Forum Bugs

HTTP authentication not working after upgrade from 8.1 to 9.0

antho
I have upgraded Prince 8.1 (rev 5) to Prince 9.0 (rev 5) on my CentOS 5.10 machine, and now basic HTTP authentication no longer works. Prince now generates a PDF of the login page instead of the target content. Rearranging the arguments, putting input and output last, didn't help. Verbose (--verbose) doesn't give any error messages

Command used (perl script):
/usr/local/bin/prince --http-user=$user{'name'} --http-password=$user{'password'} http://mywebsite.com/place/$number/program/1/high_detail?no-links=yes -s $cssdir/base.css -s $cssdir/us.css --no-author-style -o $outdir/out.pdf

Versions Installed:
Generic / 32-bit, static prince-8.1r5-linux-static.tar.gz (HTTP auth works)
Linux / 32-bit, static prince-9.0r5-linux-static.tar.gz (HTTP auth doesn't work)

Could this be a bug in the new version? Any thoughts?
mikeday
Can you install the CentOS 5 RPM package instead?
antho
mikeday,

I have not tried installing the RPM package because it is not available for CentOS 5.1 (available for CentOS 5.2+). Do you think that the CentOS 5.2 RPM will work on my 5.1 machine? We are unable to upgrade the OS at this time.

Best,
antho
mikeday
Yes, it should be compatible with all CentOS 5.x releases.
antho
mikeday,

I have installed from RPM (prince-9.0-5.centos52.i386.rpm), but HTTP authentication still does not work (same behavior). Is there anything else that I can try that will help us troubleshoot?

Best,
antho
mikeday
In that case it could be because of a behavioural change in Prince 9 rev 5. Previous versions of Prince would send the login credentials unconditionally, which could cause problems for servers that were not expecting them. Now Prince only sends the login credentials after receiving a 401 unauthorized response from the server. Perhaps the server is not sending this, and it just sending an immediate redirect to the login page instead?
antho
mikeday,

Yep, that would be the cause! Could the developers perhaps add a --force-auth flag that can be used?

I understand that sending credentials to a server that is not expecting them will cause problems, but an even bigger problem is caused by only sending them on a 401. Most web applications, ours included, will redirect unauthenticated users, with a 301 or 302, to a user friendly login page (200).

Do you think that the development team might consider a fix for this? Perhaps a --force-auth option?

Best,
antho
mikeday
We are currently adding more authentication options, in particular the ability to specify exactly which server the username/password combination is for. Once this has been specified, Prince will send the authentication credentials on the first request, without waiting for a 401 (aka preemptive authentication).

If you would like to try it, we should be able to provide you with an updated RPM for 32-bit CentOS 5.x shortly.
antho
mikeday,

That would make my day :D

Best,
antho
mikeday
New alpha packages are now available for download:

prince-20140606-1.centos5.i386.rpm
prince-20140606-centos5-i386.tar.gz

Prince now has these command-line options:
--auth-user=USER          Specify username for HTTP authentication.
--auth-password=PASS      Specify password for HTTP authentication.
--auth-server=SERVER      Only send USER:PASS to this server.
--auth-scheme=SCHEME      Only send USER:PASS for this scheme. [http|https]

If you specify --auth-server=example.com, then Prince will authenticate with example.com without waiting for a 401 response first.

The Prince wrappers (eg. PHP, Java, .NET) don't support these new options yet, but they will be easy to add.
antho
Dear mikeday,

Excellent! I will give this a shot tomorrow if time permits, and I'll be sure to let you know how it goes.

:)

Thanks,
antho
antho
Dear mikeday,

The RPM version that you linked above works perfectly! I only needed to specify the --auth-server in my command.

I really appreciate your speedy assessment and responses.

Thanks,
antho
facboy
is there a build available for Centos 6 x64?
mikeday
Not yet, we will release an alpha for all platforms soon.
mikeday
We have some more alpha builds available now, including CentOS 6 x86_64.
AaronL
Just found this issue as well, so reverted for R2 for now.
mikeday
The alpha builds have an improved design for HTTP authentication that supports selective preemptive authentication, without leaking credentials to every host.
mikeday
Prince 10 is now available, and includes the new and improved HTTP authentication support.