Windows Integrated Authentication (NTLM) failing when requesting images in document
Oxygen general issues.
-
clinton.farleigh
- Posts: 2
- Joined: Tue Sep 11, 2012 8:10 pm
Windows Integrated Authentication (NTLM) failing when requesting images in document
Post by clinton.farleigh »
I am having trouble getting authentication working in XML Author when I have images contained within a document that are located on IIS 7.5 with integrated windows authentication turned on. I understand that Oxygen is supposed to support NTLM but it does not seem to work (reference: http://oxygenxml.com/whatisnew9.2.html). I am able to get basic authentication to work.
I have two questions:
1. What authentication protocols/mechanisms are supported in Oxygen (i.e. SPNEGO, Kerberos, NTLM)?
2. Is there something in my current attempt to get NTLM authentication working that I am missing or doing incorrectly? When I load a document that contains an image which is located on the IIS server, I am prompted for my username and password. When I enter this information, authentication appears to fail and I receive the username and password dialog again and again. My username and password is working with basic authentication.
I enabled debug logging (added appropriate log4j.properties file to Oxygen install directory) and I see that Oxygen appears to be attempting authentication via NTLM. Here is an abridged version of my Oxygen log:
Resolving href as simple URI:http://imageservicestest/images/01.png
Thanks,
Clint
I have two questions:
1. What authentication protocols/mechanisms are supported in Oxygen (i.e. SPNEGO, Kerberos, NTLM)?
2. Is there something in my current attempt to get NTLM authentication working that I am missing or doing incorrectly? When I load a document that contains an image which is located on the IIS server, I am prompted for my username and password. When I enter this information, authentication appears to fail and I receive the username and password dialog again and again. My username and password is working with basic authentication.
I enabled debug logging (added appropriate log4j.properties file to Oxygen install directory) and I see that Oxygen appears to be attempting authentication via NTLM. Here is an abridged version of my Oxygen log:
Resolving href as simple URI:http://imageservicestest/images/01.png
Code: Select all
...
59530 DEBUG [ AWT-EventQueue-0 ] org.apache.commons.httpclient.params.DefaultHttpParams - Set parameter http.useragent = Oxygen XML Editor/14.0
59530 DEBUG [ AWT-EventQueue-0 ] ro.sync.net.protocol.http.WebdavHttpURLConnection - WebDav connection to: http://imageservicestest/images/01.png
59530 DEBUG [ AWT-EventQueue-0 ] ro.sync.net.protocol.http.WebdavHttpURLConnection - Get Input Stream for :http://imageservicestest/images/01.png
59530 DEBUG [ AWT-EventQueue-0 ] org.apache.commons.httpclient.params.DefaultHttpParams - Set parameter http.authentication.credential-provider = ro.sync.net.protocol.http.e@584edf4a
59530 DEBUG [ AWT-EventQueue-0 ] ro.sync.net.protocol.http.e - Init credentials from:http://imageservicestest/images/01.png
59530 DEBUG [ AWT-EventQueue-0 ] ro.sync.net.protocol.http.e - Init proxy for:http://imageservicestest/images/01.png
59530 DEBUG [ AWT-EventQueue-0 ] ro.sync.net.protocol.http.c - Get proxy data http://imageservicestest/images/01.png state:1
59530 DEBUG [ AWT-EventQueue-0 ] ro.sync.net.protocol.http.c - Current proxy conf:ro.sync.net.protocol.http.c$2@6262937c
59530 DEBUG [ AWT-EventQueue-0 ] ro.sync.net.protocol.http.c - Get proxy selector returns:ro.sync.net.protocol.http.c$2@6262937c
59530 DEBUG [ AWT-EventQueue-0 ] ro.sync.net.protocol.http.c - Detected system proxies for:http://imageservicestest/images/01.png is:[DIRECT]
59530 DEBUG [ AWT-EventQueue-0 ] ro.sync.net.protocol.http.c - Get proxy data returns null for:http://imageservicestest/images/01.png
59530 DEBUG [ AWT-EventQueue-0 ] org.apache.commons.httpclient.HttpClient - enter HttpClient.executeMethod(HostConfiguration,HttpMethod)
...
