Can't connect to private NPM repository, Error 401 using valid credentials

luiscla27 · July 22, 2020, 3:29pm

There’s an specific private NPM repository where Nexus3 is not being able connect. Can you please guide me to solve it??

Currently, i can connect to the private repository directly without Nexus3, however I need to cache it into my Nexus3 server so other intranet servers can access the same libraries.

I’ve turned on the following logs to DEBUG:

org.apache.http
org.apache.shiro.web.filter.authc.BasicHttpAuthenticationFilter

The current log output looks like this:

2020-07-22 10:07:20,469-0500 DEBUG [qtp1863120182-866]  *UNKNOWN org.apache.shiro.web.filter.authc.BasicHttpAuthenticationFilter - Attempting to execute login with auth header
2020-07-22 10:07:20,485-0500 ERROR [qtp1863120182-866]  dummyAccount org.sonatype.nexus.repository.npm.internal.NpmAuditErrorHandler - Cache[npm-audit-data] is closed
java.lang.IllegalStateException: Cache[npm-audit-data] is closed
	at org.ehcache.jsr107.Eh107Cache.checkClosed(Eh107Cache.java:556)
	at org.ehcache.jsr107.Eh107Cache.get(Eh107Cache.java:90)
	at org.sonatype.nexus.repository.npm.internal.NpmAuditFacet.analyzeComponents(NpmAuditFacet.java:167)
	at org.sonatype.nexus.repository.npm.internal.NpmAuditFacet.audit(NpmAuditFacet.java:140)
	at org.sonatype.nexus.repository.npm.internal.NpmGroupAuditQuickHandler.handle(NpmGroupAuditQuickHandler.java:41)
	at org.sonatype.nexus.repository.view.Context.proceed(Context.java:80)
	at org.sonatype.nexus.repository.npm.internal.NpmAuditErrorHandler.handle(NpmAuditErrorHandler.java:62)
	at org.sonatype.nexus.repository.view.Context.proceed(Context.java:80)
	at org.sonatype.nexus.repository.storage.UnitOfWorkHandler.handle(UnitOfWorkHandler.java:39)
	at org.sonatype.nexus.repository.view.Context.proceed(Context.java:80)
	at org.sonatype.nexus.repository.view.handlers.TimingHandler.handle(TimingHandler.java:58)
	at org.sonatype.nexus.repository.view.Context.proceed(Context.java:80)
	at org.sonatype.nexus.repository.view.Context.start(Context.java:114)
	at org.sonatype.nexus.repository.view.Router.dispatch(Router.java:65)
	at org.sonatype.nexus.repository.view.ConfigurableViewFacet.dispatch(ConfigurableViewFacet.java:52)
	at org.sonatype.nexus.repository.view.ConfigurableViewFacet.dispatch(ConfigurableViewFacet.java:43)
	at org.sonatype.nexus.repository.httpbridge.internal.ViewServlet.dispatchAndSend(ViewServlet.java:212)
	at org.sonatype.nexus.repository.httpbridge.internal.ViewServlet.doService(ViewServlet.java:174)
	at org.sonatype.nexus.repository.httpbridge.internal.ViewServlet.service(ViewServlet.java:126)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
	at com.google.inject.servlet.ServletDefinition.doServiceImpl(ServletDefinition.java:290)
	at com.google.inject.servlet.ServletDefinition.doService(ServletDefinition.java:280)
	at com.google.inject.servlet.ServletDefinition.service(ServletDefinition.java:184)
	at com.google.inject.servlet.DynamicServletPipeline.service(DynamicServletPipeline.java:71)
	at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:85)
	at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:112)
	at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:82)
	at org.apache.shiro.web.servlet.ProxiedFilterChain.doFilter(ProxiedFilterChain.java:61)
	at org.apache.shiro.web.servlet.AdviceFilter.executeChain(AdviceFilter.java:108)
	at org.apache.shiro.web.servlet.AdviceFilter.doFilterInternal(AdviceFilter.java:137)
	at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125)
	at org.apache.shiro.web.servlet.ProxiedFilterChain.doFilter(ProxiedFilterChain.java:66)
	at org.apache.shiro.web.servlet.AdviceFilter.executeChain(AdviceFilter.java:108)
	at org.apache.shiro.web.servlet.AdviceFilter.doFilterInternal(AdviceFilter.java:137)
	at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125)
	at org.apache.shiro.web.servlet.ProxiedFilterChain.doFilter(ProxiedFilterChain.java:66)
	at org.apache.shiro.web.servlet.AdviceFilter.executeChain(AdviceFilter.java:108)
	at org.apache.shiro.web.servlet.AdviceFilter.doFilterInternal(AdviceFilter.java:137)
	at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125)
