Annoying Proxy authentication requests
In our lan we use Firefox (various versions, from 8 to 23, also 17 ESR releases) on windows computers (xp and 7 32 bit) . We require a http proxy authentication (squid) with username and password. We usually configure only Internet Options in windows control panel checking the flag on "use automatic configuration script" with an url like "http://proxy/proxy.pac". In this script we give a list of intranet sites (web applications) that don't require a proxy authentication on internet because are internal sites on our lan. So on firefox we use the option "Use system proxy settings". The issue is: during a session on those intranet sites the firefox dialog window for proxy authentication often appears annoying the operator who has to close it every time. We have tried to mitigate the problem disabling firefox automatic updates, add-ons updates, search engines updates, do not track requests, attack sites and web forgeries lists updates, telemetry, health and crash reports. It seems not to be enough to solve the problem.
Are there other settings to set in "about:config" page? workarounds? add-ons?
Thanks for your help in advance.
PS: sorry for my english, I'm still learning.
I have done some other tests and disabling all settings i mentioned above in the topic the issue is solved.
Bye
Similar Messages
-
Why do I keeping getting proxy authentication request when trying to read Gmail?
I am behind a Blue Coat proxy, whenever I try to hit gmail or google play, I get a pop-up that request user authentication (moz-proxy). I have seen a number of post on this and tried the fixes. Nothing seems to help. When I tried this: https://support.mozilla.org/en-US/questions/943488, Step three: network.automatic-ntlm-auth.allow-proxies – FALSE, I was block from hitting any webpage. I have tried opening is SAFE MODE, that did not work. Are there any other solutions?
"IE’ uses windows authentication, and authenticates with proxy server silently behind the scenes. Chrome uses IE’s settings in windows, for proxy settings. Hence the same behavior as IE. But Firefox, tries to do it on its own, that is why it tries to authenticate and find out if you have access to the site.
But, yeah, for your problem, the best way would be to ignore proxy for the site if you know they are already blocked."
Reference: http://nasarabna.wordpress.com/2010/03/03/firefox-keeps-prompting-for-proxy-authentication/ -
Mac Adobe Flash Player not supporting Web Proxy Authentication
Anyone else got an enterprise network where you use web proxies with web authentication and no traffic allowed out except through the proxies?
You may need to be in the UK for this, but try accessing BBC iPlayer content - http://www.bbc.co.uk/iplayer and you should discover that the content won't play. the error says "This content doesn't seem to be working. Try again later.". The content will never work as the Mac version of Flash (currently 10.1.53.64) is not able to respond to web proxy authentication requests. The BBC use various streaming server which are randomly selected when a user starts a stream and they have no DNS. Just IP addresses. They don't publish a list for security reasons. So it is almost impossible to exempt all their servers from authentication.
I've logged a bug with Adobe. If you have this issue too, please add a comment and vote so that they can begin to grasp the impact of this problem:
https://bugs.adobe.com/jira/browse/FP-5161I have the same issues in Australia trying to access flash content from the ABC website. The strange thing is the content will play if your leave the browser open for 5min.
After several packet data captures we identified that it has to do with the amount of time it takes the Mac timeout from the proxy before it plays the video content.
No solution yet. -
17:06:13 Synchronizer Version 14.0.6123
17:06:13 Synchronizing Mailbox '[email protected]'
17:06:13 Synchronizing Hierarchy
17:06:13 4 folder(s) added to online store
17:06:13 1 folder(s) updated in online store
17:06:13 Synchronizing local changes in folder 'Inbox'
17:06:13 Error synchronizing folder
17:06:13 [80041004-0-0-430]
17:06:13 Error with Send/Receive.
17:06:13 There was an error synchronizing your folder hierarchy. Error : 80041004.
