NTLM authentication is not working. Possibly missing set TargetPreffredAuthSchemes

[abhigogna]

When I try to use NTLM-Auth, I get the following error message:
"WARNING: NEGOTIATE authentication error: Invalid name provided (Mechanism level: KrbException: Cannot locate default realm)"

I think it could be because:

1. Kerberos switching to NTLM. Since the Authscope takes 3 args of nil -1 nil here, which probably does not let the realm switch/fallback happen from kerbros to NTLM. Per Apache documentation, we need another nil doc

2. We may have to pass in a set of target preferred auth schemes to the request.
   RequestConfig config = RequestConfig.custom().setTargetPreferredAuthSchemes(Arrays.asList(AuthSchemes.NTLM)).build();

Unfortunately, I am still learning clojure and do not know how to make these changes but if someone can provide a fix, I will be willing to test it out.

[dakrone]

Thanks for digging into the issue @abhigogna, do you happen to know how I can test a change locally with NTLM auth?

[abhigogna]

To test this locally is painful, unless you have an active directory setup on a windows box. Here is the setup I know of:

1. Setup Microsoft Active Directory. This part is little tedious.
2. Create a small asp.net project that authenticates with AD. This part is simple you just need to select <authentication mode="Windows"> in web.config file.

If you don't have one available, there is Microsoft Azure cloud service that is free with $200 worth of cloud credit. We can create one over there.

[abhigogna]

@dakrone -If you can push your changes to a branch, I can verify it at work.

[dakrone]

@abhigogna that would be great, I'll let you know when I (or someone else) gets a chance to push a change for this!

[abhigogna]

Dakrone,

Here is the working java code using Apache Client 4.5 lib. This code does not use any deprecated methods/classes. Hope it is useful in modelling clojure wrapper.

    public static HttpClient getClient(){

        PoolingHttpClientConnectionManager connPool =
                new PoolingHttpClientConnectionManager();

        connPool.setMaxTotal(50);
        connPool.setDefaultMaxPerRoute(5);

        // Authentication
        CredentialsProvider credsProvider = new BasicCredentialsProvider();
        credsProvider.setCredentials(AuthScope.ANY,
                new NTCredentials("user", "password", "localhost", "corp"));

        CloseableHttpClient httpClient = HttpClients.custom()
                .setConnectionManager(connPool)
                .setDefaultCredentialsProvider(credsProvider)
                .build();

        return httpClient;
    }

[MageMasher]

Hi there @dakrone , I know this is about a year old but I was wondering if there was any movement or resolution to this issue? I saw there is a pr #198 out there from @ckarlsen84 which implements the NTLM Auth but it has merge conflicts now. Is there anything I can do to help move this change into master? If I fixed the merge conflicts would you accept them?

[MageMasher]

Oh, actually I just saw pr #255 which appears to resolve this. All the google links point to this pr so I just want to leave this note here for anyone who comes along after me. Thanks for having such a great library!

[dakrone]

@MageMasher thanks for checking that this resolves this. I'm going to close this for now and we can reopen if it isn't resolved by #255

[MageMasher]

No problem, I’ll let you know.

…

On Sep 19, 2017, at 10:56 AM, Lee Hinman ***@***.***> wrote: @MageMasher <https://github.com/magemasher> thanks for checking that this resolves this. I'm going to close this for now and we can reopen if it isn't resolved by #255 <#255> — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub <#329 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/ABwXjv3flrg2LTpV03BAnoaDceZQ09_-ks5sj-NwgaJpZM4JkCgE>.

[MageMasher]

@dakrone Can confirm, using

(client/get url {:ntlm-auth ["<my-user>" "<my-pass>" "<my-host>" "<my-domain>"]})

successfully authenticates. Thanks for an awesome library!