Login   Register  
PHP Classes
elePHPant
Icontem

Proxy with Negociate header

Recommend this page to a friend!
Stumble It! Stumble It! Bookmark in del.icio.us Bookmark in del.icio.us

      PHP HTTP protocol client  >  All threads  >  Proxy with Negociate header  >  (Un) Subscribe thread alerts  
Subject:Proxy with Negociate header
Summary:Use Http client class for proxy which accept Negociate request
Messages:7
Author:KEITA Alhassane Abdel
Date:2012-06-30 13:18:22
Update:2012-07-07 19:34:19
 

  1. Proxy with Negociate header   Reply  
Picture of KEITA Alhassane Abdel
KEITA Alhassane Abdel
2012-06-30 13:18:22
Hello Sir,

Is it possible to use this class to authentificate some kind of proxy server ? My browser use the Header "Negociate" for bypassing the proxy. I've tried to use the NTLM authentification but the login fails. Here is a sample of the code :

<?php

//...
$arguments["ProxyHostName"]="myproxyserver";
$arguments["ProxyHostPort"]="8080";
$arguments["ProxyUser"]="DOMAIN\\lebdenat";
$arguments["ProxyPassword"]="mypassword";
$arguments["ProxyRealm"]="myproxyserver"; // Proxy authentication realm or domain
$arguments["ProxyWorkstation"]="1"; // Workstation for NTLM proxy authentication

//...

?>


  2. Re: Proxy with Negociate header   Reply  
Picture of Manuel Lemos
Manuel Lemos
2012-06-30 23:58:15 - In reply to message 1 from KEITA Alhassane Abdel
Are you including the SASL library classes?

  3. Re: Proxy with Negociate header   Reply  
Picture of KEITA Alhassane Abdel
KEITA Alhassane Abdel
2012-07-01 01:05:41 - In reply to message 1 from KEITA Alhassane Abdel
yes, I've included the sasl classes.

  4. Re: Proxy with Negociate header   Reply  
Picture of Manuel Lemos
Manuel Lemos
2012-07-01 03:24:35 - In reply to message 3 from KEITA Alhassane Abdel
If it does not work, I think it is because the server only accepts Negotiate authentication without chance of falling back to some other mechanism supported by the SASL libraries.

This means that you need a new one specifically meant to support Negotiate mechanism, which basically means GSS-API Kerberos authentication on the PHP side.

PHP has a Kerberos extension but I am not sure if this can be used for client side authentication. I can try asking the author.

Anyway, if it is possible to use that extension, I could write a new mechanism class to support negotiate but I do not have a server to test it. In that case, would you be able to provide access to a server to test the eventual new Negotiate class?

  5. Re: Proxy with Negociate header   Reply  
Picture of KEITA Alhassane Abdel
KEITA Alhassane Abdel
2012-07-02 14:38:54 - In reply to message 1 from KEITA Alhassane Abdel
Sorry, I can't because I'm working on a local network. The proxy server used by our company is Isa Server 2004.

  6. Re: Proxy with Negociate header   Reply  
Picture of Manuel Lemos
Manuel Lemos
2012-07-04 06:59:04 - In reply to message 5 from KEITA Alhassane Abdel
In that case it would be very hard for me to try to do it because I would not be able to test the development.

What I can do is to guide you on how to write a new SASL class to support the Negotiate protocol. Just let me know if you would like that.

  7. Re: Proxy with Negociate header   Reply  
Picture of KEITA Alhassane Abdel
KEITA Alhassane Abdel
2012-07-07 19:34:19 - In reply to message 6 from Manuel Lemos
Ok. Thanks for your help. I'll try an other way to bypass the proxy with your library (NTLM, https etc).