17:06:13 Synchronizing server changes in folder 'Calendar'
17:06:13 Synchronizing server changes in folder 'Contacts'
17:06:13
17:06:13
*Request*
17:06:13 17:06:13:0590
17:06:13 POST
17:06:13 http://
17:06:13 contacts.msn.com
17:06:13 /ABService/ABService.asmx
17:06:13
17:06:13 <ABFindAll xmlns="http://www.msn.com/webservices/AddressBook"> <abId>00000000-0000-0000-0000-000000000000</abId><abView>Full</abView><deltasOnly>false</deltasOnly></ABFindAll>
17:06:13
*Response*
17:06:13 17:06:13:0870
17:06:13 HTTP/1.1 407 Proxy Authentication Required ( Forefront TMG requires authorization to fulfill the request. Access to the Web Proxy filter is denied. )
Via: 1.1 TMG
Proxy-Authenticate: Negotiate
Proxy-Authenticate: Kerberos
Proxy-Authenticate: NTLM
Connection: close
Proxy-Connection: close
Pragma: no-cache
Cache-Control: no-cache
Content-Type: text/html
Content-Length: 707
17:06:13
17:06:13
17:06:13
17:06:13 Error with Send/Receive.
17:06:13 There was an error synchronizing a contacts folder. Error : 80004005.
17:06:13 Synchronizing server changes in folder 'Drafts'
17:06:13 Synchronizing local changes in folder 'Inbox'
17:06:13 Error synchronizing folder
17:06:13 [80041004-0-0-430]
17:06:13 Synchronizing server changes in folder 'Sent Items'
17:06:13 Synchronizing server changes in folder 'Deleted Items'
17:06:13 Synchronizing server changes in folder 'Junk E-mail'
17:06:13 Done
17:06:13
17:06:13
*Request*
17:06:13 17:06:13:0870
17:06:13 POST
17:06:13 http://
17:06:13 mail.services.live.com
17:06:13 /DeltaSync_v2.0.0/Settings.aspx
17:06:13
17:06:13 <?xml version="1.0" encoding="utf-8"?><Settings xmlns="HMSETTINGS:"><ServiceSettings><SafetySchemaVersion>1</SafetySchemaVersion><SafetyLevelRules><GetVersion/></SafetyLevelRules><SafetyActions><GetVersion/></SafetyActions><Properties><Get/></Properties></ServiceSettings><AccountSettings><Get><Options/><Properties/></Get></AccountSettings></Settings>
17:06:13
*Response*
17:06:13 17:06:13:0870
17:06:13 HTTP/1.1 407 Proxy Authentication Required ( Forefront TMG requires authorization to fulfill the request. Access to the Web Proxy filter is denied. )
Via: 1.1 TMG
Proxy-Authenticate: Negotiate
Proxy-Authenticate: Kerberos
Proxy-Authenticate: NTLM
Connection: close
Proxy-Connection: close
Pragma: no-cache
Cache-Control: no-cache
Content-Type: text/html
Content-Length: 707
17:06:13
17:06:13Hi,
According to the log, it seems that TMG firewall denied the request and replied with an HTTP 407 response, indicating that proxy authentication was required. This was done because the Forefront TMG firewall did not have any access rules which would allow
the anonymous request. Please check if you have configured related access rules.
When did you recieve this log? Is there anyting wrong? Which authentication method you have used, Kerberos, NTLM or other?
It seems that each time a web proxy client requests a resource through a Forefront TMG firewall that requires NTLM authentication the client is actually denied twice during the transaction before being successfully authenticated and allowed access. When
the Forefront TMG firewall is configured to use Kerberos there is only a single denied request and HTTP 407 response and then contact a domain controller and obtain a Kerberos ticket to present to the TMG firewall to gain access to the resource.
If you configured the TMG clients with a certain proxy name, please make sure you typed the TMG's domain computer name only (not IP address nor alias).
Best regards,
Susie -
Installation is requesting for Proxy Authentication. Why?
We have been trying to install Adobe CC for our teaching pools but every time it is requesting to enter proxy authentication. We are installing it over a wireless network that is free of proxy issues. Why is this happening? I tried looking for some numbers to call for support but there are none. Please help. We cannot proceed with our classes with this problem.
Creative Cloud chat support (all Creative Cloud customer service issues)
http://helpx.adobe.com/x-productkb/global/service-ccm.html -
Is there an issue with the latest version of FF with HTTPS requests and Proxy authentication?
I'm currently working inside a cope network behind a proxy, which requires authentication.
When browsing to websites externally to our network I would usually only be promoted once for authentication details; after that I would never see the prompt again until after restating the browser.
However after the latest update I've found that when visiting HTTPS sites I'm promoted for my login details. But even though I enter the correct information the prompt does not take the details and continually asks until eventually our proxy closes the connection (usually with my account now being locked).
My other browsers (IE, GC) work fine without problems.