	at org.apache.shiro.web.servlet.ProxiedFilterChain.doFilter(ProxiedFilterChain.java:66)
	at org.apache.shiro.web.servlet.AdviceFilter.executeChain(AdviceFilter.java:108)
	at org.apache.shiro.web.servlet.AdviceFilter.doFilterInternal(AdviceFilter.java:137)
	at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125)
	at org.apache.shiro.web.servlet.ProxiedFilterChain.doFilter(ProxiedFilterChain.java:66)
	at org.apache.shiro.web.servlet.AbstractShiroFilter.executeChain(AbstractShiroFilter.java:449)
	at org.sonatype.nexus.security.SecurityFilter.executeChain(SecurityFilter.java:85)
	at org.apache.shiro.web.servlet.AbstractShiroFilter$1.call(AbstractShiroFilter.java:365)
	at org.apache.shiro.subject.support.SubjectCallable.doCall(SubjectCallable.java:90)
	at org.apache.shiro.subject.support.SubjectCallable.call(SubjectCallable.java:83)
	at org.apache.shiro.subject.support.DelegatingSubject.execute(DelegatingSubject.java:387)
	at org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(AbstractShiroFilter.java:362)
	at org.sonatype.nexus.security.SecurityFilter.doFilterInternal(SecurityFilter.java:101)
	at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125)
	at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:82)
	at org.sonatype.nexus.repository.httpbridge.internal.ExhaustRequestFilter.doFilter(ExhaustRequestFilter.java:80)
	at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:82)
	at com.sonatype.nexus.licensing.internal.LicensingRedirectFilter.doFilter(LicensingRedirectFilter.java:116)
	at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:82)
	at com.codahale.metrics.servlet.AbstractInstrumentedFilter.doFilter(AbstractInstrumentedFilter.java:112)
	at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:82)
	at org.sonatype.nexus.internal.web.ErrorPageFilter.doFilter(ErrorPageFilter.java:79)
	at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:82)
	at org.sonatype.nexus.internal.web.EnvironmentFilter.doFilter(EnvironmentFilter.java:101)
	at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:82)
	at org.sonatype.nexus.internal.web.HeaderPatternFilter.doFilter(HeaderPatternFilter.java:98)
	at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:82)
	at com.google.inject.servlet.DynamicFilterPipeline.dispatch(DynamicFilterPipeline.java:104)
	at com.google.inject.servlet.GuiceFilter.doFilter(GuiceFilter.java:133)
	at org.sonatype.nexus.bootstrap.osgi.DelegatingFilter.doFilter(DelegatingFilter.java:73)
	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1602)
	at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:540)
	at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:146)
	at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:548)
	at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132)
	at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:257)
	at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1700)
	at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:255)
	at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1345)
	at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:203)
	at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:480)
	at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1667)
	at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:201)
	at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1247)
	at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:144)
	at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132)
	at com.codahale.metrics.jetty9.InstrumentedHandler.handle(InstrumentedHandler.java:239)
	at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:152)
	at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132)
	at org.eclipse.jetty.server.Server.handle(Server.java:505)
	at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:370)
	at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:267)
	at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:305)
	at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:103)
	at org.eclipse.jetty.io.ChannelEndPoint$2.run(ChannelEndPoint.java:117)
	at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:333)
	at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:310)
	at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:168)
