6

I am "forcing" the httpclient to do ntlm authentication by using:

    PoolingHttpClientConnectionManager connPool  connPool = new PoolingHttpClientConnectionManager();

    Lookup<AuthSchemeProvider> authProviders = RegistryBuilder.<AuthSchemeProvider>create()
            .register(AuthSchemes.NTLM, new NTLMSchemeFactory())                
            .build();

    CloseableHttpClient httpClient = HttpClients.custom().setConnectionManager(connPool).setDefaultAuthSchemeRegistry(authProviders).build();

But, when authenticating to the server, I get an annoying log message "Authentication scheme Negotiate not supported".

How can I get rid of this message?

(This will be running on a linux box, so HttpClient 4.4 JNA support for native authentication won't help.)

Bob Thule
  • 691
  • 9
  • 15
  • I also tried adding: `List authpref = new ArrayList(); authpref.add(AuthPolicy.NTLM); httpclient.getParams().setParameter(AuthPNames.TARGET_AUTH_PREF, authpref);` But it gives the same message. The code above uses deprecated APIs, but I couldn't find how to do it in a new preferred way. – Bob Thule Feb 23 '15 at 19:01

1 Answers1

6

I think it is all very simple. Effectively the client is only willing to do NTLM while the server is only willing to do Negotiate, thus failing to agree on a common authentication scheme.

This is how one can adjust auth scheme preference to force HttpClient to choose NTLM over SPNEGO / Kerberos 

RequestConfig config = RequestConfig.custom()
        .setTargetPreferredAuthSchemes(Arrays.asList(AuthSchemes.NTLM, AuthSchemes.KERBEROS, AuthSchemes.SPNEGO))
        .build();
CloseableHttpClient client = HttpClients.custom()
        .setDefaultRequestConfig(config)
        .build();
ok2c
  • 26,450
  • 5
  • 63
  • 71
  • 1
    Sounds smart-- but the server offers both Negotiate and NTLM. I should also mention that the authentication does succeed with the code, it just provides the annoying log message (and I assume it is taking longer to authenticate as it tries to do Negotiate authentication). – Bob Thule Feb 24 '15 at 02:55
  • 2
    The warning message is the direct consequence of your code disabling Negotiate as a supported auth scheme. If you want to eliminate this warning, do not override the default set of auth scheme provides and use a custom auth scheme preference instead – ok2c Feb 24 '15 at 10:12
  • Great-- so this worked, thank you! I thought that by not supporting an auth scheme, that it wouldn't be considered. It's strange to me that's not how it works, but I'm happy you were here to explain. – Bob Thule Feb 24 '15 at 16:41