Oxygen XML Forum


https://www.oxygenxml.com/forum/

Windows Integrated Authentication (NTLM) failing when requesting images in document

https://www.oxygenxml.com/forum/viewtopic.php?t=7218

Page 1 of 1

Windows Integrated Authentication (NTLM) failing when requesting images in document

Posted: Tue Sep 11, 2012 9:09 pm
by clinton.farleigh
I am having trouble getting authentication working in XML Author when I have images contained within a document that are located on IIS 7.5 with integrated windows authentication turned on. I understand that Oxygen is supposed to support NTLM but it does not seem to work (reference: http://oxygenxml.com/whatisnew9.2.html). I am able to get basic authentication to work.

I have two questions:
1. What authentication protocols/mechanisms are supported in Oxygen (i.e. SPNEGO, Kerberos, NTLM)?

2. Is there something in my current attempt to get NTLM authentication working that I am missing or doing incorrectly? When I load a document that contains an image which is located on the IIS server, I am prompted for my username and password. When I enter this information, authentication appears to fail and I receive the username and password dialog again and again. My username and password is working with basic authentication.

I enabled debug logging (added appropriate log4j.properties file to Oxygen install directory) and I see that Oxygen appears to be attempting authentication via NTLM. Here is an abridged version of my Oxygen log:

Resolving href as simple URI:http://imageservicestest/images/01.png

Code: Select all

...

59530 DEBUG [ AWT-EventQueue-0 ] org.apache.commons.httpclient.params.DefaultHttpParams - Set parameter http.useragent = Oxygen XML Editor/14.0

59530 DEBUG [ AWT-EventQueue-0 ] ro.sync.net.protocol.http.WebdavHttpURLConnection - WebDav connection to: http://imageservicestest/images/01.png

59530 DEBUG [ AWT-EventQueue-0 ] ro.sync.net.protocol.http.WebdavHttpURLConnection - Get Input Stream for :http://imageservicestest/images/01.png

59530 DEBUG [ AWT-EventQueue-0 ] org.apache.commons.httpclient.params.DefaultHttpParams - Set parameter http.authentication.credential-provider = ro.sync.net.protocol.http.e@584edf4a

59530 DEBUG [ AWT-EventQueue-0 ] ro.sync.net.protocol.http.e - Init credentials from:http://imageservicestest/images/01.png

59530 DEBUG [ AWT-EventQueue-0 ] ro.sync.net.protocol.http.e - Init proxy for:http://imageservicestest/images/01.png

59530 DEBUG [ AWT-EventQueue-0 ] ro.sync.net.protocol.http.c - Get proxy data http://imageservicestest/images/01.png state:1

59530 DEBUG [ AWT-EventQueue-0 ] ro.sync.net.protocol.http.c - Current proxy conf:ro.sync.net.protocol.http.c$2@6262937c

59530 DEBUG [ AWT-EventQueue-0 ] ro.sync.net.protocol.http.c - Get proxy selector returns:ro.sync.net.protocol.http.c$2@6262937c

59530 DEBUG [ AWT-EventQueue-0 ] ro.sync.net.protocol.http.c - Detected system proxies for:http://imageservicestest/images/01.png is:[DIRECT]

59530 DEBUG [ AWT-EventQueue-0 ] ro.sync.net.protocol.http.c - Get proxy data returns null for:http://imageservicestest/images/01.png

59530 DEBUG [ AWT-EventQueue-0 ] org.apache.commons.httpclient.HttpClient - enter HttpClient.executeMethod(HostConfiguration,HttpMethod)

...

59530 DEBUG [ AWT-EventQueue-0 ] org.apache.commons.httpclient.HttpClient - enter HttpClient.executeMethod(HostConfiguration,HttpMethod,HttpState)

...

