cancel
Showing results for 
Search instead for 
Did you mean: 

NTLM over GSSAPI/SPENGO authentication

Highlighted
New Contributor

NTLM over GSSAPI/SPENGO authentication

I am testing NTLM over GSSAPI/SPENGO functionality that our proxy supports.

On mac (OSX 10.8.2), I have got FF (15.0) browser. I have added the proxy to the browser, updated network.negotiate-auth.trusted-uri, network.negotiate-auth.delegation-uris and network.automatic-ntlm-auth.trusted-uri tp point to the forward proxy I am using.

When I browse a website, here is what happens -

(proxy to FF) Proxy-Authenticate: Negotiate

(FF to proxy) Proxy-Authorization: Negotiate YEgGBisGAQUFAqA+MDygDjAMBgorBgEEAYI3AgIKoioEKE5UTE1TU1AAAQAAAAUCiGIAAAAAGAAAAAAAAAAYAAAABgGwHQ8AAAA=

(proxy to FF) Proxy-Authenticate: Negotiate oYHyMIHvoAMKAQGhDAYKKwYBBAGCNwICCqKB2QSB1k5UTE1TU1AAAgAAAAoACgAwAAAABQKJYvNEPJKZ57ZWAAAAAAAAAACcAJwAOgAAAFcAMgAwADAAOAACAAoAVwAyADAAMAA4AAEAFgBWAE0AMQAwAEIAUwBEADAAMgA3ADMABAAoAGQAZQB2AC4AcwBiAHIALgBpAHIAbwBuAHAAbwByAHQALgBjAG8AbQADAEAAdgBtADEAMABiAHMAZAAwADIANwAzAC4AZABlAHYALgBzAGIAcgAuAGkAcgBvAG4AcABvAHIAdAAuAGMAbwBtAAAAAAA=


Then FF does not respond back, instead shows "This Page Cannot Be Displayed" When I did packetcapture, it shows that FF tries to do NTLMSSP over SPENGO and sends "negTokenInit" with NTLMSSP_NEGOTIATE. When Proxy sends "negTokenTarg" with NTLMSSP_CHALLENGE, the browser does not respond back.

Please let me know if you need any more information.

3 REPLIES
Site Moderator

Re: NTLM over GSSAPI/SPENGO authentication

Try updating to Firefox 18.0.2 first, the proxy support has been improved in that version.

New Contributor

Re: NTLM over GSSAPI/SPENGO authentication

I tried 18.0.2, I see same issue. FF does not respond to NTLM_CHALLENGE over GSSAPI.

New Contributor

Re: NTLM over GSSAPI/SPENGO authentication

Looks like I have the issue as explained in section - "Negotiate external libraries" at http://dev.chromium.org/developers/design-documents/http-authentication