HttpClient 4.3.6 return "WARNING: NEGOTIATE authentication failed"
I am running HttpClient 4.3.6 in Java 6. When I run the following code, the authentication seems to be successful. The returned status code is 200. However, I get the following error in the console:
WARNING: NEGOTIATE authentication error: Invalid name (Engine level: Could not load configuration file C: \ Windows \ krb5.ini (System cannot find the file specified))
How do I resolve this warning?
CloseableHttpClient httpclient = HttpClients.createDefault();
HttpContext localContext = new BasicHttpContext();
HttpGet method = new HttpGet(url);
CredentialsProvider credsProvider = new BasicCredentialsProvider();
credsProvider.setCredentials(
new AuthScope(host, 80),
new NTCredentials(userid, password, host, login_domain));
localContext.setAttribute(HttpClientContext.CREDS_PROVIDER, credsProvider);
String filePath = null;
// Execute the method.
CloseableHttpResponse clientResponse = httpclient.execute(method, localContext);
HttpEntity entity = clientResponse.getEntity();
int statusCode = clientResponse.getStatusLine().getStatusCode();
if (statusCode != HttpStatus.SC_OK) {
System.err.println("Method failed: " + method.getRequestLine());
}
source to share
You need to pass a set of targeted preferred authentication schemes:
Create your httpClient like this:
PoolingHttpClientConnectionManager connPool = new PoolingHttpClientConnectionManager();
connPool.setMaxTotal(200);
connPool.setDefaultMaxPerRoute(200);
// Authentication
CredentialsProvider credsProvider = new BasicCredentialsProvider();
credsProvider.setCredentials(AuthScope.ANY, new NTCredentials(username, password, workstation, domain));
RequestConfig config = RequestConfig.custom().setTargetPreferredAuthSchemes(Arrays.asList(AuthSchemes.NTLM)).build();
CloseableHttpClient httpClient = HttpClients.custom().setConnectionManager(connPool).setDefaultRequestConfig(config).build();
HttpClientContext context = HttpClientContext.create();
context.setCredentialsProvider(credsProvider);
source to share
Yes, I believe your authentication was actually successful and is probably just falling back to NTLM from Kerberos. My code is similar to yours, and in my application I am connecting to SharePoint using HttpClient 4.3.5 in Java 7. When SharePoint is set to "Negotiate" ("Attempting Kerberos and then migrating to NTLM"), I see a similar error for what you reported in the generated HttpClient protocol, specifically:
Selected authentication options: [NEGOTIATE, NTLM]
Executing request GET /my/personal/user2/_api/web?$select=ServerRelativeUrl HTTP/1.1
Target auth state: CHALLENGED
Generating response to an authentication challenge using Negotiate scheme
init XXX.XXX.XXX.XXX:80
NEGOTIATE authentication error: org.ietf.jgss.GSSException, major code: 11, minor code: 0
major string: General failure, unspecified at GSSAPI level
minor string: Desired initLifetime zero or less
Generating response to an authentication challenge using ntlm scheme
After that, it successfully authenticates through NTLM. So, I read this error message: "Kerberos does not work, we will now use NTLM". As long as you get a 200 response, you should be good to go.
source to share