--- C:/Users/wittich/Desktop/kerberos_.py	Mo  9. Mrz 14:04:14 2020
+++ C:/Users/wittich/Desktop/kerberos_proxy.py	Mo  9. Mrz 14:04:52 2020
@@ -88 +88,4 @@ def _negotiate_value(response):
-    authreq = response.headers.get('www-authenticate', None)
+    if response.status_code == 401:
+        authreq = response.headers.get('www-authenticate', None)
+    else:
+        authreq = response.headers.get('proxy-authenticate', None)
@@ -266,3 +269,8 @@ class HTTPKerberosAuth(AuthBase):
-        log.debug("authenticate_user(): Authorization header: {0}".format(
-            auth_header))
-        response.request.headers['Authorization'] = auth_header
+        if response.status_code == 401:
+            log.debug("authenticate_user(): Authorization header: {0}".format(
+                auth_header))
+            response.request.headers['Authorization'] = auth_header
+        elif response.status_code == 407:
+            log.debug("authenticate_user(): Proxy-Authorization header: {0}".format(
+                auth_header))
+            response.request.headers['Proxy-Authorization'] = auth_header
@@ -293,0 +302,13 @@ class HTTPKerberosAuth(AuthBase):
+    def handle_407(self, response, **kwargs):
+        """Handles 407's, attempts to use gssapi/kerberos authentication"""
+
+        log.debug("handle_407(): Handling: 407")
+        if _negotiate_value(response) is not None:
+            _r = self.authenticate_user(response, **kwargs)
+            log.debug("handle_407(): returning {0}".format(_r))
+            return _r
+        else:
+            log.debug("handle_407(): Kerberos is not supported")
+            log.debug("handle_407(): returning {0}".format(response))
+            return response
+
@@ -376,0 +398 @@ class HTTPKerberosAuth(AuthBase):
+        num_407s = kwargs.pop('num_407s', 0)
@@ -409,0 +432,13 @@ class HTTPKerberosAuth(AuthBase):
+        elif response.status_code == 407 and num_407s < 2:
+            # 407 Unauthorized. Handle it, and if it still comes back as 401,
+            # that means authentication failed.
+            _r = self.handle_407(response, **kwargs)
+            log.debug("handle_response(): returning %s", _r)
+            log.debug("handle_response() has seen %d 407 responses", num_407s)
+            num_407s += 1
+            return self.handle_response(_r, num_407s=num_407s, **kwargs)
+        elif response.status_code == 407 and num_407s >= 2:
+            # Still receiving 407 responses after attempting to handle them.
+            # Authentication has failed. Return the 407 response.
+            log.debug("handle_response(): returning 407 %s", response)
+            return response