Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

HttpClient gives Negotiate error with NTLM auth provider

I am "forcing" the httpclient to do ntlm authentication by using:

    PoolingHttpClientConnectionManager connPool  connPool = new PoolingHttpClientConnectionManager();

    Lookup<AuthSchemeProvider> authProviders = RegistryBuilder.<AuthSchemeProvider>create()
            .register(AuthSchemes.NTLM, new NTLMSchemeFactory())                
            .build();

    CloseableHttpClient httpClient = HttpClients.custom().setConnectionManager(connPool).setDefaultAuthSchemeRegistry(authProviders).build();

But, when authenticating to the server, I get an annoying log message "Authentication scheme Negotiate not supported".

How can I get rid of this message?

(This will be running on a linux box, so HttpClient 4.4 JNA support for native authentication won't help.)

like image 699
Bob Thule Avatar asked Feb 23 '15 18:02

Bob Thule


People also ask

What is negotiate NTLM?

Negotiate authentication automatically selects between the Kerberos protocol and NTLM authentication, depending on availability. The Kerberos protocol is used if it is available; otherwise, NTLM is tried. Kerberos authentication significantly improves upon NTLM.

What does Ntlm?

What Is NTLM Used For? Windows New Technology LAN Manager (NTLM) is a suite of security protocols offered by Microsoft to authenticate users' identity and protect the integrity and confidentiality of their activity.


1 Answers

I think it is all very simple. Effectively the client is only willing to do NTLM while the server is only willing to do Negotiate, thus failing to agree on a common authentication scheme.

This is how one can adjust auth scheme preference to force HttpClient to choose NTLM over SPNEGO / Kerberos

RequestConfig config = RequestConfig.custom()
        .setTargetPreferredAuthSchemes(Arrays.asList(AuthSchemes.NTLM, AuthSchemes.KERBEROS, AuthSchemes.SPNEGO))
        .build();
CloseableHttpClient client = HttpClients.custom()
        .setDefaultRequestConfig(config)
        .build();
like image 192
ok2c Avatar answered Oct 23 '22 11:10

ok2c