1

POST request with a json body. Response back is also in json.

Without kerberos authentication, it is working. But its failing when I enable kerberos with SSL. The server logs show no issue, handshake is successful and server shows 200 response code. For some reason, R client is throwing an error.

The same request/response works from Postman client in all settings.

I am out of ideas. Can you please suggest what could be the issue here and what can be done to fix? The problem seems to occur on the line "ignoring response body and then issues another request" in failed response.

Here is a trace:

Successful request without authentication-

    > 
    > datajson <- postForm(url, .opts = list(userpwd=":", httpauth = 4, ssl.verifypeer = FALSE, ssl.verifyhost = FALSE, postfields=jsonReq, httpheader=headers, verbose=TRUE))
    *   Trying xxx...
    * Connected to xxx (#0)
    * successfully set certificate verify locations:
    *   CAfile: xxx
      CApath: none
    * SSL connection using TLSv1.0 / ECDHE-RSA-AES128-SHA
    * Server certificate:
    *    subject: C=Unknown; ST=Unknown; L=Unknown; O=Unknown; OU=Unknown; CN=Unknown
    *    start date: 2018-05-18 17:30:19 GMT
    *    expire date: 2028-05-15 17:30:19 GMT
    *    issuer: C=Unknown; ST=Unknown; L=Unknown; O=Unknown; OU=Unknown; CN=Unknown
    *    SSL certificate verify result: self signed certificate (18), continuing anyway.
    > POST xxx
    Host: xxx
    Accept: application/json
    Content-Type: application/json
    charset: UTF-8
    Content-Length: 684

    * upload completely sent off: 684 out of 684 bytes
    < HTTP/1.1 200 
    < X-Content-Type-Options: nosniff
    < X-XSS-Protection: 1; mode=block
    < Cache-Control: no-cache, no-store, max-age=0, must-revalidate
    < Pragma: no-cache
    < Expires: 0
    < Strict-Transport-Security: max-age=31536000 ; includeSubDomains
    < X-Frame-Options: DENY
    < X-Application-Context: application:auth-disabled
    < Set-Cookie: JSESSIONID=473690CD82915767E0999B1C350E2DD4; Path=/; Secure; HttpOnly
    < Content-Type: application/json;charset=UTF-8
    < Transfer-Encoding: chunked
    < Vary: Accept-Encoding
    < Date: Sat, 09 Jun 2018 17:08:08 GMT
    < 
    * Connection #0 to host ... left intact

Unsuccessful request with kerberos authentication enabled.

    > datajson <- postForm(url, .opts = list(userpwd=":", httpauth = 4, ssl.verifypeer = FALSE, ssl.verifyhost = FALSE, postfields=jsonReq, httpheader=headers, verbose=TRUE))
    *   Trying xxx...
    * Connected to xxx (xxx) port xxx (#0)
    * successfully set certificate verify locations:
    *   CAfile: xxx
      CApath: none
    * SSL connection using TLSv1.0 / ECDHE-RSA-AES128-SHA
    * Server certificate:
    *    subject: C=US; ST=New York; CN=xxx
    *    start date: 2018-04-02 18:05:49 GMT
    *    expire date: 2023-04-01 18:05:49 GMT
    *    SSL certificate verify result: unable to get local issuer certificate (20), continuing anyway.
    > POST /xxx HTTP/1.1
    Host: xxx
    Accept: application/json
    Content-Type: application/json
    charset: UTF-8
    Content-Length: 684

    * upload completely sent off: 684 out of 684 bytes
    < HTTP/1.1 401 
    < X-Content-Type-Options: nosniff
    < X-XSS-Protection: 1; mode=block
    < Cache-Control: no-cache, no-store, max-age=0, must-revalidate
    < Pragma: no-cache
    < Expires: 0
    < X-Frame-Options: DENY
    < WWW-Authenticate: Negotiate
    < Transfer-Encoding: chunked
    < Date: Sat, 09 Jun 2018 17:09:22 GMT
    < 
    * Ignoring the response-body
    * Connection #0 to host xxxx left intact
    * Issue another request to this URL: 'xxx'
    * Found bundle for host xxx: 0xa3cc750
    * Re-using existing connection! (#0) with host xxx
    * Connected to xxx
    * Server auth using Negotiate with user ''
    > POST xxx HTTP/1.1
    Authorization: Negotiate YIIRaAYGKwYBBQUCoIIRXDCCEVigMDAuBgkqhkiC9xIBAgIGCSqGSIb3EgECAgYKKwYBBAGCNwICHgYKKwYBBAGCNwICCqKCESIEghEeYIIRGgYJKoZIhvcSAQICAQBughEJMIIRBaADAgEFoQMCAQ6iBwMFACAAAACjgg86YYIPNjCCDzKgAwIBBaEMGwpBRC5NTFAuQ09NoikwJ6ADAgECoSAwHhsESFRUUBsWZHhzcmZwcmlza3MwMDQubWxwLmNvbaOCDvAwgg7soAMCARehAwIBAqKCDt4Egg7aUNOEB5xYYks+W0Vn0RiHygONC3jsatuz95SxSNwR/HOSBANDCV+zeqmp1pjAiNPGpCcOoUG7w3feUTmqNI3oABccto2ragCk4naslWvdMkL2EZvX+P8U2cvPaG9vJ1o01pfe2ehxRLB9JREEfx7xxOF7avUMcHppXp+8QhGmhYYemeVfEJE/RGPDsCUE3vf82Wo1x0o9/5KBfd4MeZ+h4JWEKcnVMT9JkfAb/z8loZ9mKgdjlhFjChvqmhUR
    ...
    Host: xxx
    Accept: application/json
    Content-Type: application/json
    charset: UTF-8
    Content-Length: 684

    * upload completely sent off: 684 out of 684 bytes
    < HTTP/1.1 200 
    < X-Content-Type-Options: nosniff
    < X-XSS-Protection: 1; mode=block
    < Cache-Control: no-cache, no-store, max-age=0, must-revalidate
    < Pragma: no-cache
    < Expires: 0
    < X-Frame-Options: DENY
    < Set-Cookie: JSESSIONID=70B42C7EDD0BE3140A93E34410773FCC; Path=/; Secure; HttpOnly
    < X-Application-Context: xxx
    < Content-Type: application/json;charset=UTF-8
    < Transfer-Encoding: chunked
    < Vary: Accept-Encoding
    < Date: Sat, 09 Jun 2018 17:09:24 GMT
    < 
    * Connection #0 to host xxx left intact
    Error: 
    >
user236215
  • 7,278
  • 23
  • 59
  • 87
  • What happens when you remove SSL from the picture? Seems to be an SSL not a Kerberos problem: *SSL certificate verify result: unable to get local issuer certificate (20), continuing anyway.* – T-Heron Jun 10 '18 at 11:26
  • I dont think it is SSL related. I set verifySSL and verifyPeer to false so client doesnt verify ceritificats. Also, if I just take off kerberos authentication, it works as indicated. The problem occurs in the line Ignoring response body.. – user236215 Jun 11 '18 at 19:52

0 Answers0