59530 DEBUG [ AWT-EventQueue-0 ] org.apache.commons.httpclient.HttpClient - enter HttpClient.executeMethod(HostConfiguration,HttpMethod,HttpState)
...
59530 DEBUG [ AWT-EventQueue-0 ] org.apache.commons.httpclient.HttpConnection - enter HttpConnection.open()
59530 DEBUG [ AWT-EventQueue-0 ] org.apache.commons.httpclient.HttpConnection - Open connection to imageservicestest:80
59530 DEBUG [ AWT-EventQueue-0 ] org.apache.commons.httpclient.HttpMethodBase - enter HttpMethodBase.execute(HttpState, HttpConnection)
59530 DEBUG [ AWT-EventQueue-0 ] org.apache.commons.httpclient.HttpMethodBase - enter HttpMethodBase.writeRequest(HttpState, HttpConnection)
59530 DEBUG [ AWT-EventQueue-0 ] org.apache.commons.httpclient.HttpMethodBase - enter HttpMethodBase.writeRequestLine(HttpState, HttpConnection)
59530 DEBUG [ AWT-EventQueue-0 ] org.apache.commons.httpclient.HttpMethodBase - enter HttpMethodBase.generateRequestLine(HttpConnection, String, String, String, String)
59530 DEBUG [ AWT-EventQueue-0 ] httpclient.wire.header - >> "GET /images/01.png HTTP/1.1[\r][\n]"
...
59530 DEBUG [ AWT-EventQueue-0 ] org.apache.commons.httpclient.HttpParser - enter HttpParser.readRawLine()
59608 DEBUG [ AWT-EventQueue-0 ] httpclient.wire.header - << "HTTP/1.1 401 Unauthorized[\r][\n]"
59608 DEBUG [ AWT-EventQueue-0 ] httpclient.wire.header - << "HTTP/1.1 401 Unauthorized[\r][\n]"
59608 DEBUG [ AWT-EventQueue-0 ] org.apache.commons.httpclient.HttpMethodBase - enter HttpMethodBase.readResponseHeaders(HttpState,HttpConnection)
59608 DEBUG [ AWT-EventQueue-0 ] org.apache.commons.httpclient.HttpConnection - enter HttpConnection.getResponseInputStream()
59608 DEBUG [ AWT-EventQueue-0 ] org.apache.commons.httpclient.HttpParser - enter HeaderParser.parseHeaders(InputStream, String)
59608 DEBUG [ AWT-EventQueue-0 ] org.apache.commons.httpclient.HttpParser - enter HttpParser.readLine(InputStream, String)
59608 DEBUG [ AWT-EventQueue-0 ] org.apache.commons.httpclient.HttpParser - enter HttpParser.readRawLine()
59608 DEBUG [ AWT-EventQueue-0 ] httpclient.wire.header - << "Content-Type: text/html[\r][\n]"
59608 DEBUG [ AWT-EventQueue-0 ] org.apache.commons.httpclient.HttpParser - enter HttpParser.readLine(InputStream, String)
59608 DEBUG [ AWT-EventQueue-0 ] org.apache.commons.httpclient.HttpParser - enter HttpParser.readRawLine()
59608 DEBUG [ AWT-EventQueue-0 ] httpclient.wire.header - << "Server: Microsoft-IIS/7.5[\r][\n]"
59608 DEBUG [ AWT-EventQueue-0 ] org.apache.commons.httpclient.HttpParser - enter HttpParser.readLine(InputStream, String)
59608 DEBUG [ AWT-EventQueue-0 ] org.apache.commons.httpclient.HttpParser - enter HttpParser.readRawLine()
59608 DEBUG [ AWT-EventQueue-0 ] httpclient.wire.header - << "WWW-Authenticate: Negotiate[\r][\n]"
59608 DEBUG [ AWT-EventQueue-0 ] org.apache.commons.httpclient.HttpParser - enter HttpParser.readLine(InputStream, String)
59608 DEBUG [ AWT-EventQueue-0 ] org.apache.commons.httpclient.HttpParser - enter HttpParser.readRawLine()
59608 DEBUG [ AWT-EventQueue-0 ] httpclient.wire.header - << "WWW-Authenticate: NTLM[\r][\n]"
59608 DEBUG [ AWT-EventQueue-0 ] org.apache.commons.httpclient.HttpParser - enter HttpParser.readLine(InputStream, String)