Any ideas?It could be a regression in Firefox 18 that wasn't present in Firefox 17. The developers are known nowadays for including too many experimental changes and my bet is one of them is causing this.
But to confirm, could you downgrade back to Firefox 17 and still see if it works well with proxy authentication?
Download link:
<br> www.mozilla.org/en-US/products/download.html?product=firefox-17.0.1&os=win&lang=en-US -
Acrobat Standard Proxy Authentication
Hi,
When we sign our PDF's we want to use an external timestamping server
So we have configured both a Verisign and Globalsign timestamping server and made one of them as default
Most of the time we got a response from Acrobat saying
"Timestamp signature property generation error:
Transport authorization failure"
When it fails the doc is signed, but using the computers clock and we want to avoid that
But sometime it did work which confused us but I think we have identified the problem with the Proxy authentication
Our proxy requires full authetication against our Active Directory
So when it worked was just because we just before signing had been surfing on the internet and the proxy had cached the credential approvals
So when Adobe tried to get out to the timestamp server the ID was already authorized in the proxy
But without a previous "IE-surfing" it fails, the proxy has nothing in its cache
A network trace confirms this, we see a "Authentication required" request from the proxy that Acrobat never responds to
The proxy does not accept annonymous requests
IE is configured to use a configration script for its proxy settings
I cant find any relevant Acrobat settings that handles this and googling indicates that Acrobat has problems in this area
But I haven't found anything for our version/release
Now for the question, is Adobe Acrobat Standard 9.3.0 supposed to handle proxys that requires AD authentication?
To bypass the proxy is not an option
Setting a proxy exception for these servers is maybe an option
Prefered is that Acrobat handles thisTo update my own question since it might help others
I received assistance through the Adobe support channels
Not what I was hoping for but it clarifies the problem
The reason I asked the question is that we don’t support Shared Review with an Authenticating Proxy server. So this customer workflow isn’t too far off the mark with having a proxy server authentication expectation in the standalone client and wanting a timestamp server time. The only workaround to this behavior is to do exactly what they have found. Launch an instance of Internet Explorer, authenticate against the proxy server and then sign the PDF file. -
Http proxy authentication for JDev 10.1.3
Hi,
I found the http proxy settings in the "tools->preferences->Web Browser and Proxy" but there are no settings for the username and password. Is there some other way that I can add these.
The problem is that whenver JDeveloper wants to do some http stuff it (or something else is doing it) asks me for the proxy user name & password - this happens over and over again. If JDev is doing this then surely it should remember the username & password.
I sometimes get a JDeveloper dialog "waiting for the connection" come up over the proxy auth dialog and I have to cancel the function so I can authenticate, then re-request the function.
I wish I didn't have the proxy authentication but I have no choice in this dev environment. I do get to choose JDeveloper at least.
Regards,
Simon.Hi,
I get it when I 'check for updates' and I get it again when I 'go to JavaDoc' - and this is the one where the "waiting for connection dialog" pops on top of the proxy log in and I have to cancel it to log in. Then all subsequent 'go to JavaDoc' requests go straight through.
I would prefer it if I could just configure (in proxy preferences) the username and password so it never asks me. I dont care if it less secure storing the password since I think authenticating proxies are a dumb idea anyway. If the password is not supplied then JDev can ask for it like it does now to keep the security-paranoid people happy.
Also, this morning I got this Exception which appeared at the same time I got a proxy auth window. When JDev finally started all my previously open windows were lost. No real problem but unexpected. Here is the stack dump:
java.lang.NullPointerException
at oracle.jdevimpl.webdav.api.DAVAuthenticator.getPasswordAuthentication(DAVAuthenticator.java:79)
at java.net.Authenticator.requestPasswordAuthentication(Authenticator.java:300)
at sun.net.www.protocol.http.HttpURLConnection$1.run(HttpURLConnection.java:267)
at java.security.AccessController.doPrivileged(Native Method)
at sun.net.www.protocol.http.HttpURLConnection.privilegedRequestPasswordAuthentication(HttpURLConnection.java:263)
at sun.net.www.protocol.http.HttpURLConnection.getHttpProxyAuthentication(HttpURLConnection.java:1427)
at sun.net.www.protocol.http.HttpURLConnection.resetProxyAuthentication(HttpURLConnection.java:1246)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:950)
at oracle.ide.net.HttpURLFileSystemHelper.exists(HttpURLFileSystemHelper.java:191)
at oracle.jdevimpl.webdav.net.WebDAVURLFileSystemHelper.exists(WebDAVURLFileSystemHelper.java:423)
at oracle.ide.net.URLFileSystem.exists(URLFileSystem.java:498)
at oracle.ideimpl.editor.EditorUtil.getNode(EditorUtil.java:126)
at oracle.ideimpl.editor.EditorUtil.loadContext(EditorUtil.java:91)
at oracle.ideimpl.editor.TabGroupState.loadStateInfo(TabGroupState.java:950)
at oracle.ideimpl.editor.TabGroup.loadLayout(TabGroup.java:1758)
at oracle.ideimpl.editor.TabGroupXMLLayoutPersistence.loadComponent(TabGroupXMLLayoutPersistence.java:31)
at oracle.ideimpl.controls.dockLayout.DockLayoutInfoLeaf.loadLayout(DockLayoutInfoLeaf.java:123)
at oracle.ideimpl.controls.dockLayout.AbstractDockLayoutInfoNode.loadLayout(AbstractDockLayoutInfoNode.java:631)
at oracle.ideimpl.controls.dockLayout.AbstractDockLayoutInfoNode.loadLayout(AbstractDockLayoutInfoNode.java:628)
at oracle.ideimpl.controls.dockLayout.AbstractDockLayoutInfoNode.loadLayout(AbstractDockLayoutInfoNode.java:614)
at oracle.ideimpl.controls.dockLayout.DockLayout.loadLayout(DockLayout.java:302)
at oracle.ideimpl.controls.dockLayout.DockLayoutPanel.loadLayout(DockLayoutPanel.java:128)
at oracle.ideimpl.editor.Desktop.loadLayout(Desktop.java:353)
at oracle.ideimpl.editor.EditorManagerImpl.init(EditorManagerImpl.java:1824)
at oracle.ide.layout.Layouts.activate(Layouts.java:758)
at oracle.ide.layout.Layouts.activateLayout(Layouts.java:179)
at oracle.ideimpl.MainWindowImpl$2.runImpl(MainWindowImpl.java:734)
at oracle.javatools.util.SwingClosure$1Closure.run(SwingClosure.java:50)
at java.awt.event.InvocationEvent.dispatch(InvocationEvent.java:199)
at java.awt.EventQueue.dispatchEvent(EventQueue.java:461)
at java.awt.EventDispatchThread.pumpOneEventForHierarchy(EventDispatchThread.java:242)
at java.awt.EventDispatchThread.pumpEventsForHierarchy(EventDispatchThread.java:163)
at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:157)
at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:149)
at java.awt.EventDispatchThread.run(EventDispatchThread.java:110) -
Proxy Login Request on Java applets
• 10.4.5 Client
• Windows 2.3k ISA 2005 Proxy Server
• Users' fileserving to Win2.3k - ADmitMac for AD integration
The client is a test machine on which I build campus master NetInstall images. In my testing procedures I've come across a bizarre problem with Java in the browsers (IE, Safari, & FireFox).
We use ISA proxy server with web filtering, and users must authenticate to the proxy. On a new user's first use of any browser, the proxy username & password are requested, and the Add to Keychain checkbox is available. If the user checks the box, no further proxy login requests are made; the user's Keychain is updated with the proxy information.
On pages with Java applets, however, each and every applet will ask for a proxy login, but the login window does not offer a Add to Keychain checkbox! If a page has 15 applets on it, the user will be asked 15 times to authenticate against the proxy.
Naturally, this is a BIG problem, especially when several of the sites our teachers use in classes and labs contain many Java applets.
On the web, there is almost nothing concerning setting up Java with proxy servers, as all Apple Java from v. 1.4.2 onwards picks up proxy information from the system's network settings.
On the Apple Developer site, Tech Note QA1263 demonstrates a way of setting HTTPS proxy settings by entering text strings in the 1.3.1 and 1.4.1 Plugin Settings apps Java Runtime Parameters. The same capability exists in the J2SE 5.0 Java Preferences app, too. Unfortunately, the Java applets do not use HTTPS, so far as I can tell, so this remedy is useless.
Any clues I can pursue? Any help or fixes?
Thanks in advance!
