Status code 401 with NTLM HTTPS4 HTTP4

Latest response

Hi,

Have problem with NTLM and HTTP4(s).

Version:

<fuse.version>7.6.0.fuse-760027-redhat-00001</fuse.version>

<dependency>
  <groupId>org.apache.camel</groupId>
  <artifactId>camel-http4</artifactId>
</dependency>

Trying following failes with status code 401.

Case 1 (HTTPS4):

<to id="idFetchWOSec" uri="https4://{{env:cloudserviceendpoint}}?authMethod={{env:authMethod}}&amp;authMethodPriority={{env:authMethodPriority}}&amp;authUsername={{env:authUsername}}&amp;authPassword={{env:authPassword}}&amp;authDomain={{env:authDomain}};bridgeEndpoint=true"/>

Case 2 (HTTP4):

<to id="idFetchWOSec" uri="http4://{{env:cloudserviceendpoint}}:443?authMethod={{env:authMethod}}&amp;authMethodPriority={{env:authMethodPriority}}&amp;authUsername={{env:authUsername}}&amp;authPassword={{env:authPassword}}&amp;authDomain={{env:authDomain}};bridgeEndpoint=true"/>

Case 3 (HTTPS4 wo. bridgeEndpoint):

<to id="idFetchWOSec" uri="https4://{{env:cloudserviceendpoint}}?authMethod={{env:authMethod}}&amp;authMethodPriority={{env:authMethodPriority}}&amp;authUsername={{env:authUsername}}&amp;authPassword={{env:authPassword}}&amp;authDomain={{env:authDomain}}"/>

When we do a test 'curl' call to the server we actually get the data, but there is a handshake procedure as following.

CALL:

curl https://URL/SERVICEPATH/v1/ID?processid=539CDD592A15478F8496BB09385BB5D6 -v --ntlm -u eur/USR:PWD

RESULT:

* About to connect() to HOST port 443 (#0)
*   Trying HOST...
* Connected to HOST (IP) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
*   CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
* SSL connection using TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
* Server certificate:
*       subject: CN=HOST,O=ORG,L=Stockholm,C=SE
*       start date: Oct 18 10:14:16 2017 GMT
*       expire date: Oct 17 10:14:16 2021 GMT
*       common name: HOST
*       issuer: CN=ORG Issuing CA 6,DC=ORG,DC=com
* Server auth using NTLM with user 'eur/USR'
> GET /SERVICEPATH/v1/ID?processid=539CDD592A15478F8496BB09385BB5D6  HTTP/1.1
> Authorization: NTLM TlRMTVNTUAABAAAABoIIAAAAAAAAAAAAAAAAAAAAAAA=
> User-Agent: curl/7.29.0
> Host: HOST
> Accept: */*
>
< HTTP/1.1 401 Unauthorized
< Cache-Control: private
< Content-Type: text/html; charset=utf-8
< Server: Microsoft-IIS/8.5
< WWW-Authenticate: Negotiate
< WWW-Authenticate: NTLM
< X-Powered-By: ASP.NET
< Date: Fri, 02 Jul 2021 10:38:20 GMT
< Content-Length: 6525
<
* Ignoring the response-body
* Connection #0 to host HOST left intact
* Issue another request to this URL: 'https://URL/SERVICEPATH/v1/ID?processid=539CDD592A15478F8496BB09385BB5D6'
* Found bundle for host HOST: 0x1ed51d0
* Re-using existing connection! (#0) with host HOST
* Connected to HOST (IP) port 443 (#0)
* Server auth using NTLM with user 'eur/USR'
> GET /SERVICEPATH/v1/ID?processid=539CDD592A15478F8496BB09385BB5D6 HTTP/1.1
> Authorization: NTLM TlRMTVNTUAABAAAABoIIAAAAAAAAAAAAAAAAAAAAAAA=
> User-Agent: curl/7.29.0
> Host: HOST
> Accept: */*
>
< HTTP/1.1 401 Unauthorized
< Content-Type: text/html; charset=us-ascii
< Server: Microsoft-HTTPAPI/2.0
< WWW-Authenticate: NTLM TlRMTVNTUAACAAAAAwADADgAAAAGgokCw5P0dTM9jzQAAAAAAAAAANoA2gA7AAAABgOAJQAAAA9FVVICAAYARQBVAFIAAQAWAFMAQQBWAEkAUABTAFkANAA5ADUANgAEAC4AZQB1AHIALgBjAG8AcgBwAC4AdgBhAHQAdABlAG4AZgBhAGwAbAAuAGMAbwBtAAMARgBzAGEAdgBpAHAAcwB5ADQAOQA1ADYALgBlAHUAcgAuAGMAbwByAHAALgB2AGEAdAB0AGUAbgBmAGEAbABsAC4AYwBvAG0ABQAmAGMAbwByAHAALgB2AGEAdAB0AGUAbgBmAGEAbABsAC4AYwBvAG0ABwAIAGAIcGAub9cBAAAAAA==
< Date: Fri, 02 Jul 2021 10:38:20 GMT
< Content-Length: 341
<
* Ignoring the response-body
* Connection #0 to host HOST left intact
* Issue another request to this URL: 'https://URL/SERVICEPATH/v1/ID?processid=539CDD592A15478F8496BB09385BB5D6'
* Found bundle for host HOST: 0x1ed51d0
* Re-using existing connection! (#0) with host HOST
* Connected to HOST (IP) port 443 (#0)
* Server auth using NTLM with user 'eur/USR'
> GET /SERVICEPATH/v1/ID?processid=539CDD592A15478F8496BB09385BB5D6  HTTP/1.1
> Authorization: NTLM TlRMTVNTUAADAAAAGAAYAEAAAAAYABgAWAAAAAMAAwBwAAAADAAMAHMAAAALAAsAfwAAAAAAAAAAAAAABoKJAjeswn5VPmM/AAAAAAAAAAAAAAAAAAAAAPWw/rs1dl9X1ZgLGNEblgM/l3USPeP1vmV1clMxQlNUTFZJUFRTVHNhYnN0ZnUzMzY5
> User-Agent: curl/7.29.0
> Host: HOST
> Accept: */*
>
< HTTP/1.1 200 OK
< Content-Type: application/json;charset=utf-8
< Server: Microsoft-IIS/8.5
< Persistent-Auth: true
< X-Powered-By: ASP.NET
< Date: Fri, 02 Jul 2021 10:38:24 GMT
< Content-Length: 5245
<
{
...SUCCESSFUL DATA AS RESULT...
}

Tried to use the kbs:
- Camel HTTPS4 component is having problems authenticating services secured with NTLM over HTTPS - year 2018 'https://access.redhat.com/solutions/1454993'
- NTLM Authentication issue with camel-http against Windows IIS 8 - year 2015 'https://access.redhat.com/solutions/3516771'*
without success....

Should we use some of the additional http4 query parameters?

Best regards,
Fredrik

FB

Responses