	at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:126)
	at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:366)
	at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:698)
	at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:804)
	at java.lang.Thread.run(Thread.java:748)
2020-07-22 10:07:38,829-0500 DEBUG [qtp1863120182-1000]  *UNKNOWN org.apache.shiro.web.filter.authc.BasicHttpAuthenticationFilter - Attempting to execute login with auth header
2020-07-22 10:07:38,844-0500 DEBUG [qtp1863120182-1000]  dummyAccount org.apache.http.client.protocol.RequestAddCookies - CookieSpec selected: default
2020-07-22 10:07:38,875-0500 DEBUG [qtp1863120182-1000]  dummyAccount org.apache.http.client.protocol.RequestAuthCache - Auth cache not set in the context
2020-07-22 10:07:38,891-0500 DEBUG [qtp1863120182-1000]  dummyAccount org.apache.http.impl.execchain.MainClientExec - Opening connection {s}->https://packages.some-private-npm-repository.com:443
2020-07-22 10:07:39,000-0500 DEBUG [qtp1863120182-1000]  dummyAccount org.apache.http.impl.conn.DefaultHttpClientConnectionOperator - Connecting to packages.some-private-npm-repository.com/54.210.237.87:443
2020-07-22 10:07:39,000-0500 DEBUG [qtp1863120182-1000]  dummyAccount org.apache.http.conn.ssl.SSLConnectionSocketFactory - Connecting socket to packages.some-private-npm-repository.com/54.210.237.87:443 with timeout 20000
2020-07-22 10:07:39,000-0500 DEBUG [qtp1863120182-1000]  dummyAccount org.apache.http.conn.ssl.SSLConnectionSocketFactory - Enabled protocols: [TLSv1, TLSv1.1, TLSv1.2]
2020-07-22 10:07:39,000-0500 DEBUG [qtp1863120182-1000]  dummyAccount org.apache.http.conn.ssl.SSLConnectionSocketFactory - Enabled cipher suites:[TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
2020-07-22 10:07:39,000-0500 DEBUG [qtp1863120182-1000]  dummyAccount org.apache.http.conn.ssl.SSLConnectionSocketFactory - Starting handshake
2020-07-22 10:07:39,454-0500 DEBUG [qtp1863120182-1000]  dummyAccount org.apache.http.conn.ssl.SSLConnectionSocketFactory - Secure session established
2020-07-22 10:07:39,454-0500 DEBUG [qtp1863120182-1000]  dummyAccount org.apache.http.conn.ssl.SSLConnectionSocketFactory -  negotiated protocol: TLSv1.2
2020-07-22 10:07:39,454-0500 DEBUG [qtp1863120182-1000]  dummyAccount org.apache.http.conn.ssl.SSLConnectionSocketFactory -  negotiated cipher suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
2020-07-22 10:07:39,454-0500 DEBUG [qtp1863120182-1000]  dummyAccount org.apache.http.conn.ssl.SSLConnectionSocketFactory -  peer principal: CN=*.some-private-npm-repository.com
2020-07-22 10:07:39,454-0500 DEBUG [qtp1863120182-1000]  dummyAccount org.apache.http.conn.ssl.SSLConnectionSocketFactory -  peer alternative names: [*.some-private-npm-repository.com]
2020-07-22 10:07:39,454-0500 DEBUG [qtp1863120182-1000]  dummyAccount org.apache.http.conn.ssl.SSLConnectionSocketFactory -  issuer principal: CN=Amazon, OU=Server CA 1B, O=Amazon, C=US
2020-07-22 10:07:39,454-0500 DEBUG [qtp1863120182-1000]  dummyAccount org.apache.http.impl.conn.DefaultHttpClientConnectionOperator - Connection established 192.168.22.20:64429<->54.210.237.87:443
2020-07-22 10:07:39,454-0500 DEBUG [qtp1863120182-1000]  dummyAccount org.apache.http.impl.conn.DefaultManagedHttpClientConnection - http-outgoing-78: set socket timeout to 20000
2020-07-22 10:07:39,454-0500 DEBUG [qtp1863120182-1000]  dummyAccount org.apache.http.impl.execchain.MainClientExec - Executing request GET /npm/js-licensed/@some-private-npm-repository%2figniteui-angular HTTP/1.1
2020-07-22 10:07:39,454-0500 DEBUG [qtp1863120182-1000]  dummyAccount org.apache.http.impl.execchain.MainClientExec - Target auth state: UNCHALLENGED
2020-07-22 10:07:39,454-0500 DEBUG [qtp1863120182-1000]  dummyAccount org.apache.http.impl.execchain.MainClientExec - Proxy auth state: UNCHALLENGED
2020-07-22 10:07:39,454-0500 DEBUG [qtp1863120182-1000]  dummyAccount org.apache.http.headers - http-outgoing-78 >> GET /npm/js-licensed/@some-private-npm-repository%2figniteui-angular HTTP/1.1
2020-07-22 10:07:39,454-0500 DEBUG [qtp1863120182-1000]  dummyAccount org.apache.http.headers - http-outgoing-78 >> Host: packages.some-private-npm-repository.com
