The ArcGISServerAuth and ArcGISPortalAuth first attempts token authentication, and if that fails it will inspect the 'www-authenticate' headers for an HTTP 401 (un-authorized). If it finds that it will attempt kerberos first (if the 'negotiate' value is present) and then it will attempt NTLM (if kerberos does not work).
If the initial request URL supports kerberos, but returns an HTTP 302 (redirect), the code will attempt NTLM. This behavior should not happen as a 302 is a successful request. The code is explicitly looking for an HTTP 200 response before it sets the _instanceof attribute and executes its inherited class init method.
The ArcGISServerAuth and ArcGISPortalAuth first attempts token authentication, and if that fails it will inspect the 'www-authenticate' headers for an HTTP 401 (un-authorized). If it finds that it will attempt kerberos first (if the 'negotiate' value is present) and then it will attempt NTLM (if kerberos does not work).
If the initial request URL supports kerberos, but returns an HTTP 302 (redirect), the code will attempt NTLM. This behavior should not happen as a 302 is a successful request. The code is explicitly looking for an HTTP 200 response before it sets the _instanceof attribute and executes its inherited class init method.
Fix this bug to check for the response status OK -http://docs.python-requests.org/en/master/api/#requests.Response.ok