Skip navigation
Peter M Lee
Currently Being Moderated

Adobe Flash NTLM Authentication Issue

Mar 20, 2012 7:59 PM

This problem is having a major impact for many users in my account.

 

The users are testing streaming course ware delivery over the Internet and also hitting the proxy re-login prompt.

The problem with them is that after re-logging in the course restarts at the beginning.

So it is not a fit for purpose environment for this application currently.

 

The same problem occurs for companies webcast through Internet.

 

Recent test with the users have confirm the issue occurs using the following version of flash:

 

Adobe Flash Player ActiveX 11.1.102.55

Adobe Flash Player ActiveX 11.1.102.62

 

The Shockwave Flash NTLM authentication issue is characterised by the following packet sequence: WS sends Request to Server. Server closes the TCP connection without a response to the request. The WS establishes a new TCP connection and resend the request with previous NTLM Authentication details (ie does not go through the correct NTLM handshake for proxy authentication failure and the browser to pop for user credentials.

 

When the above occurs,

  • NTLM authentication screen popup up, entering credential again didn’t resume video. I had to reload the page to resume video from the beginning.
  • No popup, but the video resumes from the beginning when there was a prolonged delay.

 

The problem occurs on Windows XP SP3 with IE7 or IE8 with Flash Player 11.1.102.62

 

Is the problem a known issue with Adobe Flash Player ?

 
Replies
  • Chris Campbell
    9,456 posts
    May 4, 2010
    Currently Being Moderated
    Mar 21, 2012 5:20 PM   in reply to Peter M Lee

    Hi Peter,

    Could you please open a new bug report on this over at bugbase.adobe.com?  Please provide any steps, URL and login information, or sample code/application available.  If you'd like to keep these private, please feel free to email them to me directly at ccampbel@adobe.com.  Please post back with the URL so that others affected can add their comments and votes.

     

    Do you know what version this started occurring with?  If so, please add this information to the bug.

     

    Thanks,

    Chris

     
    |
    Mark as:
  • Chris Campbell
    9,456 posts
    May 4, 2010
    Currently Being Moderated
    Mar 22, 2012 4:33 PM   in reply to Peter M Lee

    Thank you Peter.  As mentioned, I'd like to encourage anyone affected by this issue to please visit the following bug, vote for it, and let us know how it impacts your business.

     

    Bug 3143847 - Adobe Flash NTLM Authentication Issue

     
    |
    Mark as:
  • Currently Being Moderated
    Apr 19, 2012 3:01 AM   in reply to Chris Campbell

    Hello,

     

    The bug report states can not reproduce. I understand the problem and am happy to help Adobe understand if they want to email me and organise a webex.

     

    The problem is associated with the way IE handles NTLM on a new connection. When performing a POST request, it will make two requests: the first contains a type1 NTLM token and no body, and the second will contain the type 3 token and the body. It does this because it expects to perform NTLM authentication as NTLM is connection not session based, and hence for efficiency, it doesn't send the POST body on the first request (knowing a second request will be required).

     

    The POST request initiated by the Flash application is only made once, so it presents a POST request and no body with the type 1 token to the web server (ie IIS, or some Java implementation such as SSO Plugin), and does not make a second request with a type 3 token and the body. It gives up and automatically prompts the user for a username/password, which is the wrong behaviour when the browser is in the Local Intranet zone and the web server responded with a type 2 token.

     

    I can reproduce this easily and it is a serious bug: it means that any Flash application that is accessed via Integrated Windows Authentication and IE will fail when trying to make a POST request, such as uploading a file from the user.

     


    John

    --

    SSO Plugin for BMC, HP and more.

    http://www.javasystemsolutions.com/jss/ssoplugin

     
    |
    Mark as:
  • Currently Being Moderated
    Apr 19, 2012 8:09 PM   in reply to Peter M Lee

    This is a public forum; please do not post private information like email addresses and telephone numbers.

     
    |
    Mark as:
  • Currently Being Moderated
    Aug 3, 2012 8:45 AM   in reply to Peter M Lee

    Hello,

     

    I've not had any response from Adobe. It's about time we got this issue resolved and I can provide a Fiddler trace if my lengthy explanation was not clear enough. I'm happy to provide a webex to demonstrate the problem, if this would be of help to Adobe.

     

    Please contact me via email to arrange the next steps.

     

    Thanks

     

     

    John

     
    |
    Mark as:
  • Chris Campbell
    9,456 posts
    May 4, 2010
    Currently Being Moderated
    Aug 3, 2012 6:44 PM   in reply to Peter M Lee

    I just took a look at the bug report and it looks like the last message from Adobe was a request to test this against 11.3.  Since there was no response until today, it's possible we were waiting on a response before continuing.  I know this doesn't sound optimal, but with your response we should take a look again.

     

    I'd also like to once again encourage everyone affected to vote for this bug.  We have a limited number of resources available for each upcoming release.  A bug with just a single vote might not garner the same attention as one with 30+ votes.

     

    Bug 3143847 - Adobe Flash NTLM Authentication Issue

     

    That said, this looks similar to another bug I was reading yesterday that should be fixed in our beta 2 release (scheduled for early to mid next week.)

     
    |
    Mark as:

More Like This

  • Retrieving data ...

Bookmarked By (0)

Answers + Points = Status

  • 10 points awarded for Correct Answers
  • 5 points awarded for Helpful Answers
  • 10,000+ points
  • 1,001-10,000 points
  • 501-1,000 points
  • 5-500 points