59608 DEBUG [ AWT-EventQueue-0 ] org.apache.commons.httpclient.HttpParser - enter HttpParser.readRawLine()
59608 DEBUG [ AWT-EventQueue-0 ] httpclient.wire.header - << "X-Powered-By: ASP.NET[\r][\n]"
59608 DEBUG [ AWT-EventQueue-0 ] org.apache.commons.httpclient.HttpParser - enter HttpParser.readLine(InputStream, String)
59608 DEBUG [ AWT-EventQueue-0 ] org.apache.commons.httpclient.HttpParser - enter HttpParser.readRawLine()
59608 DEBUG [ AWT-EventQueue-0 ] httpclient.wire.header - << "Date: Tue, 11 Sep 2012 17:46:25 GMT[\r][\n]"
59608 DEBUG [ AWT-EventQueue-0 ] org.apache.commons.httpclient.HttpParser - enter HttpParser.readLine(InputStream, String)
59608 DEBUG [ AWT-EventQueue-0 ] org.apache.commons.httpclient.HttpParser - enter HttpParser.readRawLine()
59608 DEBUG [ AWT-EventQueue-0 ] httpclient.wire.header - << "Content-Length: 1293[\r][\n]"
59608 DEBUG [ AWT-EventQueue-0 ] org.apache.commons.httpclient.HttpParser - enter HttpParser.readLine(InputStream, String)
59608 DEBUG [ AWT-EventQueue-0 ] org.apache.commons.httpclient.HttpParser - enter HttpParser.readRawLine()
59608 DEBUG [ AWT-EventQueue-0 ] httpclient.wire.header - << "[\r][\n]"
59608 DEBUG [ AWT-EventQueue-0 ] org.apache.commons.httpclient.HttpMethodBase - enter HttpMethodBase.processResponseHeaders(HttpState, HttpConnection)
59608 DEBUG [ AWT-EventQueue-0 ] org.apache.commons.httpclient.HttpMethodBase - enter HttpMethodBase.processCookieHeaders(Header[], HttpState, HttpConnection)
59608 DEBUG [ AWT-EventQueue-0 ] org.apache.commons.httpclient.HttpMethodBase - enter HttpMethodBase.readResponseBody(HttpState, HttpConnection)
59608 DEBUG [ AWT-EventQueue-0 ] org.apache.commons.httpclient.HttpMethodBase - enter HttpMethodBase.readResponseBody(HttpConnection)
59608 DEBUG [ AWT-EventQueue-0 ] org.apache.commons.httpclient.HttpConnection - enter HttpConnection.getResponseInputStream()
59608 DEBUG [ AWT-EventQueue-0 ] org.apache.commons.httpclient.HttpMethodBase - enter HttpMethodBase.canResponseHaveBody(int)
59608 DEBUG [ AWT-EventQueue-0 ] org.apache.commons.httpclient.HttpMethodDirector - Authorization required
59608 DEBUG [ AWT-EventQueue-0 ] org.apache.commons.httpclient.HttpMethodDirector - enter HttpMethodBase.processAuthenticationResponse(HttpState, HttpConnection)
59608 DEBUG [ AWT-EventQueue-0 ] org.apache.commons.httpclient.auth.AuthChallengeProcessor - Supported authentication schemes in the order of preference: [ntlm, digest, basic]
59608 INFO [ AWT-EventQueue-0 ] org.apache.commons.httpclient.auth.AuthChallengeProcessor - ntlm authentication scheme selected
59608 DEBUG [ AWT-EventQueue-0 ] org.apache.commons.httpclient.auth.AuthChallengeProcessor - Using authentication scheme: ntlm
59608 DEBUG [ AWT-EventQueue-0 ] org.apache.commons.httpclient.auth.AuthChallengeProcessor - Authorization challenge processed
59608 DEBUG [ AWT-EventQueue-0 ] org.apache.commons.httpclient.HttpMethodDirector - Authentication scope: NTLM <any realm>@imageservicestest:80
59608 DEBUG [ AWT-EventQueue-0 ] org.apache.commons.httpclient.HttpState - enter HttpState.getCredentials(AuthScope)
