Red Hat Bugzilla – Bug 583150
NTLM Authentication needs to be supported for accessing Content Source via a proxy server
Last modified: 2016-02-21 19:57:28 EST
Created attachment 407186 [details]
Error/stack from Content Source synch request
Description of problem:
JON’s connectivity to the Customer Support Portal (CSP) currently does not
support NTLM proxy authentication. This presents a very big problem with using content management features to pull patches and perform upgrades when RHQ server is installed in a secure envrionment that uses a proxy server that requires NTLM authentication.
Version-Release number of selected component (if applicable):
Originally on JON 2.2.0
Originally error reported by user:
I was getting below error in log after I did changes for Proxy settings
and restarted the jon-server.
Proxy settings are:-
00:21:22,211 ERROR [HttpMethodDirector] Credentials cannot be used for NTLM authentication: org.apache.commons.httpclient.UsernamePasswordCredentials
See attached error and log excerpts for stacks.
Created attachment 407189 [details]
Excerpt from RHQ server log file showing NTLM Auth failure
mazz - is this a known issue? what would it take to fix?
I have no idea what this would entail to fix this. I'm not familiar with the CSP server-side plugin's connection code but I assume it means utilizing some other connection library rather than apache commons to do this. I suspect this is still a problem because we've not done any work on the CSP plugin in a while.
According to http://hc.apache.org/httpclient-3.x/authentication.html#NTLM, all that needs to be done is replace the UsernamePasswordCredentials object in JBossSoftwareContentSourceAdapter.configureProxy() with a NTCredentials object, setting the Host and Domain. Obviously that requires some additional UI to collect them too.
stefan would have a better feel for what it would take to implement this. he recently revamped the content subsystem and looked at the server plugins.