59530 DEBUG [ AWT-EventQueue-0 ] org.apache.commons.httpclient.HttpConnection - enter HttpConnection.open()

59530 DEBUG [ AWT-EventQueue-0 ] org.apache.commons.httpclient.HttpConnection - Open connection to imageservicestest:80

59530 DEBUG [ AWT-EventQueue-0 ] org.apache.commons.httpclient.HttpMethodBase - enter HttpMethodBase.execute(HttpState, HttpConnection)

59530 DEBUG [ AWT-EventQueue-0 ] org.apache.commons.httpclient.HttpMethodBase - enter HttpMethodBase.writeRequest(HttpState, HttpConnection)

59530 DEBUG [ AWT-EventQueue-0 ] org.apache.commons.httpclient.HttpMethodBase - enter HttpMethodBase.writeRequestLine(HttpState, HttpConnection)

59530 DEBUG [ AWT-EventQueue-0 ] org.apache.commons.httpclient.HttpMethodBase - enter HttpMethodBase.generateRequestLine(HttpConnection, String, String, String, String)

59530 DEBUG [ AWT-EventQueue-0 ] httpclient.wire.header - >> "GET /images/01.png HTTP/1.1[\r][\n]"

...

59530 DEBUG [ AWT-EventQueue-0 ] org.apache.commons.httpclient.HttpParser - enter HttpParser.readRawLine()

59608 DEBUG [ AWT-EventQueue-0 ] httpclient.wire.header - << "HTTP/1.1 401 Unauthorized[\r][\n]"

59608 DEBUG [ AWT-EventQueue-0 ] httpclient.wire.header - << "HTTP/1.1 401 Unauthorized[\r][\n]"

59608 DEBUG [ AWT-EventQueue-0 ] org.apache.commons.httpclient.HttpMethodBase - enter HttpMethodBase.readResponseHeaders(HttpState,HttpConnection)

59608 DEBUG [ AWT-EventQueue-0 ] org.apache.commons.httpclient.HttpConnection - enter HttpConnection.getResponseInputStream()

59608 DEBUG [ AWT-EventQueue-0 ] org.apache.commons.httpclient.HttpParser - enter HeaderParser.parseHeaders(InputStream, String)

59608 DEBUG [ AWT-EventQueue-0 ] org.apache.commons.httpclient.HttpParser - enter HttpParser.readLine(InputStream, String)

59608 DEBUG [ AWT-EventQueue-0 ] org.apache.commons.httpclient.HttpParser - enter HttpParser.readRawLine()

59608 DEBUG [ AWT-EventQueue-0 ] httpclient.wire.header - << "Content-Type: text/html[\r][\n]"

59608 DEBUG [ AWT-EventQueue-0 ] org.apache.commons.httpclient.HttpParser - enter HttpParser.readLine(InputStream, String)

59608 DEBUG [ AWT-EventQueue-0 ] org.apache.commons.httpclient.HttpParser - enter HttpParser.readRawLine()

59608 DEBUG [ AWT-EventQueue-0 ] httpclient.wire.header - << "Server: Microsoft-IIS/7.5[\r][\n]"

59608 DEBUG [ AWT-EventQueue-0 ] org.apache.commons.httpclient.HttpParser - enter HttpParser.readLine(InputStream, String)

59608 DEBUG [ AWT-EventQueue-0 ] org.apache.commons.httpclient.HttpParser - enter HttpParser.readRawLine()

59608 DEBUG [ AWT-EventQueue-0 ] httpclient.wire.header - << "WWW-Authenticate: Negotiate[\r][\n]"

59608 DEBUG [ AWT-EventQueue-0 ] org.apache.commons.httpclient.HttpParser - enter HttpParser.readLine(InputStream, String)

59608 DEBUG [ AWT-EventQueue-0 ] org.apache.commons.httpclient.HttpParser - enter HttpParser.readRawLine()

59608 DEBUG [ AWT-EventQueue-0 ] httpclient.wire.header - << "WWW-Authenticate: NTLM[\r][\n]"

59608 DEBUG [ AWT-EventQueue-0 ] org.apache.commons.httpclient.HttpParser - enter HttpParser.readLine(InputStream, String)

59608 DEBUG [ AWT-EventQueue-0 ] org.apache.commons.httpclient.HttpParser - enter HttpParser.readRawLine()

59608 DEBUG [ AWT-EventQueue-0 ] httpclient.wire.header - << "X-Powered-By: ASP.NET[\r][\n]"

59608 DEBUG [ AWT-EventQueue-0 ] org.apache.commons.httpclient.HttpParser - enter HttpParser.readLine(InputStream, String)

59608 DEBUG [ AWT-EventQueue-0 ] org.apache.commons.httpclient.HttpParser - enter HttpParser.readRawLine()

59608 DEBUG [ AWT-EventQueue-0 ] httpclient.wire.header - << "Date: Tue, 11 Sep 2012 17:46:25 GMT[\r][\n]"

59608 DEBUG [ AWT-EventQueue-0 ] org.apache.commons.httpclient.HttpParser - enter HttpParser.readLine(InputStream, String)

