siddharthlatest
commented
7 years ago @knowit-reaktor-oslo Does Mirage use Basic Auth even when you don't supply any username and password credentials?
Closed ghost closed 6 years ago
siddharthlatest
commented
7 years ago @knowit-reaktor-oslo Does Mirage use Basic Auth even when you don't supply any username and password credentials?
havard-fjaer
commented
7 years ago No – I see I may have been unclear with what headers are coming from request and and response. I do get an input box for login before sending a request with basic auth.
(This is my private account that I mostly use; I was accidentally logged in with @knowit-reaktor-oslo account yesterday)
siddharthlatest
commented
7 years ago @havard-fjaer The input box for login that you are referring to is what Chrome browser is showing for authenticating you via NTLM/Kerberos, and at the same time, Mirage makes a request with a Basic Auth header (even though you don't set a username:password in the Mirage UI's URL field). Am I understanding this correctly?
siddharthlatest
commented
6 years ago This should be fixed now, as mirage no longer sends Basic Auth headers if you don't pass them in the URI. cc @havard-fjaer.
When authenticating with our Elasticsearch server, my browser is challenged to provide an NTML token: WWW-Authenticate:Negotiate WWW-Authenticate:NTLM
... but Mirage Chrome plugin only requests the resource using basic authentication: Authorization:Basic aW50cmFuZXR0LnNpdHMu...
As a reference, the Sense Chrome plugin uses the correct authentication method in its request: Authorization:Negotiate TlRMTVNTUAADAAAA...
Not sure how this is implemented in Mirage, but probably best to leave the authentication handling to Chrome itself?