2020-07-22 10:07:39,454-0500 DEBUG [qtp1863120182-1000]  dummyAccount org.apache.http.headers - http-outgoing-78 >> Connection: Keep-Alive
2020-07-22 10:07:39,454-0500 DEBUG [qtp1863120182-1000]  dummyAccount org.apache.http.headers - http-outgoing-78 >> User-Agent: Nexus/3.25.0-03 (OSS; Windows Server 2019; 10.0; amd64; 1.8.0_252) 
2020-07-22 10:07:39,454-0500 DEBUG [qtp1863120182-1000]  dummyAccount org.apache.http.headers - http-outgoing-78 >> Accept-Encoding: gzip,deflate
2020-07-22 10:07:39,533-0500 DEBUG [qtp1863120182-1000]  dummyAccount org.apache.http.headers - http-outgoing-78 << HTTP/1.1 401 Unauthorized
2020-07-22 10:07:39,533-0500 DEBUG [qtp1863120182-1000]  dummyAccount org.apache.http.headers - http-outgoing-78 << Cache-Control: private
2020-07-22 10:07:39,533-0500 DEBUG [qtp1863120182-1000]  dummyAccount org.apache.http.headers - http-outgoing-78 << Content-Type: application/json; charset=utf-8
2020-07-22 10:07:39,548-0500 DEBUG [qtp1863120182-1000]  dummyAccount org.apache.http.headers - http-outgoing-78 << Date: Wed, 22 Jul 2020 15:08:54 GMT
2020-07-22 10:07:39,548-0500 DEBUG [qtp1863120182-1000]  dummyAccount org.apache.http.headers - http-outgoing-78 << Server: Microsoft-IIS/8.5
2020-07-22 10:07:39,548-0500 DEBUG [qtp1863120182-1000]  dummyAccount org.apache.http.headers - http-outgoing-78 << X-AspNet-Version: 4.0.30319
2020-07-22 10:07:39,548-0500 DEBUG [qtp1863120182-1000]  dummyAccount org.apache.http.headers - http-outgoing-78 << X-Powered-By: ASP.NET
2020-07-22 10:07:39,548-0500 DEBUG [qtp1863120182-1000]  dummyAccount org.apache.http.headers - http-outgoing-78 << Content-Length: 75
2020-07-22 10:07:39,548-0500 DEBUG [qtp1863120182-1000]  dummyAccount org.apache.http.headers - http-outgoing-78 << Connection: keep-alive
2020-07-22 10:07:39,548-0500 DEBUG [qtp1863120182-1000]  dummyAccount org.apache.http.impl.execchain.MainClientExec - Connection can be kept alive for 30000 MILLISECONDS
2020-07-22 10:07:39,548-0500 DEBUG [qtp1863120182-1000]  dummyAccount org.apache.http.impl.auth.HttpAuthenticator - Authentication required
2020-07-22 10:07:39,548-0500 DEBUG [qtp1863120182-1000]  dummyAccount org.apache.http.impl.auth.HttpAuthenticator - packages.some-private-npm-repository.com:443 requested authentication
2020-07-22 10:07:39,548-0500 DEBUG [qtp1863120182-1000]  dummyAccount org.apache.http.impl.auth.HttpAuthenticator - Response contains no authentication challenges
2020-07-22 10:07:39,548-0500 INFO  [qtp1863120182-1000]  dummyAccount org.sonatype.nexus.repository.httpclient.internal.HttpClientCustomConfigFacetImpl - Repository status for some-private-npm-repository-username changed from READY to AUTO_BLOCKED_UNAVAILABLE until 2020-07-22T10:08:19.548-05:00 - reason Unauthorized for https://packages.some-private-npm-repository.com
2020-07-22 10:07:39,548-0500 DEBUG [qtp1863120182-1000]  dummyAccount org.apache.http.impl.conn.DefaultManagedHttpClientConnection - http-outgoing-78: set socket timeout to 0
2020-07-22 10:07:39,548-0500 WARN  [qtp1863120182-1000]  dummyAccount org.sonatype.nexus.repository.npm.internal.orient.OrientNpmProxyFacet - Exception org.sonatype.nexus.repository.proxy.ProxyServiceException: HTTP/1.1 401 Unauthorized checking remote for update, proxy repo some-private-npm-repository-username failed to fetch @some-private-npm-repository%2figniteui-angular with status line HTTP/1.1 401 Unauthorized, content not in cache.
2020-07-22 10:07:39,579-0500 DEBUG [qtp1863120182-1008]  *UNKNOWN org.apache.shiro.web.filter.authc.BasicHttpAuthenticationFilter - Attempting to execute login with auth header
2020-07-22 10:07:39,594-0500 DEBUG [qtp1863120182-1000]  *UNKNOWN org.apache.shiro.web.filter.authc.BasicHttpAuthenticationFilter - Attempting to execute login with auth header
2020-07-22 10:07:39,610-0500 DEBUG [qtp1863120182-1008]  *UNKNOWN org.apache.shiro.web.filter.authc.BasicHttpAuthenticationFilter - Attempting to execute login with auth header
2020-07-22 10:08:13,566-0500 DEBUG [nexus-httpclient-eviction-thread]  *SYSTEM org.apache.http.impl.conn.CPool - Connection [id:78][route:{s}->https://packages.some-private-npm-repository.com:443][state:null] expired @ Wed Jul 22 10:08:08 CDT 2020

