401 - Unable to authenticate via cy.ntlm

[sham-christopher]

Hi, I'm getting a 401 authentication error while using cy.ntlm. I'm trying to run this on Jenkins (linux-x64 (Red Hat Linux - 8.8)). Locally I cannot get it to work as well without doing a "cy.visit(url, {failOnStatusCode: false})". When I set it to true, it fails with a 401. On Jenkins it fails with a 401 when the failOnStatusCode is set to true but when it is set to false I get the below error.

DEBUG=cypress:plugin:ntlm-auth

• npx cypress-ntlm run --env TAGS=@aite-dqp 2024-04-16T19:43:36.760Z cypress:plugin:ntlm-auth Adding localhost to NO_PROXY to disable localhost proxying 2024-04-16T19:43:36.761Z cypress:plugin:ntlm-auth Adding 127.0.0.1 to NO_PROXY to disable loopback proxying 2024-04-16T19:43:36.761Z cypress:plugin:ntlm-auth Starting ntlm-proxy... 2024-04-16T19:43:36.766Z cypress:plugin:ntlm-auth NTLM auth config API listening on: http://127.0.0.1:44844/ 2024-04-16T19:43:36.778Z cypress:plugin:ntlm-auth NTLM auth proxy listening on : http://127.0.0.1:36615/ 2024-04-16T19:43:36.779Z cypress:plugin:ntlm-auth Startup done! 2024-04-16T19:43:36.780Z cypress:plugin:ntlm-auth { configApiUrl: 'http://127.0.0.1:44844/', ntlmProxyUrl: 'http://127.0.0.1:36615/' } 2024-04-16T19:43:36.781Z cypress:plugin:ntlm-auth Running tests through Cypress... [1542:0416/214337.866970:ERROR:zygote_host_impl_linux.cc(273)] Failed to adjust OOM score of renderer with pid 1692: Permission denied (13)

DevTools listening on ws://127.0.0.1:38226/devtools/browser/59f30b77-bd36-4dd4-9b57-df59aa51f437 [cypress-allure-adapter] running on 58054 port 2024-04-16T19:43:41.501Z cypress:plugin:ntlm-auth getTargetHost - host header company.internalsite.net 2024-04-16T19:43:41.511Z cypress:plugin:ntlm-auth Created agent for client 127.0.0.1:55420 to target https://company.internalsite.net/ 2024-04-16T19:43:41.511Z cypress:plugin:ntlm-auth Request to https://company.internalsite.net/ - pass on 2024-04-16T19:43:41.641Z cypress:plugin:ntlm-auth getTargetHost - host header company.internalsite.net 2024-04-16T19:43:41.646Z cypress:plugin:ntlm-auth Removed agent for 127.0.0.1:55420 due to socket.close

tput: No value for $TERM and no -T specified

(Run Starting)

┌────────────────────────────────────────────────────────────────────────────────────────────────┐ │ Cypress: 13.7.0 │ │ Browser: Electron 118 (headless) │ │ Node Version: v18.16.0 (/opt/node/18/bin/node) │ │ Specs: 1 found (SanitySuite.feature) │ │ Searched: cypress/e2e/features/SanitySuite.feature │ └────────────────────────────────────────────────────────────────────────────────────────────────┘

────────────────────────────────────────────────────────────────────────────────────────────────────

Running: SanitySuite.feature (1 of 1) [1542:0416/214341.767121:ERROR:zygote_host_impl_linux.cc(273)] Failed to adjust OOM score of renderer with pid 2053: Permission denied (13) 2024-04-16T19:43:42.219Z cypress:plugin:ntlm-auth getTargetHost - host header redirector.gvt1.com 2024-04-16T19:43:42.220Z cypress:plugin:ntlm-auth Created agent for client 127.0.0.1:36794 to target https://redirector.gvt1.com/ 2024-04-16T19:43:42.221Z cypress:plugin:ntlm-auth Request to https://redirector.gvt1.com/ - pass on cypress-ntlm-auth: Certificate validation failed for "redirector.gvt1.com". ENOTFOUND 2024-04-16T19:43:42.240Z cypress:plugin:ntlm-auth WARN: Certificate validation failed for "redirector.gvt1.com". Error: getaddrinfo ENOTFOUND redirector.gvt1.com at GetAddrInfoReqWrap.onlookup [as oncomplete] (node:dns:107:26) { errno: -3008, code: 'ENOTFOUND', syscall: 'getaddrinfo', hostname: 'redirector.gvt1.com' }

Sanity Suite Feature 2024-04-16T19:43:52.151Z cypress:plugin:ntlm-auth getTargetHost - host header 127.0.0.1:44844 2024-04-16T19:43:52.151Z cypress:plugin:ntlm-auth Created agent for client 127.0.0.1:55154 to target http://127.0.0.1:44844/ 2024-04-16T19:43:52.151Z cypress:plugin:ntlm-auth Request to config API 2024-04-16T19:43:52.151Z cypress:plugin:ntlm-auth Created untracked agent for target http://127.0.0.1:44844/ 2024-04-16T19:43:52.167Z cypress:plugin:ntlm-auth Received valid NTLM config update 2024-04-16T19:43:52.167Z cypress:plugin:ntlm-auth Added new hosts [ 'company.internalsite.net' ] 2024-04-16T19:43:52.170Z cypress:plugin:ntlm-auth getTargetHost - host header 127.0.0.1:44844 2024-04-16T19:43:52.208Z cypress:plugin:ntlm-auth getTargetHost - host header company.internalsite.net 2024-04-16T19:43:52.208Z cypress:plugin:ntlm-auth Created agent for client 127.0.0.1:38984 to target https://company.internalsite.net/ 2024-04-16T19:43:52.208Z cypress:plugin:ntlm-auth Request to https://company.internalsite.net/ in registered NTLM Hosts 2024-04-16T19:43:52.326Z cypress:plugin:ntlm-auth getTargetHost - host header company.internalsite.net 2024-04-16T19:43:52.327Z cypress:plugin:ntlm-auth Received 401 with unsupported protocol in www-authenticate header. Negotiate Ignoring. 2024-04-16T19:43:57.173Z cypress:plugin:ntlm-auth Removed agent for 127.0.0.1:55154 due to socket.close 2024-04-16T19:43:57.329Z cypress:plugin:ntlm-auth Removed agent for 127.0.0.1:38984 due to socket.close

These are the steps that I use

cy.ntlm(['company.internalsite.net'], username, password); cy.visit(url, {failOnStatusCode: false});

[bjowes]

As stated in the logs, the plugin receives a 401 with an unsupported protocol from the site. The protocol is Negotiate. The plugin only supports Negotiate when used with SSO (cy.ntlmSso), which the plugin only supports on Windows. Also, SSO imposes limits on acting as other users. If you can use Windows as the test runner and don't need to act as different windows users for the tests, try using cy.ntlmSso. Otherwise, the site needs to be configured to allow NTLM.

[sham-christopher]

Thanks Björn. I will close this.