jmeter-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Fergal Hanley <fergalhan...@gmail.com>
Subject Re: Strange behavior when performing basic authentication
Date Fri, 30 Nov 2012 03:04:04 GMT
Thanks Chaitanya, unfortunately disabling NTLM in this environment is not
an easy option :-/

I'm considering the possibility of using a separate authentication proxy.
Right now I'm looking at cntlm (http://cntlm.sourceforge.net/).  Do you
know if this is a viable workaround or heard of a similar approach?

Thanks,
Fergal

On Fri, Nov 30, 2012 at 11:40 AM, chaitanya bhatt <bhatt.chaitanya@gmail.com
> wrote:

> The reason why the replay worked for you the first time is because of the
> SSO capability of the domain driver. Your md4 hash key was valid until the
> activity timeout occurred on the server side. Once your hash expires you
> won't be able to authenticate until you/jmeter negotiates with the server
> and create a new digest key. Part of the auth key is generate on the client
> side. So, you won't be able to replay just by grabbing the server returned
> AuthKey and plugging it in subsequent requests.
>
> In my opinion your best bet is to disable NTML and test your application.
>
> Thanks
> Chaitanya M Bhatt
>
> On Thu, Nov 29, 2012 at 4:03 PM, Fergal Hanley <fergalhanley@gmail.com
> >wrote:
>
> > *Scott:*
> >
> > Thanks for getting back to me. I've tried turning all my sampler
> > implementations to HttpClient 4 but now I'm getting for each request:
> >
> > Response code: 407
> > Response message: Proxy Authentication Required
> >
> > However I've got my proxy settings configured correctly:
> >
> > https.proxyHost=internetproxy
> > https.proxyPort=3128
> > http.proxyHost=internetproxy
> > http.proxyPort=3128
> >
> >
> > *Chaitanya:*
> >
> > I'm attempting to capture the headers your talking about and pass them
> into
> > each request. Using Fiddler I've captured the traffic between the web
> > server and JMeter when playing back the samplers. I did this first when
> > JMeter was in the state where is was unable to authenticate and then
> > secondly when it *was* able authenticate (i.e. after recording
> something).
> > I saved the data from both sessions and compared them in a diff tool but
> > strangely there's no difference in the headers of the initial calls but
> > "post-recording", JMeter was able to authenticate and redirect to the
> > appropriate address. See the paste bins below with the data from the
> > requests:
> >
> > Before recording:
> > http://pastebin.com/Gwb4tgRV
> >
> > After recording:
> > http://pastebin.com/Aqv9Ljti
> >
> >
> > Much appreciated,
> >
> > Fergal
> >
> >
> > On Fri, Nov 30, 2012 at 9:43 AM, chaitanya bhatt
> > <bhatt.chaitanya@gmail.com>wrote:
> >
> > > Authenticating the base URL isn't sufficient. NTLM V2 requires a header
> > > value with auth key in each and every request without which you won't
> be
> > > able to successfully replay. Jmeter has limitations when it comes to
> NTLM
> > > V2.
> > >
> > > Wish you luck!
> > >
> > > Thanks
> > > Chaitanya
> > >
> > > On Thu, Nov 29, 2012 at 2:31 PM, HUSSEY, SCOTT T <sh8121@att.com>
> wrote:
> > >
> > > > I've found HTTPClient 4 to be the best for NTLM authentication. I
> have
> > > > seen issues where I recorded using the Java implementation w/ the
> proxy
> > > > server and then switched to HTTPClient4 for playback w/ the best
> > results.
> > > >
> > > > > -----Original Message-----
> > > > > From: Fergal Hanley [mailto:fergalhanley@gmail.com]
> > > > > Sent: Thursday, November 29, 2012 4:29 PM
> > > > > To: user@jmeter.apache.org
> > > > > Subject: Strange behavior when performing basic authentication
> > > > >
> > > > > I'm getting some strange behavior when attempting to use JMeter to
> > > > > perform
> > > > > basic authentication against a web application.
> > > > >
> > > > > I'm using the Authorization Manager for NTLM authentication. When
I
> > > > > attempt
> > > > > to play back my script I get a 401 Unauthorized error response.
> I'f I
> > > > fire
> > > > > up the JMeter proxy server and record a snippet of script from the
> > very
> > > > > server I'm attempting to hit in my test, and then I play back the
> > > script
> > > > > after this, it can authenticate. Does the fact that record change
> > > > something
> > > > > in JMeter to make authorization work? This effect is retained as
> long
> > > as
> > > > I
> > > > > keep the JMeter application open but lost when I close and reopen
> the
> > > > tool.
> > > > >
> > > > > Other details about the test plan:
> > > > >
> > > > >
> > > > >    1. I'm using Java implementation calls, HttpClient 3.1 and 4
> never
> > > > worked
> > > > >    2. Calls are being made through an internet proxy that I've
> > > configured
> > > > >    in jmeter.properties
> > > > >    3. The application I'm targeting is a SharePoint site
> > > > >    4. I'm using the HTTP Authorization Manager for server
> > > authentication
> > > > >    5. I left the JMeter application open over night in a state
> where
> > it
> > > > was
> > > > >    able to play back the requests. When I came in the next day it
> was
> > > > still
> > > > >    able to play back the requests but when I restarted the
> > application
> > > > it was
> > > > >    once again unable to make the requests.
> > > > >
> > > > >
> > > > > Any help would be greatly appreciated,
> > > > >
> > > > > Thank you,
> > > > > Fergal
> > > >
> > > > ---------------------------------------------------------------------
> > > > To unsubscribe, e-mail: user-unsubscribe@jmeter.apache.org
> > > > For additional commands, e-mail: user-help@jmeter.apache.org
> > > >
> > > >
> > >
> >
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message