This is a problem I have with this repository only and I don’t have a clue of what is wrong. The repository owner gave me a guide of how to authenticate against his repository for any of the following configurations:

GitHub Actions Configuration
Travis CI Configuration
Azure Pipelines Configuration
Direct configuration using client’s .npmrc file

Is there any of them analog to Nexus3?? Most of them are pretty much the same (username/password/_auth)

mpiggott · July 22, 2020, 6:14pm

In the repository configuration under HTTP there is an option for authentication.

luiscla27 · July 22, 2020, 6:37pm

Thank you for your quick answer Matthew, i’ve already tried to Nexus authentication username/password and bearer token methods, however they don’t seem to work.

Looking at the log, I think the main issue is this part:

DEBUG [...]  dummyAccount org.apache.http.impl.auth.HttpAuthenticator - Authentication required
DEBUG [...]  dummyAccount org.apache.http.impl.auth.HttpAuthenticator - packages.some-private-npm-repository.com:443 requested authentication
DEBUG [...]  dummyAccount org.apache.http.impl.auth.HttpAuthenticator - Response contains no authentication challenges

I’ve investigated a bit, and the shown error Response contains no authentication challenges can be a mayor thing, my guess is Nexus3 can’t handle the absence of the WWW-Authenticate header. So taking in account that I can’t modify the target repository I think this can threaded as a BUG or FeatureRequest?? I think Nexus3 should be able to handle the login even thou the WWW-Authenticate header is missing.

Please take a look to this stackoverflow answer that seems to be related. He proposes a solution in the case the repository is not modifiable.

mpiggott · July 22, 2020, 7:31pm

This statement sounds like you’re confusing client authentication with Nexus authenticating to the remote repository. Note the repository itself must be configured to authenticate to the remote, the client authentication is not passed through.

luiscla27 · July 22, 2020, 7:40pm

I’am aware that the client authentication is not passed through, you’r saying that the following configuration inside Nexus should work, however is not…

The same credentials work into the client .npmrc file (skipping nexus), but they’r not working on Nexus (connecting nexus to the private repo).

What do you think about the Response contains no authentication challenges error?? have any advice of something that I should check??

mpiggott · July 24, 2020, 9:31pm

I think the issue is the npm remote you’re talking to wants preemptive authentication which is generally considered insecure.

There is the pre-emptive bearer token option in the http auth settings which you can try (sounds like maybe you did?), if that isn’t working for you and you don’t have a support contract with us you may need to talk to the npm private registry and understand why it isn’t working for you.