P3
FULL PRODUCT VERSION :
java version "1.7.0_51"
Java(TM) SE Runtime Environment (build 1.7.0_51-b13)
Java HotSpot(TM) 64-Bit Server VM (build 24.51-b03, mixed mode)
ADDITIONAL OS VERSION INFORMATION :
Linux 3.11.0-15-generic #23-Ubuntu SMP Mon Dec 9 18:17:04 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux
A DESCRIPTION OF THE PROBLEM :
NTLM username/password authentication (supplied with Authenticator.getPasswordAuthentication()) does not work with JRE client. In the same environment, all other tested clients works correctly: browser, wget, curl, Apache HttpAsyncClient.
According to Wireshark, Java-generated NTLMSSP_AUTH (NTLM phase 3) data is malformed, however I can't determine an exact problem with it.
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
Try accessing NTLM-protected HTTP server (tested with IIS 7.5)
ACTUAL -
Below is an excerpt from network dump of a single HTTP connection:
Client sends NTLMSSP_NEGOTIATE
Authorization: NTLM TlRMTVNTUAABAAAAA7IIAAYABgArAAAACwALACAAAABMSUdIVE9aRS1QQ2RvbWFpbg==
Server replies with NTLMSSP_CHALLENGE
WWW-Authenticate: NTLM TlRMTVNTUAACAAAABgAGADgAAAAFgokCFUeeczHgYPUAAAAAAAAAAAIBAgE+AAAABgGxHQAAAA9FAE0AVgACAAYARQBNAFYAAQAUAFQAQwBBAE0AQQBEAE0AVwBFAEIABAA6AGUAbQB2AC4AZQBuAGUAcgBnAGkAYQBtAGEAcgBrAGsAaQBuAGEAdgBpAHIAYQBzAHQAbwAuAGYAaQADAFAAVABDAEEATQBBAEQATQBXAEUAQgAuAGUAbQB2AC4AZQBuAGUAcgBnAGkAYQBtAGEAcgBrAGsAaQBuAGEAdgBpAHIAYQBzAHQAbwAuAGYAaQAFADoAZQBtAHYALgBlAG4AZQByAGcAaQBhAG0AYQByAGsAawBpAG4AYQB2AGkAcgBhAHMAdABvAC4AZgBpAAcACACgyuErYBzPAQAAAAA=
Client continues with NTLMSSP_AUTH
Authorization: NTLM TlRMTVNTUAADAAAAGAAYAF4AAAAyADIAdgAAAAYABgBAAAAAAgACAEYAAAAWABYASAAAAAAAAACoAAAAAYIIAEUATQBWAGEATABJAEcASABUAE8AWgBFAC0AUABDAITiIm1pDVCQtMm7dxXUwVyul5v2jMYLkMR69b9xS2YyYdWhk/6zLKQBAQAAAAAAAIDmHyxgHM8Brpeb9ozGC5AAAAAAAgAAAAAA
Authentication fails, client will retry multiple times until retry limit is reached.
HTTP/1.1 401 Unauthorized
WWW-Authenticate: Negotiate
WWW-Authenticate: NTLM
REPRODUCIBILITY :
This bug can be reproduced always.
CUSTOMER SUBMITTED WORKAROUND :
Apache HttpComponents HttpAsyncClient works correctly in the same environment.
java version "1.7.0_51"
Java(TM) SE Runtime Environment (build 1.7.0_51-b13)
Java HotSpot(TM) 64-Bit Server VM (build 24.51-b03, mixed mode)
ADDITIONAL OS VERSION INFORMATION :
Linux 3.11.0-15-generic #23-Ubuntu SMP Mon Dec 9 18:17:04 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux
A DESCRIPTION OF THE PROBLEM :
NTLM username/password authentication (supplied with Authenticator.getPasswordAuthentication()) does not work with JRE client. In the same environment, all other tested clients works correctly: browser, wget, curl, Apache HttpAsyncClient.
According to Wireshark, Java-generated NTLMSSP_AUTH (NTLM phase 3) data is malformed, however I can't determine an exact problem with it.
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
Try accessing NTLM-protected HTTP server (tested with IIS 7.5)
ACTUAL -
Below is an excerpt from network dump of a single HTTP connection:
Client sends NTLMSSP_NEGOTIATE
Authorization: NTLM TlRMTVNTUAABAAAAA7IIAAYABgArAAAACwALACAAAABMSUdIVE9aRS1QQ2RvbWFpbg==
Server replies with NTLMSSP_CHALLENGE
WWW-Authenticate: NTLM TlRMTVNTUAACAAAABgAGADgAAAAFgokCFUeeczHgYPUAAAAAAAAAAAIBAgE+AAAABgGxHQAAAA9FAE0AVgACAAYARQBNAFYAAQAUAFQAQwBBAE0AQQBEAE0AVwBFAEIABAA6AGUAbQB2AC4AZQBuAGUAcgBnAGkAYQBtAGEAcgBrAGsAaQBuAGEAdgBpAHIAYQBzAHQAbwAuAGYAaQADAFAAVABDAEEATQBBAEQATQBXAEUAQgAuAGUAbQB2AC4AZQBuAGUAcgBnAGkAYQBtAGEAcgBrAGsAaQBuAGEAdgBpAHIAYQBzAHQAbwAuAGYAaQAFADoAZQBtAHYALgBlAG4AZQByAGcAaQBhAG0AYQByAGsAawBpAG4AYQB2AGkAcgBhAHMAdABvAC4AZgBpAAcACACgyuErYBzPAQAAAAA=
Client continues with NTLMSSP_AUTH
Authorization: NTLM TlRMTVNTUAADAAAAGAAYAF4AAAAyADIAdgAAAAYABgBAAAAAAgACAEYAAAAWABYASAAAAAAAAACoAAAAAYIIAEUATQBWAGEATABJAEcASABUAE8AWgBFAC0AUABDAITiIm1pDVCQtMm7dxXUwVyul5v2jMYLkMR69b9xS2YyYdWhk/6zLKQBAQAAAAAAAIDmHyxgHM8Brpeb9ozGC5AAAAAAAgAAAAAA
Authentication fails, client will retry multiple times until retry limit is reached.
HTTP/1.1 401 Unauthorized
WWW-Authenticate: Negotiate
WWW-Authenticate: NTLM
REPRODUCIBILITY :
This bug can be reproduced always.
CUSTOMER SUBMITTED WORKAROUND :
Apache HttpComponents HttpAsyncClient works correctly in the same environment.