFactory buildup which is omitted for brevity. Request goes to target host but doesn't go through the proxy, so which else may I have missed? I'm suspicious of the AuthScope needing the full proxy information now but I'm unsure. On another note, with the 5.3 deprecation of SPNEGO support, is there still gonna be a way to plug in support for these authenticators on clients that still need it once it's finally remove?
Luis, please read my message a couple of days ago regarding this topic. Doing the proper JGSS code yourself requires ~ 20 LoC. There is no magic. M --------------------------------------------------------------------- To unsubscribe, e-mail: httpclient-users-unsubscr...@hc.apache.org For additional commands, e-mail: httpclient-users-h...@hc.apache.org
