jmeter-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Martijn de Vrieze <martijndevri...@qa-rocks.com>
Subject Re: Jmeter user authentication over Kerberos not succeeding
Date Fri, 16 Jan 2015 10:57:10 GMT
Started to debug the connection a bit more....

when I check in Wireshark on the auth handshake between my browser and the
CRM I see no UDP traffic, I only see it passing as TCP and as TLS1.2 can I
force Jmeter to use TCP/TLS1.2 for the kerberos handshake?

*Martijn de Vrieze*


Phone: +31618707784 | Skype: martijndevrieze | gtalk:
martijndevrieze@qa-rocks.com | Twitter:
http://www.twitter.com/martijndevrieze | Linkedin:
http://www.linkedin.com/in/martijndevrieze | Home:
http://www.martijndevrieze.nl

On Fri, Jan 16, 2015 at 10:21 AM, Felix Schumacher <
felix.schumacher@internetallee.de> wrote:

> Am 16.01.2015 09:58, schrieb Martijn de Vrieze:
>
>> krb5.conf
>>
>> [libdefaults]
>> default_realm = TEST.NL
>> default_tkt_enctypes = aes256-cts-hmac-sha1-96,aes128-cts-hmac-sha1-96
>> default_tgs_enctypes = aes256-cts-hmac-sha1-96,aes128-cts-hmac-sha1-96
>> forwardable=true
>>
>> [realms]
>> TEST.NL = {
>>         kdc = tst-crm20.test.nl:443
>>
> This is a strange port for a kdc. I would expect it to listen on 88.
>
>  }
>>
>> [domain_realm]
>> test.nl= TEST.NL
>> .test.nl= TEST.NL
>>
>> [appdefaults]
>>  pam = {
>>    debug = false
>>    ticket_lifetime = 36000
>>    renew_lifetime = 36000
>>    forwardable = true
>>    krb4_convert = false
>>  }
>>
>> jaas.conf
>>
>>
>> JMeter {
>>     com.sun.security.auth.module.Krb5LoginModule required
>>     doNotPrompt=false
>>     useKeyTab=false
>>     storeKey=false;
>> };
>>
>> On rerunning I recieved the following error (which I have not seen before:
>> 2015/01/16 09:57:52 WARN  -
>> org.apache.http.client.protocol.RequestTargetAuthentication: NEGOTIATE
>> authentication error: No valid credentials provided (Mechanism level: No
>> valid credentials provided (Mechanism level: Failed to find any Kerberos
>> tgt))
>>
> That is probably because you don't connect to the right port and noone
> responds to you. Try another kdc port.
>
> Regards
>  Felix
>
>>
>> *Martijn de Vrieze*
>>
>>
>>
>> Phone: +31618707784 | Skype: martijndevrieze | gtalk:
>> martijndevrieze@qa-rocks.com | Twitter:
>> http://www.twitter.com/martijndevrieze | Linkedin:
>> http://www.linkedin.com/in/martijndevrieze | Home:
>> http://www.martijndevrieze.nl
>>
>> On Fri, Jan 16, 2015 at 9:01 AM, Felix Schumacher <
>> felix.schumacher@internetallee.de> wrote:
>>
>>  Am 15.01.2015 22:48, schrieb Martijn de Vrieze:
>>>
>>>  I have been struggling somewhat with JMeter and kerberos lately. Google
>>> so
>>>
>>>> far has not been able to help me out with the issue I am facing.
>>>>
>>>> The system under test is a Microsoft CRM 2013 platform, up until a few
>>>> days
>>>> ago my tests worked fine since basic auth was switched on. However on
>>>> the
>>>> most recent drop with changes they also switched over to kerberos auth
>>>> only.
>>>>
>>>> I have:
>>>>  * filled in the KRB5.CONF with all relevant information
>>>>  * HTTP AUTH Manager in the script with base URL, username, password,
>>>> domain and KERBEROS filled in
>>>> * HTTP Request defaults to ensure and enforce HTTP4 use, HTTPS over port
>>>> 443 and the same base URL all over the place
>>>>
>>>> However I cannot get it to work properly, logging in simply refuses to
>>>> work
>>>> for me. I'd really appreciate some help here, I use Jmeter fairly often,
>>>> with this I am however completely stuck.
>>>>
>>>> When running the first step, which instantly receives the KERBEROS ath
>>>> request I get the following in my logs:
>>>>
>>>> 2015/01/15 17:13:02 INFO  - jmeter.threads.JMeterThread: Thread started:
>>>> Jmeter 1-1
>>>> 2015/01/15 17:13:02 INFO  - jmeter.services.FileServer: Stored:
>>>> users.csv
>>>> 2015/01/15 17:13:02 DEBUG - jmeter.protocol.http.control.CacheManager:
>>>> GET(OAH) http://tst-crm20.test.nl/TEST/main.aspx null
>>>> 2015/01/15 17:13:02 DEBUG - jmeter.protocol.http.control.
>>>> HC4CookieHandler:
>>>> Found 0 cookies for http://tst-crm20.test.nl/TEST/main.aspx
>>>> 2015/01/15 17:13:02 DEBUG - jmeter.protocol.http.control.CacheManager:
>>>> inCache http://tst-crm20.test.nl/TEST/main.aspx null
>>>> 2015/01/15 17:13:02 DEBUG - jmeter.protocol.http.control.AuthManager:
>>>> Target URL strings to match against: http://tst-crm20.test.nl/TEST/
>>>> main.aspx
>>>>  and http://tst-crm20.test.nl:80/TEST/main.aspx
>>>> <http://tst-crm20.test.nl/TEST/main.aspx>
>>>> 2015/01/15 17:13:02 DEBUG - jmeter.protocol.http.control.AuthManager:
>>>> Checking match against auth'n entry: http://tst-crm20.test.nl
>>>> 2015/01/15 17:13:02 DEBUG - jmeter.protocol.http.control.AuthManager:
>>>> Matched
>>>> 2015/01/15 17:13:02 DEBUG - jmeter.protocol.http.control.AuthManager:
>>>> Target URL strings to match against: http://tst-crm20.test.nl/TEST/
>>>> main.aspx
>>>>  and http://tst-crm20.test.nl:80/TEST/main.aspx
>>>> <http://tst-crm20.test.nl/TEST/main.aspx>
>>>> 2015/01/15 17:13:02 DEBUG - jmeter.protocol.http.control.AuthManager:
>>>> Checking match against auth'n entry: http://tst-crm20.test.nl
>>>> 2015/01/15 17:13:02 DEBUG - jmeter.protocol.http.control.AuthManager:
>>>> Matched
>>>> 2015/01/15 17:13:02 DEBUG - jmeter.protocol.http.control.AuthManager:
>>>> m.devrieze > D=TEST R= M=KERBEROS
>>>> 2015/01/15 17:13:02 DEBUG - jmeter.protocol.http.control.CacheManager:
>>>> GET(OAH) http://tst-crm20.test.nl/TEST/main.aspx null
>>>> 2015/01/15 17:13:02 DEBUG - jmeter.protocol.http.control.
>>>> HC4CookieHandler:
>>>> Found 0 cookies for http://tst-crm20.test.nl/TEST/main.aspx
>>>> 2015/01/15 17:13:02 DEBUG - jmeter.protocol.http.control.CacheManager:
>>>> inCache http://tst-crm20.test.nl/TEST/main.aspx null
>>>> 2015/01/15 17:13:02 DEBUG - jmeter.protocol.http.control.AuthManager:
>>>> Target URL strings to match against: http://tst-crm20.test.nl/TEST/
>>>> main.aspx
>>>>  and http://tst-crm20.test.nl:80/TEST/main.aspx
>>>> <http://tst-crm20.test.nl/TEST/main.aspx>
>>>> 2015/01/15 17:13:02 DEBUG - jmeter.protocol.http.control.AuthManager:
>>>> Checking match against auth'n entry: http://tst-crm20.test.nl
>>>> 2015/01/15 17:13:02 DEBUG - jmeter.protocol.http.control.AuthManager:
>>>> Matched
>>>> 2015/01/15 17:13:02 DEBUG - jmeter.protocol.http.control.
>>>> KerberosManager:
>>>> Subject cached:[] before:m.devrieze
>>>> 2015/01/15 17:14:32 WARN  - jmeter.protocol.http.control.
>>>> KerberosManager:
>>>> Could not log in user m.devrieze javax.security.auth.login.
>>>> LoginException:
>>>> Receive timed out
>>>>
>>>>  It seems, that the kerberos server did not answer the request for a
>>> service ticket (at least not within the default timeout of 30s).
>>> Could you rerun the test with the java system property
>>> "sun.security.krb5.debug" set to true?
>>>
>>> Could you post the contents of your krb5.conf and jaas.conf file?
>>>
>>> Regards
>>>  Felix
>>>
>>>
>>>> *Thanks! *
>>>>
>>>> *Martijn de Vrieze*
>>>>
>>>>
>>>> Skype: martijndevrieze | gtalk: martijndevrieze@qa-rocks.com | Twitter:
>>>> http://www.twitter.com/martijndevrieze |
>>>>
>>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: user-unsubscribe@jmeter.apache.org
>>> For additional commands, e-mail: user-help@jmeter.apache.org
>>>
>>>
>>>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscribe@jmeter.apache.org
> For additional commands, e-mail: user-help@jmeter.apache.org
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message