jmeter-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "HUSSEY, SCOTT T" <sh8...@att.com>
Subject RE: HttpClient4 Selecting Authentication Method
Date Tue, 13 Nov 2012 20:50:28 GMT
-----Original Message-----
From: Shmuel Krakower [mailto:shmulikk@gmail.com] 
Sent: Tuesday, November 13, 2012 2:42 PM
To: JMeter Users List
Subject: Re: HttpClient4 Selecting Authentication Method

> How did you figure that HC is choosing Kerberos?

I interpret this line as HTTPClient using SPEGNO/Kerberos. Maybe I misinterpret what the "negotiate"
scheme is.
2012/11/13 12:17:56 DEBUG - org.apache.http.impl.client.DefaultTargetAuthenticationHandler:
negotiate authentication scheme selected

>Anyway - NTLM v2 is not supported by JMeter and NTLM v1 is too old for
>being used in Sharepoint2010.

>Sorry to ruin the party, but you cannot use JMeter for load testing a NTLM
>v2 based application.
>You may only use anonymous users or switch to another authentication method
>on the servers.

I've read this, but I've been able to use NTLM w/ Jmeter + HC4 on SharePoint2010. The first
time I've had an issue is now
when Kerberos enters the picture. That is why I wanted to strip out the "WWW-Authenticate:
Negotiate" header
and attempt to force Jmeter to use NTLM.

On Tue, Nov 13, 2012 at 10:32 PM, HUSSEY, SCOTT T <sh8121@att.com> wrote:

> As a followup, I did sort out the logging configuration and it does look
> like HTTP Client is choosing Kerberos over NTLM even though Jmeter doesn't
> support it. Is this intended?
>
> 2012/11/13 12:17:56 DEBUG -
> org.apache.http.impl.client.DefaultTargetAuthenticationHandler:
> Authentication schemes in the order of preference: [negotiate, NTLM,
> Digest, Basic]
> 2012/11/13 12:17:56 DEBUG -
> org.apache.http.impl.client.DefaultTargetAuthenticationHandler: negotiate
> authentication scheme selected
> 2012/11/13 12:17:56 DEBUG - org.apache.http.impl.auth.NegotiateScheme:
> Received challenge '' from the auth server
> 2012/11/13 12:17:56 DEBUG -
> org.apache.http.client.protocol.RequestAddCookies: CookieSpec selected:
> ignoreCookies
> 2012/11/13 12:17:56 DEBUG -
> org.apache.http.client.protocol.RequestAuthCache: Auth cache not set in the
> context
> 2012/11/13 12:17:56 DEBUG - org.apache.http.impl.auth.NegotiateScheme:
> init <hostname>
> 2012/11/13 12:17:56 ERROR -
> org.apache.http.client.protocol.RequestTargetAuthentication: Authentication
> error: Invalid name provided (Mechanism level: Cannot locate default realm)
>
> -----Original Message-----
> From: HUSSEY, SCOTT T
> Sent: Tuesday, November 13, 2012 10:41 AM
> To: 'user@jmeter.apache.org'
> Subject: HttpClient4 Selecting Authentication Method
>
> All,
>   I'm trying to test a SharePoint 2010 site (Jmeter 2.7, JRE 1.6, Windows
> Server 2008). This site is configured to use Kerberos authentication, but
> fall back to NTLM if needed.
>
> 2012/11/13 08:19:10 DEBUG - httpclient.wire.header: << "WWW-Authenticate:
> Negotiate[\r][\n]"
> 2012/11/13 08:19:10 DEBUG - httpclient.wire.header: << "WWW-Authenticate:
> NTLM[\r][\n]"
>
> When I use HTTPClient 3.1 and enable trace, I see it selects NTLM but
> fails authentication because the site is using NTLM v2. When I switch to
> HTTPClient4 I only get the below error. I cannot figure out a way to enable
> more verbose output and do not know if this error is from HTTPClient4
> attempting to use Kerberos (which it supports but Jmeter doesn't) or if it
> is from an NTLM issue. I'm leaning to the first issue of HTTPClient
> attempting to use Kerberos because a similar site setup as only NTLM works
> fine w/ HTTPClient4. I do have an HTTP Authorization Manager in scope with
> the domain and user account entered.
>
> 2012/11/13 08:06:02 ERROR -
> org.apache.http.client.protocol.RequestTargetAuthentication: Authentication
> error: Invalid name provided (Mechanism level: Cannot locate default realm)
>
> As a test, is there a way I can rewrite the server headers to remove "
> WWW-Authenticate: Negotiate" before HTTPClient responds?
>
> Thank you for your time.
>
> Scott
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscribe@jmeter.apache.org
> For additional commands, e-mail: user-help@jmeter.apache.org
>
>
Mime
View raw message