Support for NTLM/Kerberos authentication from Chrome plugin

Question

Support for NTLM/Kerberos authentication from Chrome plugin

Opened this issue 7 years ago · 4 comments

When authenticating with our Elasticsearch server, my browser is challenged to provide an NTML token:
WWW-Authenticate:Negotiate
WWW-Authenticate:NTLM

... but Mirage Chrome plugin only requests the resource using basic authentication:
Authorization:Basic aW50cmFuZXR0LnNpdHMu...

As a reference, the Sense Chrome plugin uses the correct authentication method in its request:
Authorization:Negotiate TlRMTVNTUAADAAAA...

Not sure how this is implemented in Mirage, but probably best to leave the authentication handling to Chrome itself?

Answer 1 · 2017-10-27T06:33:42.000Z

@knowit-reaktor-oslo Does Mirage use Basic Auth even when you don't supply any username and password credentials?

Answer 2 · 2017-10-27T07:28:47.000Z

No – I see I may have been unclear with what headers are coming from request and and response.
I do get an input box for login before sending a request with basic auth.

(This is my private account that I mostly use; I was accidentally logged in with @knowit-reaktor-oslo account yesterday)

Answer 3 · 2017-10-28T18:33:57.000Z

@havard-fjaer The input box for login that you are referring to is what Chrome browser is showing for authenticating you via NTLM/Kerberos, and at the same time, Mirage makes a request with a Basic Auth header (even though you don't set a username:password in the Mirage UI's URL field). Am I understanding this correctly?

Answer 4 · 2018-01-25T14:18:20.000Z

This should be fixed now, as mirage no longer sends Basic Auth headers if you don't pass them in the URI. cc @havard-fjaer.