Derek I Smith
Systems & Network Admin
Riverdale Country School
www.riverdale.edu
eMacs,g4s,QSs,B/Ws,iMacs,G5,G5 XServe, etc Mac OS X (10.4.5)After some more research with the J2SE 5.0 Java Preferences app, I turned on the Java console, booted Safari and went to my favorite Java applet - babynamewizard. This is the output of the console log. From what I can glean, the plug-in sees the proxy server settings as it should, and reports them.
In addition, the J2SE 5.0 Java Preferences app allows you to turn off all security settings. No change in behavior.
The Log:
Java Plug-in 1.5.0
Using JRE version 1.5.0_05 Java HotSpot(TM) Client VM
User home directory = /Users/admin
network: Loading user-defined proxy configuration ...
network: Done.
network: Loading proxy configuration from Netscape Navigator ...
network: Done.
network: Loading manual proxy configuration ...
network: Done.
network: Proxy Configuration: Manual Configuration
Proxy: http=pcproxy.riverdale.edu:8080,https=pcproxy.riverdale.edu:8080,ftp=pcproxy.ri verdale.edu:8080,gopher=pcproxy.riverdale.edu:8080,socks=pcproxy.riverdale.edu:8 080
Proxy Overrides:
basic: Cache is enabled
basic: Location: /Users/admin/Library/Caches/Java/cache/javapi/v1.0
basic: Maximum size: unlimited
basic: Compression level: 0
c: clear console window
f: finalize objects on finalization queue
g: garbage collect
h: display this help message
l: dump classloader list
m: print memory usage
o: trigger logging
p: reload proxy configuration
q: hide console
r: reload policy configuration
s: dump system and deployment properties
t: dump thread list
v: dump thread stack
x: clear classloader cache
0-5: set trace level to <n>
basic: Referencing classloader: sun.plugin.ClassLoaderInfo@fb6354, refcount=1
basic: Added progress listener: sun.plugin.util.GrayBoxPainter@dc0e7a
basic: Loading applet ...
basic: Initializing applet ...
basic: Starting applet ...
network: Connecting http://babynamewizard.com/namevoyager/nametide2.jar with proxy=HTTP @ pcproxy.riverdale.edu/172.16.1.52:8080
network: Connecting http://babynamewizard.com/namevoyager/nametide2.jar with cookie "s_cc=true; s_sq=%5B%5BB%5D%5D"
network: Firewall authentication: site=pcproxy.riverdale.edu/172.16.1.52:8080, protocol=http, prompt=ENKI.riverdale.edu, scheme=basic
basic: User selected: 0
~ ~ ~
The proxy login window appears at this point and I authenticate to the proxy
The log continues...
~ ~ ~
network: Connecting http://babynamewizard.com/namevoyager/nametide2.jar with proxy=HTTP @ pcproxy.riverdale.edu/172.16.1.52:8080
basic: Loading http://babynamewizard.com/namevoyager/nametide2.jar from cache
basic: No certificate info, this is unsigned JAR file.
network: Connecting http://babynamewizard.com/namevoyager/namedb.zip with proxy=HTTP @ pcproxy.riverdale.edu/172.16.1.52:8080
network: Connecting http://babynamewizard.com/namevoyager/namedb.zip with cookie "s_cc=true; s_sq=%5B%5BB%5D%5D"
Columns found: 28
Num years: 13
YEAR NAME: 1880s
YEAR NAME: 1890s
YEAR NAME: 1900s
YEAR NAME: 1910s
YEAR NAME: 1920s
YEAR NAME: 1930s
YEAR NAME: 1940s
YEAR NAME: 1950s
YEAR NAME: 1960s
YEAR NAME: 1970s
YEAR NAME: 1980s
YEAR NAME: 1990s
YEAR NAME: 2004
Num names: 5251
0 --> 923475.0
1 --> 915444.0
2 --> 905002.0
3 --> 910731.0
4 --> 915165.0
5 --> 924335.0
6 --> 938721.0
7 --> 940141.0
8 --> 923814.0
9 --> 869609.0
10 --> 848116.0
11 --> 800666.0
12 --> 759055.0
Rank misses: 21
0.15
0.4475
0.395
0.3425
0.29000002
0.23750001
0.185
0.48250002
0.43
0.3775
0.325
0.2725
0.22
0.1675
0.465
0.4125
0.36
0.3075
0.255
0.2025
~ ~ ~
The applet runs -
Hi,
I built a web service client using WWSAPI. The connection works via SSL (without HTTP proxy) and it works with SSL and proxy with basic authentication as well. When I try to connect using a proxy with NTLM authentication, then I get the errorCode
0x803d0016, HTTP status "407 (0x197)", "Proxy Authentication Required".
