I start Fiddler and go to cnn.com in my browser - no problem. Fiddler has auto-configured he browser to go thru Fiddler as a proxy. Good.
When I go to Fiddler > Rules > Require Proxy Authentication, I start getting prompted for a username and password, which is almost what I expected, and kind of cool.
So, what is that username and password?
The linked question is related, and my question is more or less answered in that answer, but this will be more clear:
username: 1
password: 1
Related
I'm having a problem to setup SSO for the intranet websites. Currently i'm working with Tomcat 8.0 and Waffle 1.8.4. They work great, but there is only 1 problem: the browsers (Firefox and IE after the settings were applied as described here and here) can not do Kerberos authentication, only NTLM.
I analyzed the traffic with Wireshark, Tomcat sends the http header field "WWW-Authenticate" and the browser answers a base64-encoded string in the header field "Authentication", that contains NTLMSSP. I guess this is not Kerberos, or is it ?
I read a post (WWW-Authenticate uses NTLM and not Kerberos), that for Kerberos to work, the server has to be registered in the AD with the command setspn.exe.
I try to get the right syntax for setspn (described here), but without any luck.
The server has the following parameters:
IP: 10.0.0.1
Service: Tomcat-Http
Port: 8080
Accountname: company-net\foobar
I use this command for setspn:
setspn -A "HTTP/10.0.0.1:8080 company-net\foobar"
but not works. Both the server and the client are in the same Windows domain, using Windows 10.
What is wrong with it?
Do i need anything else ?
Kerberos relies on DNS (valid hostnames) and SPNs to function. Looks like you've done a bit of research so far which is good. What isn't that well known is that when you point an otherwise perfectly working fine Kerberos client to the IP of a host, rather than to it's DNS hostname, Kerberos will be bypassed and the fallback authentication mechanism will be employed instead - NTLM in this case.
Michael-O, the top Kerberos contributor to this forum, said it best with his answer about this back in 2012:
Kerberos does not work with IP adresses, it relies on domain names and
correct DNS entries only.
I am using Tigase XMPP server, Server parameters that I have set are:
Jabber domain name: chat.example.com >> this is public DNS
Administrator:admin#chat.example.com
Admin Password: tigase
After installation, I can get access to admin panel by URL: http://localhost:8080/ui/ , but unfortunately I can't login with username and password that I have created during installation process. This makes me really crazy, please help.
Point is that, I can login to the server with android client with above username and pass, also when I delete and reinstall tigase and set the domain to ip address of computer in internal network it's working, but when I use DNS I everything looks good but cannot login to admin environment with username and password.
You can find the answer at this post:
https://projects.tigase.org/boards/15/topics/6939?r=6942
After submitting my Github credentials, I see the following error, even though those credentials are correct:
IntelliJ can't login to Github
Try using github.com as host address and your nickname as login.
Also, use the token instead of the credentials, this is supposed to be safer.
It should, in theory, work. If not, either:
You made a typo in your credentials.
The IDEA couldn't reach the host because its network messages were blocked on their path by a firewall or anything else. Make sure you can ping github.com and that the HTTPS (I think it's the on used here) port (443) isn't blocked by your gateway. You can also check for port 22 if you want to use SSH.
I'm trying to connect to our TFS with the Eclipse Plugin using this tutorial: https://msdn.microsoft.com/en-us/library/jj155782(v=vs.120).aspx
Unfortunately I get different error messages (depending on what I do):
#1
URL: http://< my TFS-URL >/tfs
Result: "The soap endpoint /Servies/v1.0/Registration.asmx could not be contacted. HTTP status: 404"
#2
URL: http://< my TFS-URL >/tfs/DefaultCollection
Result: "Basic credentials are only supported over HTTPS secure connections"
#3
URL: https://< my TFS-URL >/tfs (doesn't matter if DefaultCollection is there or not)
Result after about 2 minutes of waiting - I can't login at all: "Unrecognized SSL message, plaintext connection?"
The URL and the credentials are 100% right, I can connect in the browser but it wont work with Eclipse.
We are using TFS2013 and my plugin version is 14.0.2.2015... if that is somewhat important.
The problem is staring you in the face:
URL: http:///tfs/DefaultCollection Result: "Basic credentials are only supported over HTTPS secure connections"
You need to either set up TEE to not care if you send credentials over plain-text (which is bad and I strongly recommend against, but can be accomplished by setting the com.microsoft.tfs.client.allowInsecureBasic environment variable), or set up HTTPS.
Enabling Basic authentication and setting up HTTPS is something your TFS administrator will have to do.
There are other options (like Kerberos authentication) if you have your Mac joined to a Windows domain, but HTTPS + Basic authentication is probably the easiest if you don't.
I use Java Web Start. The file is on http server, that needs name and password (it's windows server). What the Java Web start does is this (with user and IP redacted):
The same on MS Windows client. There is this "Save this password in your password list" option, that does nothing at all (on both Mac OS and Windows), when running this java web start app again, it wants the password again.
Is it a bug in JWS? Or what is going on exactly?
I just had the same problem.
turns out you need to restart your web browser to have the java remember your password.
I also allowed that java cache, but i dont think that was the solution.
I've implemented a workaround for this problem. You can use some kind of cookie based authentication for supporting password authentication.
In my case when a successfull login happens using the HTTP basic authentication i send a cookie in my servlet which holds the username and password the same way the HTTP header contains it when Basic method is used (BASE64 encoded). Web Start stores this cookie in Internet Explorer's cookie store on Windows (on other systems Web Start has it's own cookie store). Web Start then sends this cookie everytime a resource is being accessed from my domain. You can specify a very long lifetime for the cookie (like 10 years) which will probably outlasts the current OS installation anyway.
On subsequent requests i check for the present of the cookie and try to validate the user according to that. If the Cookie auth is invalid and no HTTP Authorization header received (or that's invalid also) i'm sending the HTTP 401 Unauthorized status.
The disadvantage is that username and password is being stored as a cookie on the computer. The password is being sent through the network the same way as with HTTP Basic authentication just in a different header so you can protect it with HTTPS.
This also solves the lack of password remembering option on Linux Web Start.
I implemented the cookie idea, the trouble is now, how do you clear the cookie, if you want to? I mean, nice that the cookie is persistent, but what if the user wants to clear the cookie? As far as I see, the Java console has no option to do it. Clearing the web start cache doesn't seem to do it. On Windows, supposedly IE stores it, so IE gives an interface (haven't tested it myself). But on Mac and presumably Linux, I just can't find out where they are stored. Tried looking in preferences files, and tried blowing away the whole Java cache folder, but they are still stored somewhere. Anyone have an idea?