Support NTLM Auth for System Proxy

[danbyrne]

App Details:

Postman for Windows
Version 5.3.2
win32 6.1.7601 / x64

Issue Report:

Hi Team, With further notice that the Chrome version of the app will become desupported, we have been trying (yet again) in vain to get the Windows version of Postman to successfully work with our Corporate Proxy, which happens to enforce NTLM Auth. It seems that with version 5.3, 'Windows Auth' is now an Auth mechanism for API calls, but that doesnt necessarily apply NTLM Auth to the proxy calls themselves. We need NTLM Auth support on System Proxy calls in order to make any internet based API Calls.

Currently when we attempt any internet calls, it just shows 'Could not get any response'. Looking at the Postman Console, we see more info:

"Error: tunneling socket could not be established, statusCode=407" Proxy: host:"xxxx.xxxx.lan" port:8080 match:"http+https:///" Request Headers: cache-control:"no-cache" postman-token:"b02cbcb9-c03b-4fc0-898d-d130bb0cdfbb"

We have seen HTTP407 at other times with different applications, and we generally need to specify credentials in proxy settings like 'http://user:passwd@proxy:8080/' - which is not ideal as our LAN password is cleartext - but this usually works. It doesnt seem to work in Custom proxy in Postman.

[danbyrne]

FYI it seems the only way we can work around this is to use 'another' app as a proxy for Postman, such as Fiddler (this seems to work)... but that is certainly not an elegant solution.

[mbrasier]

We are seeing the same issue, but are unable to use another proxy to work around it, so now that the chrome app is no longer supported we unfortunately can no longer use Postman. Removing the chrome app was very premature given you cant authenticate through an NTLM proxy.

[CestDiego]

We are seeing the same issue. Whenever we need to specify custom proxy like: 'http://user:passwd@proxy:8080/' Postman Custom proxy field strips that out, I imagine it's not supported, @postman-admin please work on this.

Also adding support to automatically configured proxies by giving an http endpoint that connects to a PAC file for example.

[RobCrichton]

I'm not sure whether to raise this as a different issue but even when my request is for a localhost api I'm getting the NTLM proxy authentication error. Postman appears to be ignoring the proxy exclusion list and even if I switch off proxy settings for Postman it still appears to attempt the request via the proxy as I get the 407 response again. What else can I try please?

[alvarollmenezes]

Same here, except we don't use NTLM but LDAP instead.

We usually specify custom proxies like mentioned ('http://user:passwd@proxy:8080/'). Some applications also make use of http_proxy, https_proxy and no_proxy environment variables, so we don't need to write our credentials everywhere.

[alvarollmenezes]

Me and @vizeke have already helped in https://github.com/Microsoft/Git-Credential-Manager-for-Windows with proxy issues and we are happy to help here, if needed.

We have some node.js background.

[harryi3t]

@RobCrichton

I switch off proxy settings for Postman

• I am assuming you have turned off both (global & system) the proxy settings
• Can you also make sure that the http_proxy or HTTP_PROXY environment variables are not set? If they are set, please open postman with these variables unset. If you cannot unset these variables globally try unsetting only for postman process. For windows use bat file for it. For linux/mac start postman with command line args http_proxy="" /path/to/postman

Let me know if postman still is not skipping the proxy. To confirm whether the proxy was used or not check the postman console.

[rcork]

I just got our corporate IT to allow us to install the standalone Postman app instead of using the chrome app come to find out it wont work behind our corporate firewall. Good luck trying to get enterprises to pay for Postman if you can't work with NTLM authentication.

[rcork]

@harryi3t any progress on this "feature"? This is the main reason my company wont deploy Postman broadly across our enterprise.

[vizeke]

Me and @alvarollmenezes manage to make the Postman app work behind a corporate proxy on Windows by disabling all postman proxy configs and setting the HTTP_PROXY, HTTPS_PROXY and NO_PROXY environment variables. Can you try that @rcork?

[rezanid]

In previous versions of Postman (with manual proxy support in UI) one workaround which actually worked was to set the proxy address and port manually in the File > Settings [Proxy] tab and then in you requests add a header called "Proxy-Authentication" and then for the value you first needed to base64 encode your username and password written in the following format. Domain\Username:Password which will give you something like: Q29udG9zb0phbWVzOlBAc3N3b3Jk and set the value like the following. Basic Q29udG9zb0phbWVzOlBAc3N3b3Jk

But even this one is not working in the latest version of Postman. You can still give it a try to see if it works for you.

If Postman team is not able to use single-sign-on to send the credentials / identity of the current windows user to the proxy server, you can still prompt users for credentials and cache it for couple of hours and send it with all the requests to the proxy server. This is of course a workaround but better than other hacks recommended in different issues and online discussions I see around this topic. What is the main obstacle you guys have to fix this issue once for all? This issue (Proxy + NTLM Authtentication) has been there for a long time and still there is no solution. If it is the testing, people who have this issue would be happy to help you with that.

[jerodg]

Need this feature as well.

[Jpsy]

metoo

[bsreram85]

Any updates on this ? Its been two years now, and still the issue is open ?

[Camios]

Me and @alvarollmenezes manage to make the Postman app work behind a corporate proxy on Windows by disabling all postman proxy configs and setting the HTTP_PROXY, HTTPS_PROXY and NO_PROXY environment variables.

@vizeke I tried HTTP_PROXY and HTTPS_PROXY, but it didn't work. Maybe I need to also specify NO_PROXY... what should be specified in NO_PROXY?

[Camios]

I also have this problem. See #7676

[t-mxcom]

I'd also REALLY need Postman to support NTLM when authenticating at the proxy!!! Are there any news or plans on this??

[evalero]

Hi

I'm facing this issue too.

[ajhbh]

The company I work for has changed it's proxy to NTLM authentication so we also need this feature if we're to keep using Postman.

[dgonzalo-sgt]

One more with corporate NTLM proxy authorization here... Hey, at least I can generate the cURL command using postman, then paste in my terminal... (as cURL does support NTLM proxy) ;-)

[evalero]

As workaround, I'm using cntlm to create a proxy that will tunel all conections againts the real proxy.

cntlm in sourceforge

To install and configure it, you must unzip the program at desired path, and then change the cntlm.ini config file

The fields that you should touch (can be different in your company) are:

• Usename : just the username of your windows account
• Domain: domain of your company
• Password: Your password
• Listen : By default this server will be running at port 3128, but you can change it on this parameter.
• NoProxy : a list of IP's and domains where the proxy won't be used

Here is an example of your configuration file should looks like:

After that, just execute start.cmd and you will get the server running in foreground. You can add it as a service on windows.

Finally, configure Postman to use the cntlm proxy :

I hope someone could help this information

[mungojam]

Try https://github.com/genotrance/px which doesn't need you to store your password

[maaaaz]

To support also Kerberos auth: https://github.com/L11R/escobar