-
Bug
-
Resolution: Duplicate
-
Minor
-
None
-
OS=Centos7
Java=1.8.0_51 Oracle
Jenkins=2.204.2
Clicking on "Validate Proxy" results in " Failed to connect to ... 407" being displayed, but update information can be downloaded.
Looking at a network trace between Jenkins and our Proxy when clicking on "Validate Proxy"
GET http://updates.jenkins-ci.org/update-center.json HTTP/1.1\r\n
User-Agent: Jakarta Commons-HttpClient/3.1\r\nHTTP/1.1 407 authenticationrequired\r\n
Proxy-Connection: Keep-Alive\r\n
Proxy-Authenticate: Negotiate\r\n
Proxy-Authenticate: NTLM\r\n
Proxy-Authenticate: Basic realm="***"\r\nGET http://updates.jenkins-ci.org/update-center.json HTTP/1.1\r\n
User-Agent: Jakarta Commons-HttpClient/3.1\r\n
Proxy-Connection: Keep-Alive\r\n
Host: updates.jenkins-ci.org\r\n
\r\nHTTP/1.1 407 authenticationrequired\r\n
The Proxy answers with a 407, but Jenkins does not include any authentication header in it's second try.
Looking at the "Check now" trace, Jenkins replies to the 407 with a proper Negotiate header:
GET http://updates.jenkins-ci.org/update-center.json?id=default&version=2.204.2 HTTP/1.1\r\n
User-Agent: Java/1.8.0_51\r\nHTTP/1.1 407 authenticationrequired\r\n
Proxy-Authenticate: Negotiate\r\n
Proxy-Authenticate: NTLM\r\n
Proxy-Authenticate: Basic realm="***"\r\nGET http://updates.jenkins-ci.org/update-center.json?id=default&version=2.204.2 HTTP/1.1\r\n
User-Agent: Java/1.8.0_51\r\n
[truncated] Proxy-authorization: Negotiate ***
The fact that the User-Agent is different in these two traces leads me to believe, that different code paths (with regard to http handling) are taken. One with proper authentication handling, one without.
I also found JENKINS-25870 but am unsure if it is related or not.