In WireShark I see only one HTTP request to connect to the proxy with NTLM Message Type: NTLMSSP_NEGOTIATE. The HTTP Response returns Status 407 and the connection ist closed. Comparing this to Internet Explorer - the Connection is not closed and
a second request with NTLMSSP_AUTH is sent.
Why doesn't it make the complete NTLM handshake? Why wasn't sent the NTLMSSP_AUTH directly?
I oriented in the HttpCalculatorWithKerberosOverSslClientExample.
Using WS_HTTP_HEADER_AUTH_SECURITY_BINDING,
WS_SECURITY_BINDING_PROPERTY_HTTP_HEADER_AUTH_SCHEME was set to WS_HTTP_HEADER_AUTH_SCHEME_NTLM, WS_SECURITY_BINDING_PROPERTY_HTTP_HEADER_AUTH_TARGET to WS_HTTP_HEADER_AUTH_TARGET_PROXY. I tried WS_DEFAULT_WINDOWS_INTEGRATED_AUTH_CREDENTIAL_TYPE but also WS_STRING_WINDOWS_INTEGRATED_AUTH_CREDENTIAL_TYPE.
Any idea?
ThanksHi,
I built a web service client using WWSAPI. The connection works via SSL (without HTTP proxy) and it works with SSL and proxy with basic authentication as well. When I try to connect using a proxy with NTLM authentication, then I get the errorCode
0x803d0016, HTTP status "407 (0x197)", "Proxy Authentication Required".
In WireShark I see only one HTTP request to connect to the proxy with NTLM Message Type: NTLMSSP_NEGOTIATE. The HTTP Response returns Status 407 and the connection ist closed. Comparing this to Internet Explorer - the Connection is not closed and
a second request with NTLMSSP_AUTH is sent.
Why doesn't it make the complete NTLM handshake? Why wasn't sent the NTLMSSP_AUTH directly?
I oriented in the HttpCalculatorWithKerberosOverSslClientExample.
Using WS_HTTP_HEADER_AUTH_SECURITY_BINDING,
WS_SECURITY_BINDING_PROPERTY_HTTP_HEADER_AUTH_SCHEME was set to WS_HTTP_HEADER_AUTH_SCHEME_NTLM, WS_SECURITY_BINDING_PROPERTY_HTTP_HEADER_AUTH_TARGET to WS_HTTP_HEADER_AUTH_TARGET_PROXY. I tried WS_DEFAULT_WINDOWS_INTEGRATED_AUTH_CREDENTIAL_TYPE but also WS_STRING_WINDOWS_INTEGRATED_AUTH_CREDENTIAL_TYPE.
Any idea?
Thanks -
Calling external web service - Proxy Authentication error
Using Developer 10.1.3.3 and following OTN example http://www.oracle.com/technology/products/forms/htdocs/10gr2/howto/webservicefromforms/ws_10_1_3_from_forms.html.
I have followed the above example and am trying to test the SendServiceSoapClient.java in JDeveloper. The class compiles ok but when I run it I receive the following error in the log window :
HTTP transport error: javax.xml.soap.SOAPException: java.security.PrivilegedActionException: javax.xml.soap.SOAPException: Bad response: 407 Proxy Authentication Required
As I was able to create the proxy with no problems, the proxy settings in Tools->Preferences are valid. I don't understand at what point it is failing as I am able to access the wsdl in the example from JDeveloper. I have checked the system settings for the proxy (username/pwd/host etc) at run time and they are as expected.
Can anyone make any suggestions? I have had my user details checked on our proxy server and it is not blocked from performing any actions. Is the message indicating I am being blocked from accessing the service from the suppliers end?I have a solution for the problem I encountered.
My collegues who look after the proxy server and network first tried to bypass authentication for the web site www.esendex.com (where the service resides). The same error occurred when trying to call the service.
They then set up a route on the network to send the request straight to www.esendex.com and a rule on the firewall to allow the request 'out'. This has done the trick and the request passes through!
