Feature #1545
Add ability to manually declare the authentication type
0%
Description
https://answers.splunk.com/answers/469223/is-it-possible-to-switch-to-windows-authentication.html
Need to offer the ability to specify authentication types of basic, advanced, NTLM, auto-detect.
History
#1
Updated by Luke Murphey about 8 years ago
Updated by Can test here: http://ntlm.herokuapp.com/
Or using http://blog.michelbarneveld.nl/michel/archive/2009/12/05/kerberos-authentication-tester.aspx or this: https://blogs.msdn.microsoft.com/friis/2013/01/08/asp-net-authentication-test-page/
See here for details: http://serverfault.com/questions/595035/testing-ntlm-kerberos-against-a-public-url
#2
Updated by Luke Murphey about 8 years ago
Might want to add kerberos authentication https://pypi.python.org/pypi/requests-kerberos or https://github.com/requests/requests-kerberos
#3
Updated by Luke Murphey about 8 years ago
It turns out that authentication auto detection wasn't working correctly. The headers are returned in lowercase (see https://github.com/kennethreitz/requests/issues/1561) but the app assumed they would be in the original case.
#4
Updated by Luke Murphey about 8 years ago
It turns out that the auth header can be a tuple: https://github.com/chimurai/http-proxy-middleware/issues/39
#6
Updated by Luke Murphey about 8 years ago
I faked an NTLM session;
- Server responds with 401 and Www-Authenticate: NTLM
- Client provides challenge Authorization: NTLM TlRMTVNTUAABAAAAB4IIAAAAAAAAAAAAAAAAAAAAAAA=
- Server responds with 401 and Www-Authenticate: NTLM TlRMTVNTUAACAAAAAAAAACgAAAABAAAAAAAAAAAAAAA=
- Client provides Authorization: NTLM TlRMTVNTUAADAAAAGAAYAGwAAAAYABgAhAAAAAgACABAAAAACAAIAEgAAAAcABwAUAAAAAAAAAAAAAAAAQAAAHQAZQBzAHQAdABlAHMAdABsAG0AdQByAHAAaABlAHkALQBtAGIAcAAxADUAgiKGu7ODU4Zx7W3Y2A23BfV9JN+XMe+FgiKGu7ODU4Zx7W3Y2A23BfV9JN+XMe+F
- Server responds with a 200
#7
Updated by Luke Murphey about 8 years ago
- Target version deleted (
2.0)
#8
Updated by Luke Murphey over 7 years ago
- Priority changed from Normal to Low