jmeter-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From sebb <seb...@gmail.com>
Subject Re: HttpClient4 Selecting Authentication Method
Date Wed, 14 Nov 2012 13:45:15 GMT
On 14 November 2012 13:30, Shmuel Krakower <shmulikk@gmail.com> wrote:
> Hi Sebb,
> This is good news, last time we discussed this topic we agreed that NTLM v2
> is not supported by HC:
> http://mail-archives.apache.org/mod_mbox/jmeter-user/201204.mbox/%3CCAOGo0VZnv3=Q_W0MTGYuOGHSfVjBW6+8TpWF+8bxvyyEgdX_hw@mail.gmail.com%3E
>
> I think that in the link you provided they say that this is only somewhat
> supported with HC4.1 and later, but we only have HC4.0 on JMeter

Depends on the jars that are included; 2.8 includes 4.2.1

> (or the name HTTPClient4 is misleading).

4 does not imply 4.0 only.

> Anyhow this is good direction as I found NTLM not being supported in JMeter
> as one of the key factors of Enterprises not tending to welcome JMeter
> (as NTLM authentication is very popular in intranet applications).

Surely only applications which rely on Microsoft servers.

> SCOTT - I have no suggestion for you.
>
> Shmuel Krakower.
> Beatsoo.org - re-use your jmeter scripts for application performance
> monitoring from worldwide locations for free.
>
>
>
> On Tue, Nov 13, 2012 at 10:51 PM, sebb <sebbaz@gmail.com> wrote:
>
>> On 13 November 2012 20:42, Shmuel Krakower <shmulikk@gmail.com> wrote:
>> > How did you figure that HC is choosing Kerberos?
>> > Anyway - NTLM v2 is not supported by JMeter and NTLM v1 is too old for
>> > being used in Sharepoint2010.
>>
>> HttpClient 4.x does support NTLMv2 [1], but the implementation is not
>> guaranteed to work with all providers.
>>
>> [1] http://hc.apache.org/httpcomponents-client-ga/ntlm.html
>>
>> > Sorry to ruin the party, but you cannot use JMeter for load testing a
>> NTLM
>> > v2 based application.
>> > You may only use anonymous users or switch to another authentication
>> method
>> > on the servers.
>> >
>> > Shmuel Krakower.
>> > Beatsoo.org - re-use your jmeter scripts for application performance
>> > monitoring from worldwide locations for free.
>> >
>> >
>> >
>> > On Tue, Nov 13, 2012 at 10:32 PM, HUSSEY, SCOTT T <sh8121@att.com>
>> wrote:
>> >
>> >> As a followup, I did sort out the logging configuration and it does look
>> >> like HTTP Client is choosing Kerberos over NTLM even though Jmeter
>> doesn't
>> >> support it. Is this intended?
>> >>
>> >> 2012/11/13 12:17:56 DEBUG -
>> >> org.apache.http.impl.client.DefaultTargetAuthenticationHandler:
>> >> Authentication schemes in the order of preference: [negotiate, NTLM,
>> >> Digest, Basic]
>> >> 2012/11/13 12:17:56 DEBUG -
>> >> org.apache.http.impl.client.DefaultTargetAuthenticationHandler:
>> negotiate
>> >> authentication scheme selected
>> >> 2012/11/13 12:17:56 DEBUG - org.apache.http.impl.auth.NegotiateScheme:
>> >> Received challenge '' from the auth server
>> >> 2012/11/13 12:17:56 DEBUG -
>> >> org.apache.http.client.protocol.RequestAddCookies: CookieSpec selected:
>> >> ignoreCookies
>> >> 2012/11/13 12:17:56 DEBUG -
>> >> org.apache.http.client.protocol.RequestAuthCache: Auth cache not set in
>> the
>> >> context
>> >> 2012/11/13 12:17:56 DEBUG - org.apache.http.impl.auth.NegotiateScheme:
>> >> init <hostname>
>> >> 2012/11/13 12:17:56 ERROR -
>> >> org.apache.http.client.protocol.RequestTargetAuthentication:
>> Authentication
>> >> error: Invalid name provided (Mechanism level: Cannot locate default
>> realm)
>> >>
>> >> -----Original Message-----
>> >> From: HUSSEY, SCOTT T
>> >> Sent: Tuesday, November 13, 2012 10:41 AM
>> >> To: 'user@jmeter.apache.org'
>> >> Subject: HttpClient4 Selecting Authentication Method
>> >>
>> >> All,
>> >>   I'm trying to test a SharePoint 2010 site (Jmeter 2.7, JRE 1.6,
>> Windows
>> >> Server 2008). This site is configured to use Kerberos authentication,
>> but
>> >> fall back to NTLM if needed.
>> >>
>> >> 2012/11/13 08:19:10 DEBUG - httpclient.wire.header: <<
>> "WWW-Authenticate:
>> >> Negotiate[\r][\n]"
>> >> 2012/11/13 08:19:10 DEBUG - httpclient.wire.header: <<
>> "WWW-Authenticate:
>> >> NTLM[\r][\n]"
>> >>
>> >> When I use HTTPClient 3.1 and enable trace, I see it selects NTLM but
>> >> fails authentication because the site is using NTLM v2. When I switch to
>> >> HTTPClient4 I only get the below error. I cannot figure out a way to
>> enable
>> >> more verbose output and do not know if this error is from HTTPClient4
>> >> attempting to use Kerberos (which it supports but Jmeter doesn't) or if
>> it
>> >> is from an NTLM issue. I'm leaning to the first issue of HTTPClient
>> >> attempting to use Kerberos because a similar site setup as only NTLM
>> works
>> >> fine w/ HTTPClient4. I do have an HTTP Authorization Manager in scope
>> with
>> >> the domain and user account entered.
>> >>
>> >> 2012/11/13 08:06:02 ERROR -
>> >> org.apache.http.client.protocol.RequestTargetAuthentication:
>> Authentication
>> >> error: Invalid name provided (Mechanism level: Cannot locate default
>> realm)
>> >>
>> >> As a test, is there a way I can rewrite the server headers to remove "
>> >> WWW-Authenticate: Negotiate" before HTTPClient responds?
>> >>
>> >> Thank you for your time.
>> >>
>> >> Scott
>> >>
>> >> ---------------------------------------------------------------------
>> >> To unsubscribe, e-mail: user-unsubscribe@jmeter.apache.org
>> >> For additional commands, e-mail: user-help@jmeter.apache.org
>> >>
>> >>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: user-unsubscribe@jmeter.apache.org
>> For additional commands, e-mail: user-help@jmeter.apache.org
>>
>>

---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@jmeter.apache.org
For additional commands, e-mail: user-help@jmeter.apache.org


Mime
View raw message