Unfortunately, I am not much clearer as to why our proxy server is configured to block this message type and how come it can't be changed! Hey ho, I have a solution for now! -
Proxy authentication doesn't work with JSSE
Hello,
Seems like there is no common way to authenticate with proxy for HTTP and HTTPS.
Connecting to http://... - works fine, but https://... returns error message:
Unable to tunnel through 111.111.111.111:8080. Proxy returns "HTTP/1.0 407 Proxy Authentication Required"
(IP address is intentionally changed in the message above)
I'm using JSSE with VAJ JDK 1.2 and here is a Java code snippet that works well with HTTP connections:
Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
System.setProperty("java.protocol.handler.pkgs",
"com.sun.net.ssl.internal.www.protocol");
System.setProperty("https.proxyHost", proxyHost);
System.setProperty("https.proxyPort", proxyPort);
System.setProperty("http.proxyHost", proxyHost);
System.setProperty("http.proxyPort", proxyPort);
try {
URL url = new URL("https://www.sun.com");
URLConnection connection = url.openConnection();
String authString = proxyUserID + ":" + proxyPasswd;
String encodedAuthString =
"Basic " + new sun.misc.BASE64Encoder().encode(authString.getBytes());
connection.setUseCaches(false);
connection.setRequestProperty("Proxy-authorization", encodedAuthString);
Listening to the network traffic helped me to understand that there is a difference between the way HTTP and HTTPS is handled. For some reason HTTPS ignores all the headers that I specify using setRequestProperty().
Here is example of request and responses sent by HTTPS handler:
Request:
CONNECT 198.175.98.32:443 HTTP/1.0
User-Agent: JSSE
Proxy response:
HTTP/1.0 407 Proxy Authentication Required
Date: Wed, 07 Nov 2001 22:04:11 GMT
Content-Length: 233
Content-Type: text/html
Server: NetCache (NetApp/5.1R2D4)
Proxy-Authenticate: basic realm="NETCACHE2"
Please note that there is no Proxy-authorization header in the request above.
Compare it with HTTPS request sent by Netscape browser:
Request to proxy:
CONNECT www.sun.com:443 HTTP/1.0
Proxy-authorization: Basic am0vbDphrGxHa22lLg==
User-Agent: Mozilla/4.76 [en] (Windows NT 5.0; U)
Response:
HTTP/1.0 200 Connection established
Proxy-Agent: NetCache NetApp/5.1R2D4
So, the question is:
What is the best way to pass "Proxy-authorization" header to proxy server??
Thanks in advance for your time.Hi Guys,
Just like, i assume, all of you, i've had my battles with javas' handling of https comms from behind a firewall. I'm actually amazed at how something that is a simple combination of protocol and security should become so messy.
Luckily , i managed to get all my requirements met, but the sad thing is after all that hard work, i'm not much closer to understanding why the standard java sdk (im using 1.4) forces us to endure such painful tasks.
Really, Java is quite a mature language now, and one of its touted benefits is its applicability to web and internet technologies... so why the messy proxy code when dealing with ssl?
Anyway, i didn't really come here to b**tch, but rather to point you all to a handy library from apache - httpClient - http://jakarta.apache.org/commons/httpclient.
After implementing ssl proxy tunnelling and all the fun that goes with it, i found this tool, and subsequently deleted all that ugly code, and let http client deal with all that for me.
Its seriously simple, heres a snippet:
httpClient = new HttpClient();
httpClient.setTimeout(responseTimeoutMillies);
Protocol myHttps = new Protocol("https", new SSLContextBasedSocketFactory(sslContext), targetServerPort);
httpClient.getHostConfiguration().setHost(targetServerHost, targetServerPort, myHttps);
if (useProxy)
httpClient.getHostConfiguration().setProxy(proxyHost, proxyPort);
httpClient.getState().setProxyCredentials("my-proxy-realm", proxyHost, new UsernamePasswordCredentials(proxyUser, proxyPassword));
}This initialises the client, and after this, making http requests is simple:
String response = null;
PostMethod postMethod = new PostMethod("/secure/blah.jsp"); // A HTTP Post
postMethod.setRequestBody("Hello there"); // this is the data in the http post body
int responseCode = httpClient.executeMethod(postMethod);
if(responseCode == 200)
response = postMethod.getResponseBody();...
