jmeter-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "HUSSEY, SCOTT T" <sh8...@att.com>
Subject RE: HttpClient4 Selecting Authentication Method
Date Wed, 14 Nov 2012 20:03:31 GMT
-----Original Message-----
From: HUSSEY, SCOTT T 

>>It means that SCOTT may succeed with his project :)
>>Sorry for not helping though, maybe other know better.

>Thanks for the feedback though. At least I believe it isn't something simple I missed.
I'll continue to work on it and I'm going to attempt it with Jmeter 2.8 today.

Trying it with Jmeter 2.8 and the corresponding HTTPClient 4.2.1, it looks like the issue
is resolved. HTTPclient gracefully fails from Negotiate scheme and utilizes NTLM scheme. NTLM
is now failing, but that is probably a different issue. Thanks for the time.

On Wed, Nov 14, 2012 at 3:45 PM, sebb <sebbaz@gmail.com> wrote:

> On 14 November 2012 13:30, Shmuel Krakower <shmulikk@gmail.com> wrote:
> > Hi Sebb,
> > This is good news, last time we discussed this topic we agreed that NTLM
> v2
> > is not supported by HC:
> >
> http://mail-archives.apache.org/mod_mbox/jmeter-user/201204.mbox/%3CCAOGo0VZnv3=Q_W0MTGYuOGHSfVjBW6+8TpWF+8bxvyyEgdX_hw@mail.gmail.com%3E
> >
> > I think that in the link you provided they say that this is only somewhat
> > supported with HC4.1 and later, but we only have HC4.0 on JMeter
>
> Depends on the jars that are included; 2.8 includes 4.2.1
>
> > (or the name HTTPClient4 is misleading).
>
> 4 does not imply 4.0 only.
>
> > Anyhow this is good direction as I found NTLM not being supported in
> JMeter
> > as one of the key factors of Enterprises not tending to welcome JMeter
> > (as NTLM authentication is very popular in intranet applications).
>
> Surely only applications which rely on Microsoft servers.
>
> > SCOTT - I have no suggestion for you.
> >
> > Shmuel Krakower.
> > Beatsoo.org - re-use your jmeter scripts for application performance
> > monitoring from worldwide locations for free.
> >
> >
> >
> > On Tue, Nov 13, 2012 at 10:51 PM, sebb <sebbaz@gmail.com> wrote:
> >
> >> On 13 November 2012 20:42, Shmuel Krakower <shmulikk@gmail.com> wrote:
> >> > How did you figure that HC is choosing Kerberos?
> >> > Anyway - NTLM v2 is not supported by JMeter and NTLM v1 is too old for
> >> > being used in Sharepoint2010.
> >>
> >> HttpClient 4.x does support NTLMv2 [1], but the implementation is not
> >> guaranteed to work with all providers.
> >>
> >> [1] http://hc.apache.org/httpcomponents-client-ga/ntlm.html
> >>
> >> > Sorry to ruin the party, but you cannot use JMeter for load testing a
> >> NTLM
> >> > v2 based application.
> >> > You may only use anonymous users or switch to another authentication
> >> method
> >> > on the servers.
> >> >
> >> > Shmuel Krakower.
> >> > Beatsoo.org - re-use your jmeter scripts for application performance
> >> > monitoring from worldwide locations for free.
> >> >
> >> >
> >> >
> >> > On Tue, Nov 13, 2012 at 10:32 PM, HUSSEY, SCOTT T <sh8121@att.com>
> >> wrote:
> >> >
> >> >> As a followup, I did sort out the logging configuration and it does
> look
> >> >> like HTTP Client is choosing Kerberos over NTLM even though Jmeter
> >> doesn't
> >> >> support it. Is this intended?
> >> >>
> >> >> 2012/11/13 12:17:56 DEBUG -
> >> >> org.apache.http.impl.client.DefaultTargetAuthenticationHandler:
> >> >> Authentication schemes in the order of preference: [negotiate, NTLM,
