Problem with using gradle through an enterprise proxy !

Hi,

I wanted to migrate from maven to gradle (4.7) in my firm. We have to use a proxy with authentication (ActiveDirectory with domain EUR) to retrieve plugins / dependencies …

  1. When tried this command

./gradlew -Dhttp.proxyHost=proxy-mkt.int.world.socgen -Dhttp.proxyPort=8080 -Dhttps.proxyHost=proxy-mkt.int.world.socgen -Dhttps.proxyPort=8080 -Dhttp.proxyUser=EUR/anavarro -Dhttps.proxyUser=EUR/anavarro -Dhttp.proxyPassword=passwordToReplace -Dhttps.proxyPassword=passwordToReplace build --stacktrace --info --debug

I can download the gradle binary from internat, but I had an error in gradle to retrieve plugins and dependencies

The error : No valid credentials provided (Mechanism level: No valid credentials provided (Mechanism level: Failed to find any Kerberos tgt))

But when I digged in the log, gradle tries to use different schemes, [Negotiate, Kerberos, NTLM, CredSSP, Digest, Basic]

it failed with Kerberos but it seems succeeded with NTLM

14:06:42.079 [DEBUG] [org.apache.http.impl.auth.HttpAuthenticator] Generating response to an authentication challenge using ntlm scheme
14:06:42.161 [DEBUG] [org.apache.http.impl.auth.HttpAuthenticator] Authentication succeeded

and just after when it tries to request the url, there is a 500 error even though when I can get the resource in my favorite navigator.

14:06:42.177 [DEBUG] [org.apache.http.impl.conn.PoolingHttpClientConnectionManager] Connection released: [id: 4][route: {tls}->http://proxy-mkt.int.world.socgen:8080->https://plugins.gradle.org:443][total kept alive: 0; route allocated: 0 of 20; total allocated: 0 of 20]
14:06:42.177 [INFO] [org.gradle.internal.resource.transport.http.HttpClientHelper] Failed to get resource: HEAD. [HTTP HTTP/1.1 500 Internal Server Error: https://plugins.gradle.org/m2/org/sonarqube/org.sonarqube.gradle.plugin/2.6.2/org.sonarqube.gradle.plugin-2.6.2.pom]
14:06:42.177 [DEBUG] [org.gradle.internal.operations.DefaultBuildOperationExecutor] Completing Build operation ‘Metadata of https://plugins.gradle.org/m2/org/sonarqube/org.sonarqube.gradle.plugin/2.6.2/org.sonarqube.gradle.plugin-2.6.2.pom
14:06:42.177 [DEBUG] [org.gradle.internal.operations.DefaultBuildOperationExecutor] Build operation ‘Metadata of https://plugins.gradle.org/m2/org/sonarqube/org.sonarqube.gradle.plugin/2.6.2/org.sonarqube.gradle.plugin-2.6.2.pom’ completed

Did I miss something in the configuration of my proxy or there is a bug when you use proxy with authentication when kerberos failed but NTLM works in gradle ?

  1. In order to bypass the proxy, I tried to use in internal nexus maven repository hosted in my firm.
    I succeeded by setting my internal repository in the build.gradle.kts and setting the internal repository settings.gradle.kts for the plugins.
    In my point of view, it is a bad practise, it should not be set in the project file (not linked to the project but the environment) but in another file shared between the different projects (like in ~/.gradle). I tried to set settings.gradle or in gradle.properties without success.
    Is there a way to set the proxy repositories for dependencies and plugins somewhere in the ~/.gradle directory? If yes, how?

Thanks in advance, don’t hesitate to tell me if you want to test some parameter, I will test in my firm for the first points.