59608 DEBUG [ AWT-EventQueue-0 ] org.apache.commons.httpclient.HttpMethodDirector - Credentials required
59608 DEBUG [ AWT-EventQueue-0 ] ro.sync.net.protocol.http.e - 1481563978:: Get credentials for:imageservicestest :80 proxy: false first:true
59608 DEBUG [ AWT-EventQueue-0 ] ro.sync.net.protocol.http.e - No proxy set. detected credentials:null first auth: true
59624 DEBUG [ AWT-EventQueue-0 ] ro.sync.io.ab - Get ProgressTracker instance
59624 DEBUG [ AWT-EventQueue-0 ] ro.sync.io.ab - setIsCanceled called false
59624 DEBUG [ AWT-EventQueue-0 ] ro.sync.udc.b - Called :DIALOG_OPEN/Authorization_required
59624 DEBUG [ AWT-EventQueue-0 ] ro.sync.ui.application.ApplicationDialog - The focused window is: ro.sync.exml.MainFrame[frame0,-8,-8,1936x1056,invalid,layout=java.awt.BorderLayout,title=TITLE1 51-50-31200_clint_test.xml [test.xml] - <oXygen/> XML Author,resizable,maximized,defaultCloseOperation=DO_NOTHING_ON_CLOSE,rootPane=javax.swing.JRootPane[,8,30,1920x1018,invalid,layout=javax.swing.JRootPane$RootLayout,alignmentX=0.0,alignmentY=0.0,border=,flags=16777673,maximumSize=,minimumSize=,preferredSize=],rootPaneCheckingEnabled=true]
59624 DEBUG [ AWT-EventQueue-0 ] ro.sync.ui.application.ApplicationDialog - Focused window from the current KeyboardFocusManager: ro.sync.exml.MainFrame[frame0,-8,-8,1936x1056,invalid,layout=java.awt.BorderLayout,title=TITLE1 51-50-31200_clint_test.xml [test.xml] - <oXygen/> XML Author,resizable,maximized,defaultCloseOperation=DO_NOTHING_ON_CLOSE,rootPane=javax.swing.JRootPane[,8,30,1920x1018,invalid,layout=javax.swing.JRootPane$RootLayout,alignmentX=0.0,alignmentY=0.0,border=,flags=16777673,maximumSize=,minimumSize=,preferredSize=],rootPaneCheckingEnabled=true]
59624 DEBUG [ AWT-EventQueue-0 ] ro.sync.ui.application.ApplicationDialog - The top window: ro.sync.exml.MainFrame[frame0,-8,-8,1936x1056,invalid,layout=java.awt.BorderLayout,title=TITLE1 51-50-31200_clint_test.xml [test.xml] - <oXygen/> XML Author,resizable,maximized,defaultCloseOperation=DO_NOTHING_ON_CLOSE,rootPane=javax.swing.JRootPane[,8,30,1920x1018,invalid,layout=javax.swing.JRootPane$RootLayout,alignmentX=0.0,alignmentY=0.0,border=,flags=16777673,maximumSize=,minimumSize=,preferredSize=],rootPaneCheckingEnabled=true]
59624 DEBUG [ AWT-EventQueue-0 ] ro.sync.ui.application.ApplicationDialog - Using the focused frame:ro.sync.exml.MainFrame[frame0,-8,-8,1936x1056,invalid,layout=java.awt.BorderLayout,title=TITLE1 51-50-31200_clint_test.xml [test.xml] - <oXygen/> XML Author,resizable,maximized,defaultCloseOperation=DO_NOTHING_ON_CLOSE,rootPane=javax.swing.JRootPane[,8,30,1920x1018,invalid,layout=javax.swing.JRootPane$RootLayout,alignmentX=0.0,alignmentY=0.0,border=,flags=16777673,maximumSize=,minimumSize=,preferredSize=],rootPaneCheckingEnabled=true]
Clint
-
adrian
- Posts: 2879
- Joined: Tue May 17, 2005 4:01 pm
Re: Windows Integrated Authentication (NTLM) failing when requesting images in document
Hello,
1. For HTTP Oxygen supports basic access authentication, digest access authentication and NTLM authentication. Note that NTLMv2 is not yet supported, but we do plan to support it soon.
