-
Notifications
You must be signed in to change notification settings - Fork 1.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Graylog v2.4.4: Proxy Basic auth problem #4788
Comments
The original implementation of the `ProxyAuthenticator` in `OkHttpClientProvider` matched the authentication scheme in a case-sensitive way, which doesn't work with all HTTP proxy servers in the wild. Fixes #4788 Reference: RFC 7235, section 2.1 > Authentication parameters are name=value pairs, where the name token > is matched case-insensitively, and each parameter name MUST only > occur once per challenge. https://tools.ietf.org/html/rfc7235#section-2.1 RFC 2617, section 1.2 > It [the authentication mechanism] uses an extensible, > case-insensitive token to identify the authentication scheme, > followed by a comma-separated list of attribute-value pairs which > carry the parameters necessary for achieving authentication via that > scheme. https://tools.ietf.org/html/rfc2617#section-1.2
The original implementation of the `ProxyAuthenticator` in `OkHttpClientProvider` matched the authentication scheme in a case-sensitive way, which doesn't work with all HTTP proxy servers in the wild. Fixes #4788 Reference: RFC 7235, section 2.1 > Authentication parameters are name=value pairs, where the name token > is matched case-insensitively, and each parameter name MUST only > occur once per challenge. https://tools.ietf.org/html/rfc7235#section-2.1 RFC 2617, section 1.2 > It [the authentication mechanism] uses an extensible, > case-insensitive token to identify the authentication scheme, > followed by a comma-separated list of attribute-value pairs which > carry the parameters necessary for achieving authentication via that > scheme. https://tools.ietf.org/html/rfc2617#section-1.2
@schindlerd Please check out, if the |
@joschi That did the trick! Thanks a lot for your efforts. |
@schindlerd Please keep the issue open until the PRs have been merged. 😉 |
…4789) The original implementation of the `ProxyAuthenticator` in `OkHttpClientProvider` matched the authentication scheme in a case-sensitive way, which doesn't work with all HTTP proxy servers in the wild. Fixes #4788 Reference: RFC 7235, section 2.1 > Authentication parameters are name=value pairs, where the name token > is matched case-insensitively, and each parameter name MUST only > occur once per challenge. https://tools.ietf.org/html/rfc7235#section-2.1 RFC 2617, section 1.2 > It [the authentication mechanism] uses an extensible, > case-insensitive token to identify the authentication scheme, > followed by a comma-separated list of attribute-value pairs which > carry the parameters necessary for achieving authentication via that > scheme. https://tools.ietf.org/html/rfc2617#section-1.2
…4790) The original implementation of the `ProxyAuthenticator` in `OkHttpClientProvider` matched the authentication scheme in a case-sensitive way, which doesn't work with all HTTP proxy servers in the wild. Fixes #4788 Reference: RFC 7235, section 2.1 > Authentication parameters are name=value pairs, where the name token > is matched case-insensitively, and each parameter name MUST only > occur once per challenge. https://tools.ietf.org/html/rfc7235#section-2.1 RFC 2617, section 1.2 > It [the authentication mechanism] uses an extensible, > case-insensitive token to identify the authentication scheme, > followed by a comma-separated list of attribute-value pairs which > carry the parameters necessary for achieving authentication via that > scheme. https://tools.ietf.org/html/rfc2617#section-1.2
@schindlerd This should be fixed in Graylog 2.4.5. |
@bernd it is working like a charm 👍 |
Great! Thanks for the feedback! 👍 |
The newly introduced proxy server authentication #4758 seems not to work with BlueCoat proxies.
Expected Behavior
When defining the correct
http_proxy_uri = http://username:password@proxy.example.com:8080
inserver.conf
it should be possible to access https://api.graylog.com/report via proxy.Current Behavior
Proxy authentication fails with java IO exception although the proxy is using BASIC authentication:
Possible Solution
Is it a problem that the proxy seems to return "BASIC" (all capital) instead of may be expected "Basic"?
Steps to Reproduce (for bugs)
server.conf
and addhttp_proxy_uri = http://username:password@proxy.example.com:8080
Context
This is a lcensing issue. We are trying to access https://api.graylog.com/report via proxy.
Your Environment
The text was updated successfully, but these errors were encountered: