Cypress: Add support for proxies that use NTLM/Kerberos authentication
Current behavior:
Users attempting to use a proxy with NTLM authentication required will encounter the following error in Cypress when performing a cy.visit through their proxy:
HTTP/1.1 407 Proxy Authentication Required
Proxy-Authenticate: NEGOTIATE
Proxy-Authenticate: NTLM
Proxy-Authenticate: Basic realm="..."
Desired behavior:
Cypress reads off the required NTLM/Kerberos auth strings on Windows and automatically uses them to connect to the Internet.
Versions
Cypress 3.3.2
Windows (maybe other OSes have token stores too)
Related Issues
- #850 - add in-browser support for NTLM authentication
- #1255 - add in-browser support for Kerberos authentication
- #4646 - allow tests to respond to authentication requests in real-time
- #4669 - add in-browser support for Digest authentication
flotwig
All 9 comments
Hi,
I've found a plugin that could help with this issue (I haven't tested it yet).
NTLM Plugin
@bjowes
seixasfelipe
on 16 Jul 2019
The plugin I've written supports endpoints with NTLM authentication. It does support an upstream proxy, but currently it does not support proxies with NTLM authentication. I haven't received any requests to implement that so far. If it would be an acceptable solution for this issue I will take a look. How do you see it @flotwig ?
bjowes
on 16 Jul 2019
I'd like to add NTLM proxy support directly to Cypress, but I haven't been able to find a way to generate the credentials in Node.js. All the existing implementations rely on the user providing their NTLM username and password manually, which might be how we end up having to implement this.
flotwig
on 16 Jul 2019
Agreed, I also think NTLM support should be native to Cypress - but not only for proxies but also for sites under test. But it is a fair argument to say that NTLM proxies should be supported first, since they apply to many users behind corporate proxies, regardless of what sites they are testing.
When it comes to implementation, I solved it in the plugin by letting user specify the user/pass. But this is a different scenario since I wanted to give the user control of which user should authenticate for the test run.
An alternative solution could be to compile a native dll for node (with node-gyp) which can call Win32 API methods. That way it should be possible to let the OS perform the authentication for logged in user, but it would only work on Windows.
bjowes
on 16 Jul 2019
An alternative solution could be to compile a native dll for node (with node-gyp) which can call Win32 API methods. That way it should be possible to let the OS perform the authentication for logged in user, but it would only work on Windows.
using cypress and running into the same NTLM authentication problem described here. could you please elaborate on this?
chadi-kazan
on 25 Mar 2020
We are having the same issue with cypress where the proxy requires Kerberos authentication. Afaik, there is no way to pass those authentication information.
Any status about the feature where you can configure cypress to work with Kerberos?
richardszanyi
on 26 Aug 2020
@richardszanyi Currently nobody is working on this feature.
As a workaround, you can configure cntlm, then point Cypress at your local proxy by setting the HTTP_PROXY environment variable to point to your local cntlm port.
flotwig
on 26 Aug 2020
Is it going to work with a corporate proxy that requires kerberos auth?
My auth credentials for proxy is setup by default on the PC we use, and I have no idea how to get those credentials. Do I have to setup cntlm with those credentials to be sent towards my corporate proxy, or I just run cntlm and it automatically detects and send any traffic with the right packet and auth?
richardszanyi
on 27 Aug 2020
@richardszanyi I am not overly familiar with the differences between NTLM and Kerberos, sorry.
Check out the "Configuration hints" section of the cntlm docs. It does seem like you need to know a few pieces of information about your proxy.
If you don't think cntlm will work, it looks like px does the same thing, and does explicitly support Kerberos auth, and has less to configure as well: https://github.com/genotrance/px Might be a better solution.
flotwig
on 27 Aug 2020
Related issues
dkreft
路
3Comments
rbung
路
3Comments
verheyenkoen
路
3Comments
brian-mann
路
3Comments
scottcrowe
路
3Comments
Most helpful comment
Agreed, I also think NTLM support should be native to Cypress - but not only for proxies but also for sites under test. But it is a fair argument to say that NTLM proxies should be supported first, since they apply to many users behind corporate proxies, regardless of what sites they are testing.
When it comes to implementation, I solved it in the plugin by letting user specify the user/pass. But this is a different scenario since I wanted to give the user control of which user should authenticate for the test run.
An alternative solution could be to compile a native dll for node (with node-gyp) which can call Win32 API methods. That way it should be possible to let the OS perform the authentication for logged in user, but it would only work on Windows.