WebSphere Application Server & Liberty

 View Only

 featureUtility command of OpenLiberty returns 407 error while being behind proxy with correct proxy/credential settings

Hooman Mozaffari's profile image
Hooman Mozaffari posted Fri January 17, 2025 05:35 PM

When I run featureUtility command trying to download features from a repository which is behind corporate proxy I get the following error:

Unable to tunnel through proxy. Proxy returns "HTTP/1.1 407 Proxy Authentication Required"

Some facts:

  • OpenLiberty version: 24.0.0.12
  • Proxy configuration has been validated and a CURL command with same proxy setting and credentials is able to connect to repository.
  • Target repository is password protected. 
  • Both featureUtility.properties file and setting environment variables have been tested and both return 407 error.
  • With same proxy setting featureUtility tool is able to connect to https://repo.maven.apache.org/maven2 

What am I missing? How can I troubleshoot it further? The "--verbose" parameters is not giving me detail information about network.

Thanks  

Brian S Paskin's profile image
Brian S Paskin posted Fri January 17, 2025 05:42 PM

Did you update the featureUtility.properties file with the proxy information before running the command?

Brian

Hooman Mozaffari's profile image
Hooman Mozaffari posted Fri January 17, 2025 06:26 PM

Yes I have triple checked featureUtility.properties and logs shows they have been picked up but still get the 407 error.

Brian S Paskin's profile image
Brian S Paskin posted Fri January 17, 2025 06:32 PM

Would you mind posting your featureUtilities.properties file and please xxx the hostnames, etc.

Brian

Brian S Paskin's profile image
Brian S Paskin posted Fri January 17, 2025 06:39 PM

Can you please post your featureUtility.properties file and xxx out the sensitive details.  

Brian

Brian S Paskin's profile image
Brian S Paskin posted Mon January 20, 2025 04:58 AM

Can you please include the featureUtility.properies file and xxx the sensitive information?  The utility uses Java to interact with the proxy.

Brian

Hooman Mozaffari's profile image
Hooman Mozaffari posted Tue January 21, 2025 11:23 AM

Thanks for following up. Bellow is structure of featureUtility.properties. I had to mask almost all values but tried to keep the structure:

mavenCentralMirror.url=https://***
mavenCentralMirror.user=***
mavenCentralMirror.password=***
http.nonProxyHosts=***,***,***
proxyHost=http://***
proxyPort=8080
proxyUser=***
proxyPassword=***

Brian S Paskin's profile image
Brian S Paskin posted Tue January 21, 2025 12:26 PM

Hi, your configuration file is not correct.

First the featureUtility.properties files belongs under wlp/etc/

Then you need the section header, like this below:

[http_proxy]
proxyHost=192.168.1.xxx
proxyPort=8181

If you are using https_proxy, then the header needs to be updated for that.

Brian

Brian S Paskin's profile image
Brian S Paskin posted Tue January 21, 2025 08:06 PM

Hi,

The featureUtility.properties needs to be placed in wlp/etc directory

You are missing the property headers, example:

[https_proxy]
proxyHost=192.168.1.xxx
proxyPort=8182

You can check the configuration by running wlp/bin/featureUtility viewSettings

Brian

Brian S Paskin's profile image
Brian S Paskin posted Wed January 22, 2025 08:53 AM

Hi, you need to place the featureUtility.properties in the wlp/etc/ directory.  

Then you need headings for the properties, like this example:

[https_proxy]
proxyHost=192.168.1.xxx
proxyPort=8182

You can check if the values were accepted by running wlp/bin/featureUtility viewSettings

Brian

Hooman Mozaffari's profile image
Hooman Mozaffari posted Thu January 23, 2025 09:34 AM

Thanks.

Brian S Paskin's profile image
Brian S Paskin posted Thu January 23, 2025 09:45 AM

I get completely different results using wlp-24.0.0.12.  I need to use the headings and I get no error when using properties file.

Brian

Hooman Mozaffari's profile image
Hooman Mozaffari posted Thu January 23, 2025 11:12 AM

I'm using OpenLiberty 24.0.0.12. Are you using OpenLiberty or Websphere Liberty Profile?

Also to verify settings I'm passing extra "--viewValidationMessages" parameter. Without that parameter you don't see the error:

featureUtility viewSettings --viewValidationMessages

Brian S Paskin's profile image
Brian S Paskin posted Thu January 23, 2025 12:44 PM

Yes, OL 24.0.0.12 without issues.

Open Liberty Version 24.0.0.12 - (24.0.0.12-202411190723)

./featureUtility viewSettings

featureUtility Settings
----------------------------------------------------------------------
Properties File: /opt/IBM/WebSphere/versions/ol-all-240012/etc/featureUtility.properties
Default Assets Repository: Maven Central Repository
Use Default Repository: True
Feature Verify: Enforce

Properties File Validation
----------------------------------------------------------------------
Validation Results: The properties file failed the validation. Use the --viewValidationMessages option to view detailed validation messages.

Maven Local Repository
----------------------------------------------------------------------
Location: /home/brian/.m2/repository

Configured Repositories
----------------------------------------------------------------------
No repositories configured

Proxy Settings
----------------------------------------------------------------------
Proxy Server: 192.168.1.***
Port: 8182
User Name: <Unspecified>

Configured Public keys
----------------------------------------------------------------------
No keys configured

Hooman Mozaffari's profile image
Hooman Mozaffari posted Thu January 23, 2025 03:03 PM

The output you shared also indicates it failed in validation. I believe it doesn't recognize the [http_proxy] line and ignores it:

Properties File Validation
----------------------------------------------------------------------
Validation Results: The properties file failed the validation. Use the --viewValidationMessages option to view detailed validation messages.

Brian S Paskin's profile image
Brian S Paskin posted Thu January 23, 2025 03:27 PM

I had other text in the file.  If it is picking up the properties, then it should work.  If it not authenticating properly, then it is something else that is related to Java itself or maybe the schema on the proxy itself.

Properties File Validation
----------------------------------------------------------------------
Validation Results: The properties file successfully passed the validation.

...
Proxy Settings
----------------------------------------------------------------------
Proxy Server: 192.168.1.200
Port: 8181
User Name: <Unspecified>

Brian S Paskin's profile image
Brian S Paskin posted Thu January 23, 2025 04:00 PM

One thing you can try is turning off the schemas for java.

Under JAVA_HOME/conf/net.properties

Try settings these to blanks:

jdk.http.auth.proxying.disabledSchemes=
jdk.http.auth.tunneling.disabledSchemes=

Brian

Hooman Mozaffari's profile image
Hooman Mozaffari posted Thu January 23, 2025 05:28 PM

Many thanks for spending time on this and all the hints.

I have already tried those Java parameter and it didn't fix it. Actually later on I learned application itself is relaxing one of them:

https://github.com/OpenLiberty/open-liberty/blob/integration/dev/com.ibm.ws.install/src/com/ibm/ws/install/internal/InstallKernelMap.java#L1153

I have asked our networking team to intercept traffic going to proxy to figure out what is missing.

I'll post it here if I have any finding.

Thanks again!