As you can see, its alot less painful. It certainly makes me feel better, knowing i don't have to support/maintain the ugly proxy tunnelling code. Give it a shot on your next project.
Hope it helps.
Regards
Marcus Eaton -
Invalid Response Code: (407) Proxy Authentication Required
Hi all,
I have created a EJB that will access an external webservice to receive data and will display it in a jsp. But when i call it, i get the folllowing error-
com.sap.engine.services.webservices.jaxrpc.exceptions.InvalidResponseCodeExcpetion: Invalid Response Code: (407) Proxy
Authentication Required (The ISA Server requires authorization to fulfill the request. Access to the Web Proxy is denied)
I have already set the proxy user name and password in <i>visual admin</i> under <i>destinations</i> and also under <i>Web Services Container->Runtime->Settings</i>. Still i get this error. I checked a couple of threads here, that answer to my problem, but none helped! Am i missing something?
Thanks in advance,
SwarnaHi Swarna
What is the patch level that you are running on?
May be the "auth-scheme" element required by the HTTP specification is missing in the "Proxy-Authorization" HTTP header.
I think that the solution is there in the new support packages or the patch update.
Please check out the latest support packages and apply them.
This should solve your problem.
Regards
Sumit Jain
**Reward with points if useful -
MOSS 2007; Manage Content & Structure = timeout & authentication request = 401
Hi,
I am having from time to time some issues with an older MOSS 2007 environment. Sometimes browsing to manage Content & Structure ends up in a long thinking process which ends with an authentication request. A Timeout seems to happen. Whatever a user enters...
it ends ip in a 401 error. That does not happen every time, but sometimes. The rest of Sharepoint works well.
Let me first describe the environment. The environment is fully virtualized. The content db is huge - the approx size is about 1 TB. There is only 1 site collection and quite a huge site structure.
The environment as such
2 WFE
1 IDX
1 SQL 2005 Cluster
We use Kerberos for authentication.
The w3wp processes grow to about 1-2 GB.
We have identified that when SQL Cluster fails from one node to the other.. this symptom disappears for a while. I have no clue what this can have to do with the described effects.
An IISRESET on all servers sometimes helps, too.
We cannot identify any errors, but the issue is really annoying.
Any thoughts?Hi Sven,
I am trying to involve someone familiar with this topic to further look at this issue.
Thanks,
Daniel Yang
Forum Support
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected]
Daniel Yang
TechNet Community Support -
I've installed Java Web Start and I'm experiencing the following behaviour.
My web browser has a proxy configured and in the Java Web Start
preferences it's specified to use the browser configuration (not
manual).
Now, sometimes the window asking for proxy authentication appears,
even when I'm not launching a Java Web Start application.
It seems to me that the proxy authentication window appears when a new Java Virtual Machine is invoked.
Is it a known behaviour ? What's the reason for it ? How can we avoid
it ?
We think it would be very annoying for a user beeing asked repeatedly for proxy authentication, expecially when he/she doesn't understand the reason why it happens.
My best regards
Cristina Tomacelli
Italy... to tweak the config files ?
If you are on Win32 and your proxy is using ? la NTLM authentication then the 1.4.2 should fix this...
Tchao.
Jean-Baptiste Bugeaud
http://www.up2go.net - WebStart @ the MAX !
Maybe you are looking for
-
I have adobe acrobat 6.0 and windows 7.0 professional...they don't work together
Is there anything i can do to make these work together?
-
Some changes we need in the Java language
Dear Java language makers, I'm actually coding a fairly complex program, and I'm facing several issues c++ does solve while Java doesn't handle them. I strongly wish these features could be included in next editions of the Java language, and I think
-
Cannot Import javax.servlet.* and javax.servlet.http.*
Hello, I am a University Student and now doing a project using Servlet and JSP I have installed WinXP and Tomcat 5.0 on my computer When I compile the servlet , there are error messages "package javax.servlet does not exist" and "package javax.servle
-
just went through my entire blu-ray library and more than half of them had a digital copy. Is it possible that since you need to sign in with your itunes account in order to redeem the code to download be considered a purchase? Being that iTunes in t
-
"Built In " battery ... what is the best way to deal with it ?
Hi ... I just bought this laptop envy6-1100se with a built in battery and I actually heard alot of diffrent opinions about the best way to deal with the battery and charging and I don't know what to trust to make my batterylife the longest so hope