X
Tap here to go to the mobile version of the site.

Support Forum

NTLM over GSSAPI/SPENGO authentication

Posted

I am testing NTLM over GSSAPI/SPENGO functionality that our proxy supports.

On mac (OSX 10.8.2), I have got FF (15.0) browser. I have added the proxy to the browser, updated network.negotiate-auth.trusted-uri, network.negotiate-auth.delegation-uris and network.automatic-ntlm-auth.trusted-uri tp point to the forward proxy I am using.

When I browse a website, here is what happens -

(proxy to FF) Proxy-Authenticate: Negotiate

(FF to proxy) Proxy-Authorization: Negotiate YEgGBisGAQUFAqA+MDygDjAMBgorBgEEAYI3AgIKoioEKE5UTE1TU1AAAQAAAAUCiGIAAAAAGAAAAAAAAAAYAAAABgGwHQ8AAAA=

(proxy to FF) Proxy-Authenticate: Negotiate oYHyMIHvoAMKAQGhDAYKKwYBBAGCNwICCqKB2QSB1k5UTE1TU1AAAgAAAAoACgAwAAAABQKJYvNEPJKZ57ZWAAAAAAAAAACcAJwAOgAAAFcAMgAwADAAOAACAAoAVwAyADAAMAA4AAEAFgBWAE0AMQAwAEIAUwBEADAAMgA3ADMABAAoAGQAZQB2AC4AcwBiAHIALgBpAHIAbwBuAHAAbwByAHQALgBjAG8AbQADAEAAdgBtADEAMABiAHMAZAAwADIANwAzAC4AZABlAHYALgBzAGIAcgAuAGkAcgBvAG4AcABvAHIAdAAuAGMAbwBtAAAAAAA=


Then FF does not respond back, instead shows "This Page Cannot Be Displayed" When I did packetcapture, it shows that FF tries to do NTLMSSP over SPENGO and sends "negTokenInit" with NTLMSSP_NEGOTIATE. When Proxy sends "negTokenTarg" with NTLMSSP_CHALLENGE, the browser does not respond back.

Please let me know if you need any more information.

I am testing NTLM over GSSAPI/SPENGO functionality that our proxy supports. On mac (OSX 10.8.2), I have got FF (15.0) browser. I have added the proxy to the browser, updated network.negotiate-auth.trusted-uri, network.negotiate-auth.delegation-uris and network.automatic-ntlm-auth.trusted-uri tp point to the forward proxy I am using. When I browse a website, here is what happens - (proxy to FF) Proxy-Authenticate: Negotiate (FF to proxy) Proxy-Authorization: Negotiate YEgGBisGAQUFAqA+MDygDjAMBgorBgEEAYI3AgIKoioEKE5UTE1TU1AAAQAAAAUCiGIAAAAAGAAAAAAAAAAYAAAABgGwHQ8AAAA= (proxy to FF) Proxy-Authenticate: Negotiate oYHyMIHvoAMKAQGhDAYKKwYBBAGCNwICCqKB2QSB1k5UTE1TU1AAAgAAAAoACgAwAAAABQKJYvNEPJKZ57ZWAAAAAAAAAACcAJwAOgAAAFcAMgAwADAAOAACAAoAVwAyADAAMAA4AAEAFgBWAE0AMQAwAEIAUwBEADAAMgA3ADMABAAoAGQAZQB2AC4AcwBiAHIALgBpAHIAbwBuAHAAbwByAHQALgBjAG8AbQADAEAAdgBtADEAMABiAHMAZAAwADIANwAzAC4AZABlAHYALgBzAGIAcgAuAGkAcgBvAG4AcABvAHIAdAAuAGMAbwBtAAAAAAA= Then FF does not respond back, instead shows "This Page Cannot Be Displayed" When I did packetcapture, it shows that FF tries to do NTLMSSP over SPENGO and sends "negTokenInit" with NTLMSSP_NEGOTIATE. When Proxy sends "negTokenTarg" with NTLMSSP_CHALLENGE, the browser does not respond back. Please let me know if you need any more information.

Additional System Details

Installed Plug-ins

  • Version 3.13.2.11592
  • Google Talk Plugin Video Accelerator version:0.1.44.23
  • Shockwave Flash 11.5 r502
  • Displays Java applet content, or a placeholder if Java is not installed.
  • WebEx64 General Plugin Container Version 205
  • The QuickTime Plugin allows you to view a wide variety of multimedia content in web pages. For more information, visit the QuickTime Web site.
  • Microsoft Office for Mac SharePoint Browser Plug-in
  • Office Live Update v1.0
  • Adobe Shockwave for Director Netscape plug-in, version 11.6.5
  • Picasa plugin.
  • npmnqmp 071706000001
  • iPhoto6

Application

  • User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:15.0) Gecko/20100101 Firefox/15.0

More Information

Tyler Downer
  • Top 25 Contributor
  • Administrator
  • Moderator
1196 solutions 7841 answers

Try updating to Firefox 18.0.2 first, the proxy support has been improved in that version.

Try updating to Firefox 18.0.2 first, the proxy support has been improved in that version.

Question owner

I tried 18.0.2, I see same issue. FF does not respond to NTLM_CHALLENGE over GSSAPI.

I tried 18.0.2, I see same issue. FF does not respond to NTLM_CHALLENGE over GSSAPI.

Question owner

Looks like I have the issue as explained in section - "Negotiate external libraries" at http://dev.chromium.org/developers/design-documents/http-authentication

Looks like I have the issue as explained in section - "Negotiate external libraries" at http://dev.chromium.org/developers/design-documents/http-authentication