Forums | Admin

Discussion Forums: help

Start New Thread Start New Thread
Message: 15602
BY: Justin Bailey (m4dc4p)
DATE: 2006-12-01 17:04
SUBJECT: RE: Not authenticating correctly

 

Ron,

First, thanks for your patience with this process. I did some research and I think the problem is that rubysspi is not sending "Keep-Alive" headers to the proxy server. Instead, it was sending "Connection: Close" headers. This KB article at Microsoft implies older ISA servers would just close the connection, even though that breaks integrated authentication:

http://support.microsoft.com/kb/923766/en-us

Some code is below if you wish to modify your proxy_auth.rb that applies my change. You can also email me at jgbailey at gmail dot com and I can send you a new gem that you could install too. Let me know!

To patch proxy_auth.rb, just add these two lines:

req["Connection"] = "Keep-Alive"
req["Proxy-Connection"] = "Keep-Alive"

After each 'req["Proxy-Authorization"]' statement.

The complete block looks like:

if res.kind_of?(HTTPProxyAuthenticationRequired) && proxy? && res["Proxy-Authenticate"].include?("Negotiate")
begin
n = SSPI::NegotiateAuth.new
res.reading_body(@socket, req.response_body_permitted?) { }
end_transport req, res
begin_transport req
req["Proxy-Authorization"] = "Negotiate #{n.get_initial_token}"
req["Connection"] = "Keep-Alive"
req["Proxy-Connection"] = "Keep-Alive"
req.exec @socket, @curr_http_version, edit_path(req.path)
begin
res = HTTPResponse.read_new(@socket)
end while res.kind_of?(HTTPContinue)
if res["Proxy-Authenticate"]
res.reading_body(@socket, req.response_body_permitted?) { }
req["Proxy-Authorization"] = "Negotiate #{n.complete_authentication res["Proxy-Authenticate"]}"
req["Connection"] = "Keep-Alive"
req["Proxy-Connection"] = "Keep-Alive"
req.exec @socket, @curr_http_version, edit_path(req.path)
begin
res = HTTPResponse.read_new(@socket)
end while res.kind_of?(HTTPContinue)
end
rescue
exc = $!.exception("Error occurred during proxy negotiation. socket.io: #{@socket.inspect}; socket.closed? #{@socket.closed?}; req: #{req.inspect}; res: #{res.inspect}; Original message: #{$!.message}")
exc.set_backtrace $!.backtrace
raise exc
end
end


Thread View

Thread Author Date
Not authenticating correctlyRon Evans2006-11-20 21:42
      RE: Not authenticating correctlyJustin Bailey2006-11-20 22:04
            RE: Not authenticating correctlyRon Evans2006-11-20 22:27
                  RE: Not authenticating correctlyJustin Bailey2006-11-20 23:09
                        RE: Not authenticating correctlyRon Evans2006-11-21 00:02
                              RE: Not authenticating correctlyJustin Bailey2006-11-21 16:29
                                    RE: Not authenticating correctlyRon Evans2006-11-21 21:38
                                          RE: Not authenticating correctlyJustin Bailey2006-11-27 21:38
                                                RE: Not authenticating correctlyRon Evans2006-11-28 19:25
                                                      RE: Not authenticating correctlyJustin Bailey2006-11-28 21:48
                                                            RE: Not authenticating correctlyRon Evans2006-11-28 23:30
                                                                  RE: Not authenticating correctlyJustin Bailey2006-12-01 17:04
                                                                        RE: Not authenticating correctlyRon Evans2006-12-01 18:59
                                                                              RE: Not authenticating correctlyJustin Bailey2006-12-01 19:49

Post a followup to this message