Hi Oleg, Thanks for the quick response.
I saw that the NTLM scheme is deprecated (but I didn't know that it is also disabled by default) and as far as I understood it is going to be completely removed with version 6. Is this right? I totally get that it is better to stop using it, but since we have users of our application which still have to use it, we need to support it. How can I enable it again? Best Regards, Yavor -----Original Message----- From: Oleg Kalnichevski <ol...@apache.org> Sent: Friday, February 14, 2025 6:44 PM To: HttpClient User Discussion <httpclient-users@hc.apache.org> Subject: Re: NTLM Authentication falls back to Basic in versions < 5.3 On Fri, 2025-02-14 at 11:40 +0000, Stankov. Yavor wrote: > Hi, > > I have an HTTP Client which relies on the Apache HTTP Client. I have > configured it to use NTLM authentication. > > My HTTP Client is executing requests against a server which requires > non pre-emptive basic authentication. > > With the Apache HTTP Client versions before 5.3, this was working well > and somehow, never mind that NTLM was configured, after receiving the > initial 401 response from the server, the second one was containing > the appropriate authorization header with basic scheme. > > This is not the case after the update to 5.3. Is this expected? > > Best Regards, > Yavor Hi Yavor We as a project no longer support NTLM authentication scheme. As of HttpClient version 5.3 it has been deprecated and disabled by default. One can still re-enable it if required. However it should likely be better long term to migrate to TLS/Basic or TLS/Bearer instead. Oleg --------------------------------------------------------------------- To unsubscribe, e-mail: httpclient-users-unsubscr...@hc.apache.org For additional commands, e-mail: httpclient-users-h...@hc.apache.org
