NTLM authentication error
I can connect to SharePoint using java SOAP, which I generated using wsimport. I used fiddler to inspect http headers.
The header that gets sent over for successful requests are.
Authorization Header is present: NTLM
4E 54 4C 4D 53 53 50 00 03 00 00 00 18 00 18 00 NTLMSSP.........
84 00 00 00 18 00 18 00 9C 00 00 00 08 00 08 00 ....... .......
58 00 00 00 0C 00 0C 00 60 00 00 00 18 00 18 00 X.......`.......
6C 00 00 00 00 00 00 00 B4 00 00 00 05 82 88 A2 l.......´.... ¢
06 01 B1 1D 00 00 00 0F 6F 4B FC 3B DF 52 73 F8 ..±.....oKü;ßRsø
32 DC D4 D3 AB 4C 8F 26 41 00 50 00 41 00 43 00 2ÜÔÓ«L &A.P.A.C. <trunc>
-[NTLM Type3: Authentication]------------------------------
Provider: NTLMSSP
Type: 3
OS Version: 6.1:7601
Flags: 0xa2888205
Unicode supported in security buffer.
Request server's authentication realm included in Type2 reply.
NTLM authentication.
Negotiate Always Sign.
Negotiate NTLM2 Key.
Target Information block provided for use in calculation of the NTLMv2 response.
Supports 56-bit encryption.
Supports 128-bit encryption.
lmresp_Offset: 132; lmresp_Length: 24; lmresp_Length2: 24
ntresp_Offset: 156; ntresp_Length: 24; ntresp_Length2: 24
Domain_Offset: 88; Domain_Length: 8; Domain_Length2: 8
User_Offset: 96; User_Length: 12; User_Length2: 12
Host_Offset: 108; Host_Length: 24; Host_Length2: 24
msg_len: 180
Domain: APAC
User: 97xxx
Host: SINY11xxx
lm_resp: <<24 byte hex>>
nt_resp: <<24 byte hex>>
But header from soapui is different, also this always return : 401 Unauthorized always
No Proxy-Authorization Header is present.
Authorization Header is present: NTLM
4E 54 4C 4D 53 53 50 00 03 00 00 00 18 00 18 00 NTLMSSP.........
40 00 00 00 D4 00 D4 00 58 00 00 00 08 00 08 00 @...Ô.Ô.X.......
2C 01 00 00 0C 00 0C 00 34 01 00 00 18 00 18 00 ,.......4.......
40 01 00 00 00 00 00 00 58 01 00 00 35 02 08 20 @.......X...5..
88 A0 1E E3 3A B5 9D 75 DD 54 12 C9 34 0A 09 E3 .ã:µ uÝT.É4..ã
C2 F9 75 47 D2 7F AF F7 34 F4 A6 62 E3 1D B3 E2 ÂùuGÒ ¯÷4ô¦bã.³â
6C 9B EC B9 60 91 A4 7C 01 01 00 00 00 00 00 00 l ì¹` ¤|........
00 23 3A 68 14 5A CF 01 C2 F9 75 47 D2 7F AF F7 .#:h.ZÏ.ÂùuGÒ ¯÷
00 00 00 00 02 00 08 00 45 00 55 00 52 00 4F 00 ........E.U.R.O.
01 00 18 00 4C 00 4F 00 4E 00 53 00 30 00 30 00 ....L.O.N.S.0.0.
31 00 31 00 30 00 38 00 33 00 33 00 04 00 1C 00 1.1.0.8.3.3.....
6<<trunc>>
-[NTLM Type3: Authentication]------------------------------
Provider: NTLMSSP
Type: 3
OS Version: 136.160:58142
Flags: 0x20080235
Unicode supported in security buffer.
Request server's authentication realm included in Type2 reply.
Sign (integrity)
Seal (confidentiality)
NTLM authentication.
Negotiate NTLM2 Key.
Supports 128-bit encryption.
lmresp_Offset: 64; lmresp_Length: 24; lmresp_Length2: 24
ntresp_Offset: 88; ntresp_Length: 212; ntresp_Length2: 212
Domain_Offset: 300; Domain_Length: 8; Domain_Length2: 8
User_Offset: 308; User_Length: 12; User_Length2: 12
Host_Offset: 320; Host_Length: 24; Host_Length2: 24
msg_len: 344
Domain: APAC
User: 971xxx
Host: SINY11xxx
lm_resp: <<24 byte hex>>
nt_resp: <<212 byte hex>>
In SoapUI proxy is not set. Authorization is set to NTLM. I also tried SPNEGO kerberos and No authorization also.
