I am "forcing" the httpclient to do ntlm authentication by using:
PoolingHttpClientConnectionManager connPool connPool = new PoolingHttpClientConnectionManager();
Lookup<AuthSchemeProvider> authProviders = RegistryBuilder.<AuthSchemeProvider>create()
.register(AuthSchemes.NTLM, new NTLMSchemeFactory())
.build();
CloseableHttpClient httpClient = HttpClients.custom().setConnectionManager(connPool).setDefaultAuthSchemeRegistry(authProviders).build();
But, when authenticating to the server, I get an annoying log message "Authentication scheme Negotiate not supported".
How can I get rid of this message?
(This will be running on a linux box, so HttpClient 4.4 JNA support for native authentication won't help.)
Negotiate authentication automatically selects between the Kerberos protocol and NTLM authentication, depending on availability. The Kerberos protocol is used if it is available; otherwise, NTLM is tried. Kerberos authentication significantly improves upon NTLM.
What Is NTLM Used For? Windows New Technology LAN Manager (NTLM) is a suite of security protocols offered by Microsoft to authenticate users' identity and protect the integrity and confidentiality of their activity.
I think it is all very simple. Effectively the client is only willing to do NTLM
while the server is only willing to do Negotiate
, thus failing to agree on a common authentication scheme.
This is how one can adjust auth scheme preference to force HttpClient to choose NTLM over SPNEGO / Kerberos
RequestConfig config = RequestConfig.custom()
.setTargetPreferredAuthSchemes(Arrays.asList(AuthSchemes.NTLM, AuthSchemes.KERBEROS, AuthSchemes.SPNEGO))
.build();
CloseableHttpClient client = HttpClients.custom()
.setDefaultRequestConfig(config)
.build();
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With