59608 DEBUG [ AWT-EventQueue-0 ] org.apache.commons.httpclient.HttpParser - enter HttpParser.readRawLine()

59608 DEBUG [ AWT-EventQueue-0 ] httpclient.wire.header - << "Content-Length: 1293[\r][\n]"

59608 DEBUG [ AWT-EventQueue-0 ] org.apache.commons.httpclient.HttpParser - enter HttpParser.readLine(InputStream, String)

59608 DEBUG [ AWT-EventQueue-0 ] org.apache.commons.httpclient.HttpParser - enter HttpParser.readRawLine()

59608 DEBUG [ AWT-EventQueue-0 ] httpclient.wire.header - << "[\r][\n]"

59608 DEBUG [ AWT-EventQueue-0 ] org.apache.commons.httpclient.HttpMethodBase - enter HttpMethodBase.processResponseHeaders(HttpState, HttpConnection)

59608 DEBUG [ AWT-EventQueue-0 ] org.apache.commons.httpclient.HttpMethodBase - enter HttpMethodBase.processCookieHeaders(Header[], HttpState, HttpConnection)

59608 DEBUG [ AWT-EventQueue-0 ] org.apache.commons.httpclient.HttpMethodBase - enter HttpMethodBase.readResponseBody(HttpState, HttpConnection)

59608 DEBUG [ AWT-EventQueue-0 ] org.apache.commons.httpclient.HttpMethodBase - enter HttpMethodBase.readResponseBody(HttpConnection)

59608 DEBUG [ AWT-EventQueue-0 ] org.apache.commons.httpclient.HttpConnection - enter HttpConnection.getResponseInputStream()

59608 DEBUG [ AWT-EventQueue-0 ] org.apache.commons.httpclient.HttpMethodBase - enter HttpMethodBase.canResponseHaveBody(int)

59608 DEBUG [ AWT-EventQueue-0 ] org.apache.commons.httpclient.HttpMethodDirector - Authorization required

59608 DEBUG [ AWT-EventQueue-0 ] org.apache.commons.httpclient.HttpMethodDirector - enter HttpMethodBase.processAuthenticationResponse(HttpState, HttpConnection)

59608 DEBUG [ AWT-EventQueue-0 ] org.apache.commons.httpclient.auth.AuthChallengeProcessor - Supported authentication schemes in the order of preference: [ntlm, digest, basic]

59608 INFO [ AWT-EventQueue-0 ] org.apache.commons.httpclient.auth.AuthChallengeProcessor - ntlm authentication scheme selected

59608 DEBUG [ AWT-EventQueue-0 ] org.apache.commons.httpclient.auth.AuthChallengeProcessor - Using authentication scheme: ntlm

59608 DEBUG [ AWT-EventQueue-0 ] org.apache.commons.httpclient.auth.AuthChallengeProcessor - Authorization challenge processed

59608 DEBUG [ AWT-EventQueue-0 ] org.apache.commons.httpclient.HttpMethodDirector - Authentication scope: NTLM <any realm>@imageservicestest:80

59608 DEBUG [ AWT-EventQueue-0 ] org.apache.commons.httpclient.HttpState - enter HttpState.getCredentials(AuthScope)

59608 DEBUG [ AWT-EventQueue-0 ] org.apache.commons.httpclient.HttpMethodDirector - Credentials required

59608 DEBUG [ AWT-EventQueue-0 ] ro.sync.net.protocol.http.e - 1481563978:: Get credentials for:imageservicestest :80 proxy: false first:true

