Axis2
  1. Axis2
  2. AXIS2-4595

No Credentials provider found when authenticating with NTLM

    Details

    • Type: Bug Bug
    • Status: Open
    • Priority: Major Major
    • Resolution: Unresolved
    • Affects Version/s: 1.5.1
    • Fix Version/s: None
    • Component/s: transports
    • Labels:
      None
    • Environment:
      windows, NTLM authentication against Exchange WS 2007

      Description

      I'm meeting a problem I really can't resolve and after reading many lines of code in axis2, here where I am :

      • I'm trying to call a ms exchange 2007 WS
      • I setup I think my authentication code using this kind of code :

      final Options options = this.serviceExchange._getServiceClient().getOptions();
      final Authenticator authenticator = new Authenticator();

      // Cf. http://ws.apache.org/axis2/1_5_1/http-transport.html#preemptive_auth
      final List<String> authScheme = new ArrayList<String>();
      authScheme.add(Authenticator.NTLM);
      authScheme.add(Authenticator.BASIC);

      authenticator.setAuthSchemes(authScheme);
      authenticator.setUsername(this.username);
      authenticator.setPassword(this.password);
      authenticator.setHost(this.host);
      authenticator.setDomain(this.domain);
      authenticator.setPort(this.port);

      options.setTimeOutInMilliSeconds(this.timeout);
      options.setProperty(HTTPConstants.CHUNKED, "false");
      options.setProperty(HTTPConstants.REUSE_HTTP_CLIENT, "true");
      options.setProperty(HTTPConstants.AUTHENTICATE, authenticator);

      this.serviceExchange._getServiceClient().setOptions(options);

      I then get the following execution logs where you can see that there is no credential providers found.
      So I searched the net, and found this http://markmail.org/search/list:org%2Eapache%2Ews%2Eaxis-dev+CredentialsProvider where you can see that the credential providers was first added and the deleted in org/apache/axis2/transport/http/AbstractHTTPSender.java

      Execution log:
      HttpMethodDirector.java:843) - Authorization required
      2009-12-21 12:01:11,447 DEBUG org.apache.commons.httpclient.HttpMethodDirector ( HttpMethodDirector.java:662) - enter HttpMethodBase.processAuthenticationResponse(HttpState, HttpConnection)
      2009-12-21 12:01:11,447 DEBUG org.apache.commons.httpclient.auth.AuthChallengeProcessor ( AuthChallengeProcessor.java:90) - Supported authentication schemes in the order of preference: [NTLM, Basic]
      2009-12-21 12:01:11,447 INFO org.apache.commons.httpclient.auth.AuthChallengeProcessor ( AuthChallengeProcessor.java:101) - NTLM authentication scheme selected
      2009-12-21 12:01:11,463 DEBUG org.apache.commons.httpclient.auth.AuthChallengeProcessor ( AuthChallengeProcessor.java:155) - Using authentication scheme: ntlm
      2009-12-21 12:01:11,463 DEBUG org.apache.commons.httpclient.auth.AuthChallengeProcessor ( AuthChallengeProcessor.java:163) - Authorization challenge processed
      2009-12-21 12:01:11,463 DEBUG org.apache.commons.httpclient.HttpMethodDirector ( HttpMethodDirector.java:714) - Authentication scope: NTLM <any realm>@mercure:443
      2009-12-21 12:01:11,463 DEBUG org.apache.commons.httpclient.HttpState ( HttpState.java:436) - enter HttpState.getCredentials(AuthScope)
      2009-12-21 12:01:11,463 DEBUG org.apache.commons.httpclient.HttpMethodDirector ( HttpMethodDirector.java:861) - Credentials required
      2009-12-21 12:01:11,463 DEBUG org.apache.commons.httpclient.HttpMethodDirector ( HttpMethodDirector.java:879) - Credentials provider not available
      2009-12-21 12:01:11,463 INFO org.apache.commons.httpclient.HttpMethodDirector ( HttpMethodDirector.java:737) - No credentials available for NTLM <any realm>@mercure:443
      2009-12-21 12:01:11,463 DEBUG org.apache.axis2.transport.http.HTTPSender ( HTTPSender.java:278) - Handling response - 401

        Activity

        Hide
        Peter Dunphy added a comment -

        I think there is some confusion in the authenticator credential look-up stuff for AXIS2 where the "host" is confused with the "workstation" when it comes to retrieving the credentials.

        When sending out the TYPE 1 and type 3 NTLM messages in AXIS2, If you do a wireshark trace and reverse engineer the NTLM data sent it uses the "authenticator.setHost(this.host)" as the WORKSTATION field in the NTLM protocol as you might expect.

        However who ever wrote the piece that retrieves the credentials prior to sending out and generates the error message "No credentials available for NTLM <any realm>@host:port" has mistaken the "authenticator.setHost(this.host)" as the remote host (not the client workstation). If there is is no entry made for the remote host via "authenticator.setHost(this.host)" then you get this error. Really there should be two methods "authenticator.setWorkstation()" and "authenticator.setRemoteHost()".

        In the end this means the NTLM stuff is essentially broken.

        Show
        Peter Dunphy added a comment - I think there is some confusion in the authenticator credential look-up stuff for AXIS2 where the "host" is confused with the "workstation" when it comes to retrieving the credentials. When sending out the TYPE 1 and type 3 NTLM messages in AXIS2, If you do a wireshark trace and reverse engineer the NTLM data sent it uses the "authenticator.setHost(this.host)" as the WORKSTATION field in the NTLM protocol as you might expect. However who ever wrote the piece that retrieves the credentials prior to sending out and generates the error message "No credentials available for NTLM <any realm>@host:port" has mistaken the "authenticator.setHost(this.host)" as the remote host (not the client workstation). If there is is no entry made for the remote host via "authenticator.setHost(this.host)" then you get this error. Really there should be two methods "authenticator.setWorkstation()" and "authenticator.setRemoteHost()". In the end this means the NTLM stuff is essentially broken.
        Hide
        Peter Dunphy added a comment -

        The problem appears to be in AbstractHttpSender.setAuthenticationInfo().

        The first usage of variable "host" in the snippet below is actually used as the WORKSTATION in the NTLM exchange.
        The second occurrence of the "host" variable is used as the Remote Host when creating the AuthScope.
        There needs to be two variables not one; RemoteHost and Workstation and obviously there values are different..
        Peter

        if (host != null) {
        if (domain != null)

        { /*Credentials for NTLM Authentication*/ creds = new NTCredentials(username, password, host, domain); }

        else

        { /*Credentials for Digest and Basic Authentication*/ creds = new UsernamePasswordCredentials(username, password); }

        tmpHttpState.setCredentials(new AuthScope(host, port, realm), creds);
        }

        Show
        Peter Dunphy added a comment - The problem appears to be in AbstractHttpSender.setAuthenticationInfo(). The first usage of variable "host" in the snippet below is actually used as the WORKSTATION in the NTLM exchange. The second occurrence of the "host" variable is used as the Remote Host when creating the AuthScope. There needs to be two variables not one; RemoteHost and Workstation and obviously there values are different.. Peter if (host != null) { if (domain != null) { /*Credentials for NTLM Authentication*/ creds = new NTCredentials(username, password, host, domain); } else { /*Credentials for Digest and Basic Authentication*/ creds = new UsernamePasswordCredentials(username, password); } tmpHttpState.setCredentials(new AuthScope(host, port, realm), creds); }

          People

          • Assignee:
            Unassigned
            Reporter:
            Dominique Jean-Prost
          • Votes:
            4 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

            • Created:
              Updated:

              Development