The header that gets sent over for successful requests are.
Authorization Header is present: NTLM
4E 54 4C 4D 53 53 50 00 03 00 00 00 18 00 18 00 NTLMSSP.........
84 00 00 00 18 00 18 00 9C 00 00 00 08 00 08 00 ....... .......
58 00 00 00 0C 00 0C 00 60 00 00 00 18 00 18 00 X.......`.......
6C 00 00 00 00 00 00 00 B4 00 00 00 05 82 88 A2 l.......´.... ¢
06 01 B1 1D 00 00 00 0F 6F 4B FC 3B DF 52 73 F8 ..±.....oKü;ßRsø
32 DC D4 D3 AB 4C 8F 26 41 00 50 00 41 00 43 00 2ÜÔÓ«L &A.P.A.C. <trunc>
-[NTLM Type3: Authentication]------------------------------
Provider: NTLMSSP
Type: 3
OS Version: 6.1:7601
Flags: 0xa2888205
Unicode supported in security buffer.
Request server's authentication realm included in Type2 reply.
NTLM authentication.
Negotiate Always Sign.
Negotiate NTLM2 Key.
Target Information block provided for use in calculation of the NTLMv2 response.
Supports 56-bit encryption.
Supports 128-bit encryption.
lmresp_Offset: 132; lmresp_Length: 24; lmresp_Length2: 24
ntresp_Offset: 156; ntresp_Length: 24; ntresp_Length2: 24
Domain_Offset: 88; Domain_Length: 8; Domain_Length2: 8
User_Offset: 96; User_Length: 12; User_Length2: 12
Host_Offset: 108; Host_Length: 24; Host_Length2: 24
msg_len: 180
Domain: APAC
User: 97xxx
Host: SINY11xxx
lm_resp: <<24 byte hex>>
nt_resp: <<24 byte hex>>
But header from soapui is different, also this always return : 401 Unauthorized always
No Proxy-Authorization Header is present.
Authorization Header is present: NTLM
4E 54 4C 4D 53 53 50 00 03 00 00 00 18 00 18 00 NTLMSSP.........
40 00 00 00 D4 00 D4 00 58 00 00 00 08 00 08 00 @...Ô.Ô.X.......
2C 01 00 00 0C 00 0C 00 34 01 00 00 18 00 18 00 ,.......4.......
40 01 00 00 00 00 00 00 58 01 00 00 35 02 08 20 @.......X...5..
88 A0 1E E3 3A B5 9D 75 DD 54 12 C9 34 0A 09 E3 .ã:µ uÝT.É4..ã
C2 F9 75 47 D2 7F AF F7 34 F4 A6 62 E3 1D B3 E2 ÂùuGÒ ¯÷4ô¦bã.³â
6C 9B EC B9 60 91 A4 7C 01 01 00 00 00 00 00 00 l ì¹` ¤|........
00 23 3A 68 14 5A CF 01 C2 F9 75 47 D2 7F AF F7 .#:h.ZÏ.ÂùuGÒ ¯÷
00 00 00 00 02 00 08 00 45 00 55 00 52 00 4F 00 ........E.U.R.O.
01 00 18 00 4C 00 4F 00 4E 00 53 00 30 00 30 00 ....L.O.N.S.0.0.
31 00 31 00 30 00 38 00 33 00 33 00 04 00 1C 00 1.1.0.8.3.3.....
6<<trunc>>
-[NTLM Type3: Authentication]------------------------------
Provider: NTLMSSP
Type: 3
OS Version: 136.160:58142
Flags: 0x20080235
Unicode supported in security buffer.
Request server's authentication realm included in Type2 reply.
Sign (integrity)
Seal (confidentiality)
NTLM authentication.
Negotiate NTLM2 Key.
Supports 128-bit encryption.
lmresp_Offset: 64; lmresp_Length: 24; lmresp_Length2: 24
ntresp_Offset: 88; ntresp_Length: 212; ntresp_Length2: 212
Domain_Offset: 300; Domain_Length: 8; Domain_Length2: 8
User_Offset: 308; User_Length: 12; User_Length2: 12
Host_Offset: 320; Host_Length: 24; Host_Length2: 24
msg_len: 344
Domain: APAC
User: 971xxx
Host: SINY11xxx
lm_resp: <<24 byte hex>>
nt_resp: <<212 byte hex>>
In SoapUI proxy is not set. Authorization is set to NTLM. I also tried SPNEGO kerberos and No authorization also.
