Return-Path: 
 <user-return-38964-apmail-jmeter-user-archive=jmeter.apache.org@jmeter.apache.org>
X-Original-To: apmail-jmeter-user-archive@www.apache.org
Delivered-To: apmail-jmeter-user-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 79706DA38
	for <apmail-jmeter-user-archive@www.apache.org>;
 Tue, 13 Nov 2012 20:51:56 +0000 (UTC)
Received: (qmail 21787 invoked by uid 500); 13 Nov 2012 20:51:55 -0000
Delivered-To: apmail-jmeter-user-archive@jmeter.apache.org
Received: (qmail 21763 invoked by uid 500); 13 Nov 2012 20:51:55 -0000
Mailing-List: contact user-help@jmeter.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:user-help@jmeter.apache.org>
List-Unsubscribe: <mailto:user-unsubscribe@jmeter.apache.org>
List-Post: <mailto:user@jmeter.apache.org>
List-Id: <user.jmeter.apache.org>
Reply-To: "JMeter Users List" <user@jmeter.apache.org>
Delivered-To: mailing list user@jmeter.apache.org
Received: (qmail 21754 invoked by uid 99); 13 Nov 2012 20:51:55 -0000
Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230)
    by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 13 Nov 2012 20:51:55 +0000
X-ASF-Spam-Status: No, hits=-0.7 required=5.0
	tests=RCVD_IN_DNSWL_LOW,SPF_PASS
X-Spam-Check-By: apache.org
Received-SPF: pass (nike.apache.org: domain of sebbaz@gmail.com designates
 209.85.212.43 as permitted sender)
Received: from [209.85.212.43] (HELO mail-vb0-f43.google.com) (209.85.212.43)
    by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 13 Nov 2012 20:51:49 +0000
Received: by mail-vb0-f43.google.com with SMTP id fq11so8328759vbb.2
        for <user@jmeter.apache.org>; Tue, 13 Nov 2012 12:51:28 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:in-reply-to:references:date:message-id:subject:from:to
         :content-type;
        bh=DnMdqfprlBeyKW/Z0XYzhRoZMdi/kpoJS3gUDqHl/9c=;
        b=zrHhOz9t2GGmQAXps6HWoVjnHyH5l9I2Ypdoi31NP29wptvmMwY1YAgZhSIpB9uOHf
         626xYPvP0E/Zix7oUhyhdQerl5S6yuVA6szCCdGenUaPux+FnHgKqDQT7My6wUF+5M9J
         qJaHLsFtE+R3VQH5WY7uvoNxkWXHSu3wOy9EhSR+BKen8k8GASNJLUD5/5iNLuldRaFr
         E4LGuLONd0UnKfF6AZu0cP5Kfoj9fbBc4IWkzEL4UI536ypgcIKbdp++JB7LZuER8B/u
         lkJNA2e6ek0xEMDfzOXqR/Vy6Aar5/fzCXbA//uYzn8CF2nSDqbVG2XzA6Y6IuFqMGvB
         /z9w==
MIME-Version: 1.0
Received: by 10.52.75.72 with SMTP id a8mr29198239vdw.66.1352839888497; Tue,
 13 Nov 2012 12:51:28 -0800 (PST)
Received: by 10.58.172.71 with HTTP; Tue, 13 Nov 2012 12:51:28 -0800 (PST)
In-Reply-To: 
 <CAHnoMfre2geZiLQQAPNb37ktnXS79qxEsAb+4dU3ZkFVKEOAZA@mail.gmail.com>
References: 
 <B54AA9CBE88709438B7BB7AD8DD6465E0235E417@MOSTLS1MSGUSR9J.ITServices.sbc.com>
	<CAHnoMfre2geZiLQQAPNb37ktnXS79qxEsAb+4dU3ZkFVKEOAZA@mail.gmail.com>
Date: Tue, 13 Nov 2012 20:51:28 +0000
Message-ID: 
 <CAOGo0VbizyDDGXxosPqMjF8H4tOaPF2Ey5H2Ty+nqs1VDF2Rmw@mail.gmail.com>
Subject: Re: HttpClient4 Selecting Authentication Method
From: sebb <sebbaz@gmail.com>
To: JMeter Users List <user@jmeter.apache.org>
Content-Type: text/plain; charset=ISO-8859-1
X-Virus-Checked: Checked by ClamAV on apache.org

On 13 November 2012 20:42, Shmuel Krakower <shmulikk@gmail.com> wrote:
> How did you figure that HC is choosing Kerberos?
> Anyway - NTLM v2 is not supported by JMeter and NTLM v1 is too old for
> being used in Sharepoint2010.

