- Customers may face the below tunneling error while invoking the service via Proxy.

- This error is also faced by any protocol using HTTPS Tunneling.

Error:

+++++++++++++++++++++++++++++++++++++++++++++++++++++++

Caused by: com.sun.xml.ws.client.ClientTransportException: HTTP transport error: java.io.IOException: Unable to tunnel through proxy. Proxy returns "HTTP/1.1 407 Proxy Authentication Required"
    at com.sun.xml.ws.transport.http.client.HttpClientTransport.getOutput(HttpClientTransport.java:135)
    at com.sun.xml.ws.transport.http.client.HttpTransportPipe.process(HttpTransportPipe.java:163)
    at com.sun.xml.ws.transport.http.client.HttpTransportPipe.processRequest(HttpTransportPipe.java:95)
    at com.sun.xml.ws.transport.DeferredTransportPipe.processRequest(DeferredTransportPipe.java:133)
    at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:629)
    at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:588)
    at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:573)
    at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:470)
    at com.sun.xml.ws.client.Stub.process(Stub.java:319)
    at com.sun.xml.ws.client.sei.SEIStub.doProcess(SEIStub.java:157)
    at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:109)
    at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:89)
    at com.sun.xml.ws.client.sei.SEIStub.invoke(SEIStub.java:140)
    at com.sun.proxy.$Proxy42.trust13Issue(Unknown Source)
    at com.tibco.ax.fw.saml.sbr.BCVANguardSTSClient.issue(BCVANguardSTSClient.java:812)
    ... 7 more
Caused by: java.io.IOException: Unable to tunnel through proxy. Proxy returns "HTTP/1.1 407 Proxy Authentication Required"
    at sun.net.www.protocol.http.HttpURLConnection.doTunneling(HttpURLConnection.java:2142)
    at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:183)
    at sun.net.www.protocol.http.HttpURLConnection.getOutputStream0(HttpURLConnection.java:1334)
    at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:1309)
    at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:259)
    at com.sun.xml.ws.transport.http.client.HttpClientTransport.getOutput(HttpClientTransport.java:123)
    
+++++++++++++++++++++++++++++++++++++++++++++++++++++++

How to resolve "Unable to tunnel through proxy" error.

All supporting platforms.

- In some environments, certain authentication schemes may be undesirable when proxying HTTPS. Hence, the Basic authentication scheme has been deactivated, by default, in the Oracle Java Runtime, by adding Basic to the jdk.http.auth.tunneling.disabledSchemes networking property.  Consequently, proxies requiring Basic authentication when setting up a tunnel for HTTPS will no longer succeed.

If required, this authentication scheme can be reactivated by removing Basic from the jdk.http.auth.tunneling.disabledSchemes networking property, or by setting a system property of the same name to "" ( empty ) on the command line.

- So as per Oracle Java Update, one should disable "Basic authentication for HTTPS tunneling".

In order to achieve this, follow the below steps:

1. Open the net.properties from the below location:

     TIBCO_Home\tibcojre64\1.8.0\lib\net.properties

2. Make the below change:

From  

"jdk.http.auth.tunneling.disabledSchemes=Basic" 

to

jdk.http.auth.tunneling.disabledSchemes="" 

3. Save the file.

4. After making those changes, restart all TIBCO services including Interior Server, Gateway Server, and other TIBCO products.

https://www.oracle.com/technetwork/java/javase/8u111-relnotes-3124969.html