2. Can you check if your IIS is using NTLMv2 authentication or some other variation of NTLM? That would explain the cause of the problem.
Regards,
Adrian
1. For HTTP Oxygen supports basic access authentication, digest access authentication and NTLM authentication. Note that NTLMv2 is not yet supported, but we do plan to support it soon.
2. Can you check if your IIS is using NTLMv2 authentication or some other variation of NTLM? That would explain the cause of the problem.
Regards,
Adrian
Adrian Buza
<oXygen/> XML Editor, Schema Editor and XSLT Editor/Debugger
http://www.oxygenxml.com
<oXygen/> XML Editor, Schema Editor and XSLT Editor/Debugger
http://www.oxygenxml.com
-
clinton.farleigh
- Posts: 2
- Joined: Tue Sep 11, 2012 8:10 pm
Re: Windows Integrated Authentication (NTLM) failing when requesting images in document
Post by clinton.farleigh »
When will you be supporting NTLM v2?
-
adrian
- Posts: 2879
- Joined: Tue May 17, 2005 4:01 pm
Re: Windows Integrated Authentication (NTLM) failing when requesting images in document
Hi,
We are actually working right now on supporting this (we are updating the HTTP client), but I believe this won't be ready in time for v14.1. Expect it to be ready in v14.2.
Regards,
Adrian
We are actually working right now on supporting this (we are updating the HTTP client), but I believe this won't be ready in time for v14.1. Expect it to be ready in v14.2.
Regards,
Adrian
Adrian Buza
<oXygen/> XML Editor, Schema Editor and XSLT Editor/Debugger
http://www.oxygenxml.com
<oXygen/> XML Editor, Schema Editor and XSLT Editor/Debugger
http://www.oxygenxml.com
-
adrian
- Posts: 2879
- Joined: Tue May 17, 2005 4:01 pm
Re: Windows Integrated Authentication (NTLM) failing when requesting images in document
Hi,
Oxygen v14.2 has just been released and it now supports NTLM v2 authentication.
Download <oXygen/> XML Editor, Author or Developer
Regards,
Adrian
Oxygen v14.2 has just been released and it now supports NTLM v2 authentication.
Download <oXygen/> XML Editor, Author or Developer
Regards,
Adrian
Adrian Buza
<oXygen/> XML Editor, Schema Editor and XSLT Editor/Debugger
http://www.oxygenxml.com
<oXygen/> XML Editor, Schema Editor and XSLT Editor/Debugger
http://www.oxygenxml.com
Jump to
- Oxygen XML Editor/Author/Developer
- ↳ Feature Request
- ↳ Common Problems
- ↳ DITA (Editing and Publishing DITA Content)
- ↳ SDK-API, Frameworks - Document Types
- ↳ DocBook
- ↳ TEI
- ↳ XHTML
- ↳ Other Issues
- Oxygen XML Web Author
- ↳ Feature Request
- ↳ Common Problems
- Oxygen Content Fusion
- ↳ Feature Request
- ↳ Common Problems
- Oxygen JSON Editor
- ↳ Feature Request
- ↳ Common Problems
- Oxygen PDF Chemistry
- ↳ Feature Request
- ↳ Common Problems
- Oxygen Feedback
- ↳ Feature Request
- ↳ Common Problems
- Oxygen XML WebHelp
- ↳ Feature Request
- ↳ Common Problems
- XML
- ↳ General XML Questions
- ↳ XSLT and FOP
- ↳ XML Schemas
- ↳ XQuery
- NVDL
- ↳ General NVDL Issues
- ↳ oNVDL Related Issues
- XML Services Market
- ↳ Offer a Service