HttpClient 4.x does support NTLMv2 [1], but the implementation is not
guaranteed to work with all providers.

[1] http://hc.apache.org/httpcomponents-client-ga/ntlm.html

> Sorry to ruin the party, but you cannot use JMeter for load testing a NTLM
> v2 based application.
> You may only use anonymous users or switch to another authentication method
> on the servers.
>
> Shmuel Krakower.
> Beatsoo.org - re-use your jmeter scripts for application performance
> monitoring from worldwide locations for free.
>
>
>
> On Tue, Nov 13, 2012 at 10:32 PM, HUSSEY, SCOTT T <sh8121@att.com> wrote:
>
>> As a followup, I did sort out the logging configuration and it does look
>> like HTTP Client is choosing Kerberos over NTLM even though Jmeter doesn't
>> support it. Is this intended?
>>
>> 2012/11/13 12:17:56 DEBUG -
>> org.apache.http.impl.client.DefaultTargetAuthenticationHandler:
>> Authentication schemes in the order of preference: [negotiate, NTLM,
>> Digest, Basic]
>> 2012/11/13 12:17:56 DEBUG -
>> org.apache.http.impl.client.DefaultTargetAuthenticationHandler: negotiate
>> authentication scheme selected
>> 2012/11/13 12:17:56 DEBUG - org.apache.http.impl.auth.NegotiateScheme:
>> Received challenge '' from the auth server
>> 2012/11/13 12:17:56 DEBUG -
>> org.apache.http.client.protocol.RequestAddCookies: CookieSpec selected:
>> ignoreCookies
>> 2012/11/13 12:17:56 DEBUG -
>> org.apache.http.client.protocol.RequestAuthCache: Auth cache not set in the
>> context
>> 2012/11/13 12:17:56 DEBUG - org.apache.http.impl.auth.NegotiateScheme:
>> init <hostname>
>> 2012/11/13 12:17:56 ERROR -
>> org.apache.http.client.protocol.RequestTargetAuthentication: Authentication
>> error: Invalid name provided (Mechanism level: Cannot locate default realm)
>>
>> -----Original Message-----
>> From: HUSSEY, SCOTT T
>> Sent: Tuesday, November 13, 2012 10:41 AM
>> To: 'user@jmeter.apache.org'
>> Subject: HttpClient4 Selecting Authentication Method
>>
>> All,
>>   I'm trying to test a SharePoint 2010 site (Jmeter 2.7, JRE 1.6, Windows
>> Server 2008). This site is configured to use Kerberos authentication, but
>> fall back to NTLM if needed.
>>
>> 2012/11/13 08:19:10 DEBUG - httpclient.wire.header: << "WWW-Authenticate:
>> Negotiate[\r][\n]"
>> 2012/11/13 08:19:10 DEBUG - httpclient.wire.header: << "WWW-Authenticate:
>> NTLM[\r][\n]"
>>
>> When I use HTTPClient 3.1 and enable trace, I see it selects NTLM but
>> fails authentication because the site is using NTLM v2. When I switch to
>> HTTPClient4 I only get the below error. I cannot figure out a way to enable
>> more verbose output and do not know if this error is from HTTPClient4
>> attempting to use Kerberos (which it supports but Jmeter doesn't) or if it
>> is from an NTLM issue. I'm leaning to the first issue of HTTPClient
>> attempting to use Kerberos because a similar site setup as only NTLM works
>> fine w/ HTTPClient4. I do have an HTTP Authorization Manager in scope with
>> the domain and user account entered.
>>
>> 2012/11/13 08:06:02 ERROR -
>> org.apache.http.client.protocol.RequestTargetAuthentication: Authentication
>> error: Invalid name provided (Mechanism level: Cannot locate default realm)
>>
>> As a test, is there a way I can rewrite the server headers to remove "
>> WWW-Authenticate: Negotiate" before HTTPClient responds?
>>
>> Thank you for your time.
>>
>> Scott
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: user-unsubscribe@jmeter.apache.org
>> For additional commands, e-mail: user-help@jmeter.apache.org
>>
>>

---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@jmeter.apache.org
For additional commands, e-mail: user-help@jmeter.apache.org