genotrance
commented
4 years ago Please revert the dprint changes, we don't want to print auth info in the logs.
Closed k0l0nell closed 4 years ago
genotrance
commented
4 years ago Please revert the dprint changes, we don't want to print auth info in the logs.
k0l0nell
commented
4 years ago Please revert the dprint changes, we don't want to print auth info in the logs.
@genotrance Have reverted those. That said I'll revisit a different solution at a later point as being able to trace the auth-scheme through is important especially in "debug" mode.
I'm currently looking at implementing a solution for Negotiate falling back onto NTLM when having configured a proxy server hostname that maps to another domain name (CNAME). Do you mind if this all tags along in one PR?
k0l0nell
commented
4 years ago Closed this PR for now. Will recreate and add in issues for tracking purposes as I have more potential code that can go in this space
genotrance
commented
4 years ago Look forward to your PR, I could have merged this small one by itself.
k0l0nell
commented
4 years ago I have recreated the PRs I had locally just now. Sorry for the increased overhead but I had commited using the wrong profile and I had to get that sorted :/
Some proxy servers (e.g. ZScaler) do not adhere to the RFC2617 by not accepting the Proxy-Authorisation header value when capitalised. These tokens should be case insensitive (NEGOTIATE vs Negotiate ) but in case of Zscaler Authentication fails as a result.
This change will echo the auth-scheme back to the server exactly as it was received to ensure compatibility.