| Clicking on "Validate Proxy" results in "  Failed to connect to ... 407" being displayed, but update information can be downloaded. Looking at a network trace between Jenkins and our Proxy when clicking on "Validate Proxy"
GET http://updates.jenkins-ci.org/update-center.json HTTP/1.1\r\n
User-Agent: Jakarta Commons-HttpClient/3.1\r\n
HTTP/1.1 407 authenticationrequired\r\n
Proxy-Connection: Keep-Alive\r\n
Proxy-Authenticate: Negotiate\r\n
Proxy-Authenticate: NTLM\r\n
Proxy-Authenticate: Basic realm="***"\r\n
GET http://updates.jenkins-ci.org/update-center.json HTTP/1.1\r\n
User-Agent: Jakarta Commons-HttpClient/3.1\r\n
Proxy-Connection: Keep-Alive\r\n
Host: updates.jenkins-ci.org\r\n
\r\n
HTTP/1.1 407 authenticationrequired\r\n
The Proxy answers with a 407, but Jenkins does not include any authentication header in it's second try. Looking at the "Check now" trace, Jenkins replies to the 407 with a proper Negotiate header:
GET http://updates.jenkins-ci.org/update-center.json?id=default&version=2.204.2 HTTP/1.1\r\n
User-Agent: Java/1.8.0_51\r\n
HTTP/1.1 407 authenticationrequired\r\n
Proxy-Authenticate: Negotiate\r\n
Proxy-Authenticate: NTLM\r\n
Proxy-Authenticate: Basic realm="***"\r\n
GET http://updates.jenkins-ci.org/update-center.json?id=default&version=2.204.2 HTTP/1.1\r\n
User-Agent: Java/1.8.0_51\r\n
[truncated] Proxy-authorization: Negotiate ***
The fact that the User-Agent is different in these two traces leads me to believe, that different code paths (with regard to http handling) are taken. One with proper authentication handling, one without. I also found JENKINS-25870 but am unsure if it is related or not. |