> >> >> Digest, Basic]
> >> >> 2012/11/13 12:17:56 DEBUG -
> >> >> org.apache.http.impl.client.DefaultTargetAuthenticationHandler:
> >> negotiate
> >> >> authentication scheme selected
> >> >> 2012/11/13 12:17:56 DEBUG -
> org.apache.http.impl.auth.NegotiateScheme:
> >> >> Received challenge '' from the auth server
> >> >> 2012/11/13 12:17:56 DEBUG -
> >> >> org.apache.http.client.protocol.RequestAddCookies: CookieSpec
> selected:
> >> >> ignoreCookies
> >> >> 2012/11/13 12:17:56 DEBUG -
> >> >> org.apache.http.client.protocol.RequestAuthCache: Auth cache not set
> in
> >> the
> >> >> context
> >> >> 2012/11/13 12:17:56 DEBUG -
> org.apache.http.impl.auth.NegotiateScheme:
> >> >> init <hostname>
> >> >> 2012/11/13 12:17:56 ERROR -
> >> >> org.apache.http.client.protocol.RequestTargetAuthentication:
> >> Authentication
> >> >> error: Invalid name provided (Mechanism level: Cannot locate default
> >> realm)
> >> >>
> >> >> -----Original Message-----
> >> >> From: HUSSEY, SCOTT T
> >> >> Sent: Tuesday, November 13, 2012 10:41 AM
> >> >> To: 'user@jmeter.apache.org'
> >> >> Subject: HttpClient4 Selecting Authentication Method
> >> >>
> >> >> All,
> >> >>   I'm trying to test a SharePoint 2010 site (Jmeter 2.7, JRE 1.6,
> >> Windows
> >> >> Server 2008). This site is configured to use Kerberos authentication,
> >> but
> >> >> fall back to NTLM if needed.
> >> >>
> >> >> 2012/11/13 08:19:10 DEBUG - httpclient.wire.header: <<
> >> "WWW-Authenticate:
> >> >> Negotiate[\r][\n]"
> >> >> 2012/11/13 08:19:10 DEBUG - httpclient.wire.header: <<
> >> "WWW-Authenticate:
> >> >> NTLM[\r][\n]"
> >> >>
> >> >> When I use HTTPClient 3.1 and enable trace, I see it selects NTLM but
> >> >> fails authentication because the site is using NTLM v2. When I
> switch to
> >> >> HTTPClient4 I only get the below error. I cannot figure out a way to
> >> enable
> >> >> more verbose output and do not know if this error is from HTTPClient4
> >> >> attempting to use Kerberos (which it supports but Jmeter doesn't) or
> if
> >> it
> >> >> is from an NTLM issue. I'm leaning to the first issue of HTTPClient
> >> >> attempting to use Kerberos because a similar site setup as only NTLM
> >> works
> >> >> fine w/ HTTPClient4. I do have an HTTP Authorization Manager in scope
> >> with
> >> >> the domain and user account entered.
> >> >>
> >> >> 2012/11/13 08:06:02 ERROR -
> >> >> org.apache.http.client.protocol.RequestTargetAuthentication:
> >> Authentication
> >> >> error: Invalid name provided (Mechanism level: Cannot locate default
> >> realm)
> >> >>
> >> >> As a test, is there a way I can rewrite the server headers to remove
> "
> >> >> WWW-Authenticate: Negotiate" before HTTPClient responds?
> >> >>
> >> >> Thank you for your time.
> >> >>
> >> >> Scott
> >> >>
> >> >> ---------------------------------------------------------------------
> >> >> To unsubscribe, e-mail: user-unsubscribe@jmeter.apache.org
> >> >> For additional commands, e-mail: user-help@jmeter.apache.org
> >> >>
> >> >>
> >>
> >> ---------------------------------------------------------------------
> >> To unsubscribe, e-mail: user-unsubscribe@jmeter.apache.org
> >> For additional commands, e-mail: user-help@jmeter.apache.org
> >>
> >>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscribe@jmeter.apache.org
> For additional commands, e-mail: user-help@jmeter.apache.org
>
>
Mime
View raw message