59608 DEBUG [ AWT-EventQueue-0 ] ro.sync.net.protocol.http.e - No proxy set. detected credentials:null first auth: true

59624 DEBUG [ AWT-EventQueue-0 ] ro.sync.io.ab - Get ProgressTracker instance

59624 DEBUG [ AWT-EventQueue-0 ] ro.sync.io.ab - setIsCanceled called false

59624 DEBUG [ AWT-EventQueue-0 ] ro.sync.udc.b - Called :DIALOG_OPEN/Authorization_required

59624 DEBUG [ AWT-EventQueue-0 ] ro.sync.ui.application.ApplicationDialog - The focused window is:  ro.sync.exml.MainFrame[frame0,-8,-8,1936x1056,invalid,layout=java.awt.BorderLayout,title=TITLE1 51-50-31200_clint_test.xml [test.xml] - <oXygen/> XML Author,resizable,maximized,defaultCloseOperation=DO_NOTHING_ON_CLOSE,rootPane=javax.swing.JRootPane[,8,30,1920x1018,invalid,layout=javax.swing.JRootPane$RootLayout,alignmentX=0.0,alignmentY=0.0,border=,flags=16777673,maximumSize=,minimumSize=,preferredSize=],rootPaneCheckingEnabled=true]

59624 DEBUG [ AWT-EventQueue-0 ] ro.sync.ui.application.ApplicationDialog - Focused window from the current KeyboardFocusManager: ro.sync.exml.MainFrame[frame0,-8,-8,1936x1056,invalid,layout=java.awt.BorderLayout,title=TITLE1 51-50-31200_clint_test.xml [test.xml] - <oXygen/> XML Author,resizable,maximized,defaultCloseOperation=DO_NOTHING_ON_CLOSE,rootPane=javax.swing.JRootPane[,8,30,1920x1018,invalid,layout=javax.swing.JRootPane$RootLayout,alignmentX=0.0,alignmentY=0.0,border=,flags=16777673,maximumSize=,minimumSize=,preferredSize=],rootPaneCheckingEnabled=true]

59624 DEBUG [ AWT-EventQueue-0 ] ro.sync.ui.application.ApplicationDialog - The top window: ro.sync.exml.MainFrame[frame0,-8,-8,1936x1056,invalid,layout=java.awt.BorderLayout,title=TITLE1 51-50-31200_clint_test.xml [test.xml] - <oXygen/> XML Author,resizable,maximized,defaultCloseOperation=DO_NOTHING_ON_CLOSE,rootPane=javax.swing.JRootPane[,8,30,1920x1018,invalid,layout=javax.swing.JRootPane$RootLayout,alignmentX=0.0,alignmentY=0.0,border=,flags=16777673,maximumSize=,minimumSize=,preferredSize=],rootPaneCheckingEnabled=true]

59624 DEBUG [ AWT-EventQueue-0 ] ro.sync.ui.application.ApplicationDialog - Using the focused frame:ro.sync.exml.MainFrame[frame0,-8,-8,1936x1056,invalid,layout=java.awt.BorderLayout,title=TITLE1 51-50-31200_clint_test.xml [test.xml] - <oXygen/> XML Author,resizable,maximized,defaultCloseOperation=DO_NOTHING_ON_CLOSE,rootPane=javax.swing.JRootPane[,8,30,1920x1018,invalid,layout=javax.swing.JRootPane$RootLayout,alignmentX=0.0,alignmentY=0.0,border=,flags=16777673,maximumSize=,minimumSize=,preferredSize=],rootPaneCheckingEnabled=true]
Thanks,
Clint

Re: Windows Integrated Authentication (NTLM) failing when requesting images in document

Posted: Wed Sep 12, 2012 5:52 pm
by adrian
Hello,

1. For HTTP Oxygen supports basic access authentication, digest access authentication and NTLM authentication. Note that NTLMv2 is not yet supported, but we do plan to support it soon.

2. Can you check if your IIS is using NTLMv2 authentication or some other variation of NTLM? That would explain the cause of the problem.

Regards,
Adrian

Re: Windows Integrated Authentication (NTLM) failing when requesting images in document

Posted: Tue Sep 18, 2012 12:41 am
by clinton.farleigh
When will you be supporting NTLM v2?

Re: Windows Integrated Authentication (NTLM) failing when requesting images in document

Posted: Tue Sep 18, 2012 4:43 pm
by adrian
Hi,

We are actually working right now on supporting this (we are updating the HTTP client), but I believe this won't be ready in time for v14.1. Expect it to be ready in v14.2.

Regards,
Adrian

Re: Windows Integrated Authentication (NTLM) failing when requesting images in document

Posted: Thu Feb 14, 2013 1:15 pm
by adrian
Hi,

Oxygen v14.2 has just been released and it now supports NTLM v2 authentication.
Download <oXygen/> XML Editor, Author or Developer

Regards,
Adrian
All times are UTC+03:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited