search

igvteam / igv

Integrative Genomics Viewer. Fast, efficient, scalable visualization tool for genomics data and annotations
https://igv.org
MIT License
646 stars 387 forks source link

'Proxy authentication required' exception #1467

Closed ubuntolog closed 3 months ago

ubuntolog commented 10 months ago

I have noticed an issue with the 2.17.0 release. When using a proxy server, IGV ignores proxy credentials (login window is not displayed, credentials from the config file are ignored) and prints out 'Proxy authentication required' exception in the log file. A brief research indicates that it has something to do with the changes in the security policy of the new Java. I came up with a solution that looks like a small change in net.properties of my Java distribution: jdk.http.auth.proxying.disabledSchemes has to be unset (empty)

In my net.properties I simply commented out the corresponding line:

jdk.http.auth.proxying.disabledSchemes=

jdk.http.auth.tunneling.disabledSchemes=Basic

I just wanted to let you know, since other people may also have similar issues.

jrobinso commented 10 months ago

@ubuntolog Thanks for this update. Leave this issue open until we have a solution.

jrobinso commented 10 months ago

@ubuntolog Do you have some reference or suggested web search for the "changes in security policy" referenced above? Thanks.

ubuntolog commented 10 months ago

I have looked into the problem more closely. It seems that Oracle has disabled basic HTTP authentication by default since Java 8: https://www.oracle.com/java/technologies/javase/8u111-relnotes.html

The issue with the proxy originates from the Java that comes with IGV 2.17.0 by default. It is using Oracle's default settings (jdk.http.auth.tunneling.disabledSchemes=Basic). Somehow our previous Java distributions used with IGV were configured to have basic HTTP authentication enabled (possibly one of the former colleagues did that, at least I have never changed the configs manually).

Strictly speaking, the issue is not new and is not really a bug. However, people who are using IGV with a proxy server that requires a basic HTTP authentication need to know how to configure Java correctly. IGV does not report the problem explicitly enough (only if one looks at the log file, it is possible to get some idea about what is going on)

jrobinso commented 10 months ago

OK, thanks for the details. I will see if we can catch this and give a better error message. Leave it open as a reminder to do that.

jrobinso commented 3 months ago

@helgathorv We should add a note about this in our documentation, something like this

To enable basic authentication with proxy servers you must edit the net.properties file of your java distribution and comment out the following line

jdk.http.auth.tunneling.disabledSchemes=Basic