Azure API Management Self Hosted via NTLM Proxy
I am attempting to configure API Management Self Hosted in our Enterprise (running in Kubernetes). It needs to access the service endpoint via an Enterprise proxy, which uses NTLM authentication.
To do this, I have setup HTTPS_PROXY=http://username:password@proxyurl:80 as per https://learn.microsoft.com/en-us/azure/api-management/how-to-self-hosted-gateway-on-kubernetes-in-production
With this set, I can use curl from a shell within the container and successfully access the internet via the defined proxy.
However, when the Self Hosted gateway itself tries to start I get the following error: -
[ConfigurationApiUnreachable], exception: System.ComponentModel.Win32Exception (0x80090020): GSSAPI operation failed with error - An invalid name was supplied (Configuration file does not specify default realm).
It appears to me that it is trying to do something "clever" and expects Kerberos etc to be configured on the client.
When using curl etc, the username:password is passed directly to the proxy to authenticate, but in this case it appears that the API gateway (or I suspect, specifically the AspNet libraries on which it's built are).
I can "get round" this by setting up a CNTLM proxy and configuring the self hosted container to use that, but that's a somewhat less secure workaround so wondering if anyone has had similar and has a better way around this?
Thanks