PS : the interesting logs :

14:06:37.458 [DEBUG] [org.gradle.internal.resource.transport.http.HttpResourceAccessor] Constructing external resource metadata: https://plugins.gradle.org/m2/org/sonarqube/org.sonarqube.gradle.plugin/2.6.2/org.sonarqube.gradle.plugin-2.6.2.pom
14:06:37.458 [DEBUG] [org.gradle.internal.resource.transport.http.HttpClientHelper] Performing HTTP HEAD: https://plugins.gradle.org/m2/org/sonarqube/org.sonarqube.gradle.plugin/2.6.2/org.sonarqube.gradle.plugin-2.6.2.pom
14:06:37.459 [DEBUG] [org.gradle.internal.resource.transport.http.HttpClientConfigurer] Using Credentials [username: EUR/anavarro] and NTLM Credentials [user: anavarro, domain: EUR, workstation: FR07154114L] for authenticating against ‘proxy-mkt.int.world.socgen:8080’ using NTLM
14:06:37.460 [DEBUG] [org.gradle.internal.resource.transport.http.HttpClientConfigurer] Using Credentials [username: EUR/anavarro] for authenticating against ‘proxy-mkt.int.world.socgen:8080’ using null
14:06:37.460 [DEBUG] [org.gradle.internal.resource.transport.http.HttpClientConfigurer] Using Credentials [username: EUR/anavarro] and NTLM Credentials [user: anavarro, domain: EUR, workstation: FR07154114L] for authenticating against ‘proxy-mkt.int.world.socgen:8080’ using NTLM
14:06:37.460 [DEBUG] [org.gradle.internal.resource.transport.http.HttpClientConfigurer] Using Credentials [username: EUR/anavarro] for authenticating against ‘proxy-mkt.int.world.socgen:8080’ using null
14:06:37.460 [DEBUG] [org.apache.http.client.protocol.RequestAddCookies] CookieSpec selected: default
14:06:37.460 [DEBUG] [org.apache.http.client.protocol.RequestAuthCache] Auth cache not set in the context
14:06:37.460 [DEBUG] [org.apache.http.impl.conn.PoolingHttpClientConnectionManager] Connection request: [route: {tls}->http://proxy-mkt.int.world.socgen:8080->https://plugins.gradle.org:443][total kept alive: 0; route allocated: 0 of 20; total allocated: 0 of 20]
14:06:37.460 [DEBUG] [org.apache.http.impl.conn.PoolingHttpClientConnectionManager] Connection leased: [id: 4][route: {tls}->http://proxy-mkt.int.world.socgen:8080->https://plugins.gradle.org:443][total kept alive: 0; route allocated: 1 of 20; total allocated: 1 of 20]
14:06:37.460 [DEBUG] [org.apache.http.impl.execchain.MainClientExec] Opening connection {tls}->http://proxy-mkt.int.world.socgen:8080->https://plugins.gradle.org:443
14:06:37.504 [DEBUG] [org.apache.http.impl.conn.DefaultHttpClientConnectionOperator] Connecting to proxy-mkt.int.world.socgen/192.168.205.75:8080
14:06:37.530 [DEBUG] [org.apache.http.impl.conn.DefaultHttpClientConnectionOperator] Connection established 192.22.112.138:58790<->192.168.205.75:8080
14:06:37.555 [DEBUG] [org.apache.http.impl.auth.HttpAuthenticator] Authentication required
14:06:37.555 [DEBUG] [org.apache.http.impl.auth.HttpAuthenticator] proxy-mkt.int.world.socgen:8080 requested authentication
14:06:37.555 [DEBUG] [org.apache.http.impl.client.ProxyAuthenticationStrategy] Authentication schemes in the order of preference: [Negotiate, Kerberos, NTLM, CredSSP, Digest, Basic]
14:06:37.555 [DEBUG] [org.apache.http.impl.auth.SPNegoScheme] Received challenge ‘’ from the auth server
14:06:37.555 [DEBUG] [org.apache.http.impl.client.ProxyAuthenticationStrategy] Challenge for Kerberos authentication scheme not available
14:06:37.555 [DEBUG] [org.apache.http.impl.client.ProxyAuthenticationStrategy] Challenge for CredSSP authentication scheme not available
14:06:37.555 [DEBUG] [org.apache.http.impl.client.ProxyAuthenticationStrategy] Challenge for Digest authentication scheme not available
14:06:37.556 [DEBUG] [org.apache.http.impl.auth.HttpAuthenticator] Selected authentication options: [NEGOTIATE, NTLM, BASIC [complete=true]]
14:06:37.556 [DEBUG] [org.apache.http.impl.conn.DefaultManagedHttpClientConnection] http-outgoing-4: Close connection
14:06:37.556 [DEBUG] [org.apache.http.impl.conn.DefaultHttpClientConnectionOperator] Connecting to proxy-mkt.int.world.socgen/192.168.205.75:8080
14:06:37.577 [DEBUG] [org.apache.http.impl.conn.DefaultHttpClientConnectionOperator] Connection established 192.22.112.138:58791<->192.168.205.75:8080
14:06:37.577 [DEBUG] [org.apache.http.impl.auth.HttpAuthenticator] Generating response to an authentication challenge using Negotiate scheme
14:06:42.078 [DEBUG] [org.apache.http.impl.auth.SPNegoScheme] init proxy-mkt.int.world.socgen
14:06:42.078 [WARN] [org.apache.http.impl.auth.HttpAuthenticator] NEGOTIATE authentication error: No valid credentials provided (Mechanism level: No valid credentials provided (Mechanism level: Failed to find any Kerberos tgt))
14:06:42.079 [DEBUG] [org.apache.http.impl.auth.HttpAuthenticator] Generating response to an authentication challenge using ntlm scheme
14:06:42.161 [DEBUG] [org.apache.http.impl.auth.HttpAuthenticator] Authentication succeeded
14:06:42.177 [DEBUG] [org.apache.http.impl.conn.DefaultManagedHttpClientConnection] http-outgoing-4: Close connection
14:06:42.177 [DEBUG] [org.apache.http.impl.execchain.MainClientExec] CONNECT refused by proxy: HTTP/1.1 500 Internal Server Error
14:06:42.177 [DEBUG] [org.apache.http.impl.execchain.MainClientExec] Connection discarded
14:06:42.177 [DEBUG] [org.apache.http.impl.conn.PoolingHttpClientConnectionManager] Connection released: [id: 4][route: {tls}->http://proxy-mkt.int.world.socgen:8080->https://plugins.gradle.org:443][total kept alive: 0; route allocated: 0 of 20; total allocated: 0 of 20]
14:06:42.177 [INFO] [org.gradle.internal.resource.transport.http.HttpClientHelper] Failed to get resource: HEAD. [HTTP HTTP/1.1 500 Internal Server Error: https://plugins.gradle.org/m2/org/sonarqube/org.sonarqube.gradle.plugin/2.6.2/org.sonarqube.gradle.plugin-2.6.2.pom]
14:06:42.177 [DEBUG] [org.gradle.internal.operations.DefaultBuildOperationExecutor] Completing Build operation ‘Metadata of https://plugins.gradle.org/m2/org/sonarqube/org.sonarqube.gradle.plugin/2.6.2/org.sonarqube.gradle.plugin-2.6.2.pom
14:06:42.177 [DEBUG] [org.gradle.internal.operations.DefaultBuildOperationExecutor] Build operation ‘Metadata of https://plugins.gradle.org/m2/org/sonarqube/org.sonarqube.gradle.plugin/2.6.2/org.sonarqube.gradle.plugin-2.6.2.pom’ completed
14:06:42.181 [DEBUG] [org.gradle.api.internal.artifacts.ivyservice.resolveengine.oldresult.TransientConfigurationResultsBuilder] Flushing resolved configuration data in Binary store in C:\Users\anavarro\AppData\Local\Temp\gradle2869880512420732607.bin. Wrote root 2.
14:06:42.183 [DEBUG] [org.gradle.internal.operations.DefaultBuildOperationExecutor] Completing Build operation ‘Resolve dependencies of detachedConfiguration1’
14:06:42.184 [DEBUG] [org.gradle.internal.operations.DefaultBuildOperationExecutor] Build operation ‘Resolve dependencies of detachedConfiguration1’ completed

I created a bug (I think it is a bug https://github.com/gradle/gradle/issues/5454)

I also faced the same issue. Could you guys, please, help us fix the issue. While searching i have noticed there are a lot of people in the situation.