Uploaded image for project: 'Mule'
  1. Mule
  2. MULE-17110

NTLM authentication with dynamic credentials is successful despite credentials changes

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: To be reviewed
    • Resolution: Done
    • Affects Version/s: 3.9.1 (EE Only), 3.10.0, HTTP Service 1.4.3
    • Fix Version/s: 1_14-MULE-011
    • Component/s: Modules: HTTP
    • Security Level: Public
    • Labels:
    • Severity:
      S2
    • Bug Boosted:
      No
    • Defect Source:
      Dev Bug
    • Story Points:
      0
    • Sprint:
      Prod Eng - Loki 08/14
    • Severity Label:
      S2 (Regular)
    • Affects:
      nothing

      Description

      When a HTTP requester with NTLM authentication is used with an expression in the credentials, the following happens:

      1. The flow is executed with the expression resolving the correct credentials. This makes the requester establish an authenticated session ** with the IIS server its targeting. Since NTLM requires HTTP_KEEP_ALIVE, the TCP connection between mule and IIS will be kept open.
      2. The flow is triggered once again with the expressions resolving in invalid credentials. Since the connection is still open, no authentication dance will be required, leading to the access to a resource, with invalid credentials.

      The HTTP_KEEP_ALIVE configuration cannot be avoided, since it's required for the second part of the NTLM dance to work.

        Attachments

          Activity

            People

            • Assignee:
              pablo.balbi@mulesoft.com Pablo Balbi
              Reporter:
              pablo.balbi@mulesoft.com Pablo Balbi
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: