tracker issue : CF-4126548

select a category, or use search below
(searches all categories and all time range)
Title:

[ANeff] Bug for: cfsharepoint, cfobject and createObject send Basic Auth when authtype="ntlm" and NTLM disabled

| View in Tracker

Status/Resolution/Reason: Closed/Fixed/

Reporter/Name(from Bugbase): Aaron Neff / Aaron Neff (Aaron Neff)

Created: 03/09/2016

Components: SharePoint Support

Versions: 2016

Failure Type: Unspecified

Found In Build/Fixed In Build: Alpha_v12 /

Priority/Frequency: Trivial / Unknown

Locale/System: English / Win All

Vote Count: 0

Listed in the version 2016.0.02.299200 Issues Fixed doc 
cfsharepoint, cfobject and createObject send Basic Auth when authtype="ntlm" and NTLM disabled

Steps to reproduce:

1) In SharePoint, disable NTLM and enable Basic Auth
2) While watching traffic w/ Wireshark, run each of the following

cfsharepoint(action="getlistcollection", domain=myDomain, username=myUsername, password=myPassword, authtype="ntlm", ntlmdomain=" ", name="r");
writeDump(r);

cfobject(type="webservice", webservice="http://#myDomain#/_vti_bin/Lists.asmx?wsdl", domain=myDomain, username=myUsername, password=myPassword, authtype="ntlm", name="r");
writeDump(r);

r = createObject("webservice", "http://#myDomain#/_vti_bin/Lists.asmx?wsdl", {domain=myDomain, username=myUsername, password=myPassword, authtype="ntlm", refreshwsdl=true});
writeDump(r);

3) See requests were always sent as Basic Auth (bug)

----------------------------- Additional Watson Details -----------------------------

Watson Bug ID:	4126548

External Customer Info:
External Company:  
External Customer Name: Aaron Neff
External Customer Email: adobelabs@itisdesign.com
External Test Config:

Attachments:

Comments:

Adding BUG AUDIT TRAIL ********action: updated fieldName: Fix By Milestone newValue: Post Release oldValue: Blank oprid: vmannebo recordName: RQ_DEFECT timpestamp: 2016-02-29 12:24:40.0 action: updated fieldName: Fix By Product Milestone newValue: HF2 oldValue: HF1 oprid: vmannebo recordName: RQ_DEFECT timpestamp: 2016-02-29 12:24:40.0 action: updated fieldName: Fix By Product Milestone newValue: HF1 oldValue: Blank oprid: sjayaram recordName: RQ_DEFECT timpestamp: 2016-02-21 18:43:25.0 action: updated fieldName: Reason newValue: Investigate oldValue: ThirdParty oprid: sjayaram recordName: RQ_DEFECT timpestamp: 2016-02-21 18:43:25.0 action: updated fieldName: Status newValue: ToFix oldValue: NeverFix oprid: sjayaram recordName: RQ_DEFECT timpestamp: 2016-02-21 18:43:25.0 action: updated fieldName: Owner newValue: mjain oldValue: Blank oprid: sjayaram recordName: RQ_DEFECT timpestamp: 2016-02-21 18:43:25.0 action: updated fieldName: State newValue: Open oldValue: Closed oprid: sjayaram recordName: RQ_DEFECT timpestamp: 2016-02-21 18:43:25.0 action: updated fieldName: Closed By newValue: Blank oldValue: dabhat oprid: sjayaram recordName: RQ_DEFECT timpestamp: 2016-02-21 18:43:25.0 action: updated fieldName: Date Closed newValue: null oldValue: 16-NOV-15 12.38.54.000000000 AM oprid: sjayaram recordName: RQ_DEFECT timpestamp: 2016-02-21 18:43:25.0 action: updated fieldName: Status newValue: NeverFix oldValue: ToTrack oprid: dabhat recordName: RQ_DEFECT timpestamp: 2015-11-16 08:38:54.0 action: updated fieldName: Reason newValue: ThirdParty oldValue: PRNeedInfo oprid: dabhat recordName: RQ_DEFECT timpestamp: 2015-11-16 08:38:54.0 action: updated fieldName: Date Closed newValue: 2015-11-16 00:38:54.0 oldValue: Blank oprid: dabhat recordName: RQ_DEFECT timpestamp: 2015-11-16 08:38:54.0 action: updated fieldName: Closed By newValue: dabhat oldValue: Blank oprid: dabhat recordName: RQ_DEFECT timpestamp: 2015-11-16 08:38:54.0 action: updated fieldName: Owner newValue: Blank oldValue: dabhat oprid: dabhat recordName: RQ_DEFECT timpestamp: 2015-11-16 08:38:54.0 action: updated fieldName: State newValue: Closed oldValue: Open oprid: dabhat recordName: RQ_DEFECT timpestamp: 2015-11-16 08:38:54.0 action: updated fieldName: Status newValue: ToTrack oldValue: Unverified oprid: dabhat recordName: RQ_DEFECT timpestamp: 2015-10-21 08:39:57.0 action: updated fieldName: Reason newValue: PRNeedInfo oldValue: Blank oprid: dabhat recordName: RQ_DEFECT timpestamp: 2015-10-21 08:39:57.0 action: updated fieldName: QE Assigned newValue: dabhat oldValue: pnayak oprid: vmannebo recordName: RQ_DEFECT timpestamp: 2015-10-20 14:42:03.0 action: updated fieldName: Owner newValue: dabhat oldValue: pnayak oprid: vmannebo recordName: RQ_DEFECT timpestamp: 2015-10-20 14:42:03.0 action: updated fieldName: Dev Assigned newValue: mjain oldValue: siddhart oprid: rukumar recordName: RQ_DEFECT timpestamp: 2015-10-20 08:54:52.0
Comment by CFwatson U.
3772 | March 09, 2016 02:33:18 AM GMT
Added By:sjayaram Note Added: Aaron new finding which can help on closure Hi Mayur, Aha! I had wsversion=2 in CF Admin, and was testing w/ cfsharepoint. Okay, I just compared wsversion="1" vs wsversion="2" w/ all the tags/functions that support NTLM. I found: 1) cfsharepoint does not support wsversion="1|2". It always uses Axis 1. 2) cfinvoke/cfobject/createobject all support wsversion="1|2" 3) Axis 1 falls back to Basic Auth, but Axis 2 does not. New suggestions: 1) Only support authtype="ntlm" when wsversion="2". If authtype="ntlm" and wsversion="1", then throw an exception: "NTLM is only supported with Axis 2." 2) Add wsversion attribute to cfsharepoint so that cfsharepoint can use Axis 2. Thanks!, -Aaron P.S. The wsversion attribute works for cfobject but is undocumented. I’ll log a ticket. Date Added :2016-02-21 18:55:33.0 Added By:sjayaram Note Added: Bug reopened . We have to discuss the best way of addressing this , some suggestions provided by community are good inputs so far . Before invoking AXIS API we should probably get the handshake right . Date Added :2016-02-21 18:43:25.0 Added By: PreRelease User User Name:Aaron Neff Note Added: Hi Mayur, added comment in the forum thread: http://prerelease.adobe.com/r/?3b3cc5bd0e54453ab530b19025743b06 Date Added :2015-12-09 06:49:19.0 Added By:mjain Note Added: Hi Aaron , This is my investigation , When we have BASIC enabled in back-end ,which is not a negotiation protocol. In coldfusion we use axis api's to consume services, when the server responds with WWW-Authenticate: NTLM header axis triggers NTLM message exchange flow, othewise it fall backs on Basic. Regards Mayur Jain Date Added :2015-10-20 09:51:59.0 Added By: PreRelease User User Name:Aaron Neff Note Added: Application.cfc is simply: component {THIS.name = "ticket_BasicAuthSentWhenAuthTypeNTLMAndNTLMDisabled";} Date Added :2015-10-20 08:57:33.0 Added By: PreRelease User User Name:Aaron Neff Note Added: Entered Bug. Date Added :2015-10-20 08:53:33.0
Comment by CFwatson U.
3773 | March 09, 2016 02:33:20 AM GMT
We were able to reproduce the scenario where Axis2 POST is not falling back to BASIC. We are working on hardening the authentication mechanism where in first place the stub creation should not happen using GET, because that also is falling back to BASIC. Secondly we decided to implement a fix for AXIS1 so that it doesn’t fall back to basic. Hopefully you will get the fix in HF2.
Comment by Mayur J.
3774 | April 21, 2016 12:27:49 AM GMT
test note
Comment by CFwatson U.
3775 | June 07, 2016 04:18:10 AM GMT
The fix for this bug is available as part of the early-access build for ColdFusion 2016 Update 2.
Comment by CFwatson U.
3776 | June 07, 2016 04:24:50 AM GMT