jmeter-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Martijn de Vrieze <martijndevri...@qa-rocks.com>
Subject Re: Jmeter user authentication over Kerberos not succeeding
Date Fri, 16 Jan 2015 08:58:39 GMT
krb5.conf

[libdefaults]
default_realm = TEST.NL
default_tkt_enctypes = aes256-cts-hmac-sha1-96,aes128-cts-hmac-sha1-96
default_tgs_enctypes = aes256-cts-hmac-sha1-96,aes128-cts-hmac-sha1-96
forwardable=true

[realms]
TEST.NL = {
        kdc = tst-crm20.test.nl:443
}

[domain_realm]
test.nl= TEST.NL
.test.nl= TEST.NL

[appdefaults]
 pam = {
   debug = false
   ticket_lifetime = 36000
   renew_lifetime = 36000
   forwardable = true
   krb4_convert = false
 }

jaas.conf


JMeter {
    com.sun.security.auth.module.Krb5LoginModule required
    doNotPrompt=false
    useKeyTab=false
    storeKey=false;
};

On rerunning I recieved the following error (which I have not seen before:
2015/01/16 09:57:52 WARN  -
org.apache.http.client.protocol.RequestTargetAuthentication: NEGOTIATE
authentication error: No valid credentials provided (Mechanism level: No
valid credentials provided (Mechanism level: Failed to find any Kerberos
tgt))

*Martijn de Vrieze*


Phone: +31618707784 | Skype: martijndevrieze | gtalk:
martijndevrieze@qa-rocks.com | Twitter:
http://www.twitter.com/martijndevrieze | Linkedin:
http://www.linkedin.com/in/martijndevrieze | Home:
http://www.martijndevrieze.nl

On Fri, Jan 16, 2015 at 9:01 AM, Felix Schumacher <
felix.schumacher@internetallee.de> wrote:

> Am 15.01.2015 22:48, schrieb Martijn de Vrieze:
>
>  I have been struggling somewhat with JMeter and kerberos lately. Google so
>> far has not been able to help me out with the issue I am facing.
>>
>> The system under test is a Microsoft CRM 2013 platform, up until a few
>> days
>> ago my tests worked fine since basic auth was switched on. However on the
>> most recent drop with changes they also switched over to kerberos auth
>> only.
>>
>> I have:
>>  * filled in the KRB5.CONF with all relevant information
>>  * HTTP AUTH Manager in the script with base URL, username, password,
>> domain and KERBEROS filled in
>> * HTTP Request defaults to ensure and enforce HTTP4 use, HTTPS over port
>> 443 and the same base URL all over the place
>>
>> However I cannot get it to work properly, logging in simply refuses to
>> work
>> for me. I'd really appreciate some help here, I use Jmeter fairly often,
>> with this I am however completely stuck.
>>
>> When running the first step, which instantly receives the KERBEROS ath
>> request I get the following in my logs:
>>
>> 2015/01/15 17:13:02 INFO  - jmeter.threads.JMeterThread: Thread started:
>> Jmeter 1-1
>> 2015/01/15 17:13:02 INFO  - jmeter.services.FileServer: Stored: users.csv
>> 2015/01/15 17:13:02 DEBUG - jmeter.protocol.http.control.CacheManager:
>> GET(OAH) http://tst-crm20.test.nl/TEST/main.aspx null
>> 2015/01/15 17:13:02 DEBUG - jmeter.protocol.http.control.
>> HC4CookieHandler:
>> Found 0 cookies for http://tst-crm20.test.nl/TEST/main.aspx
>> 2015/01/15 17:13:02 DEBUG - jmeter.protocol.http.control.CacheManager:
>> inCache http://tst-crm20.test.nl/TEST/main.aspx null
>> 2015/01/15 17:13:02 DEBUG - jmeter.protocol.http.control.AuthManager:
>> Target URL strings to match against: http://tst-crm20.test.nl/TEST/
>> main.aspx
>>  and http://tst-crm20.test.nl:80/TEST/main.aspx
>> <http://tst-crm20.test.nl/TEST/main.aspx>
>> 2015/01/15 17:13:02 DEBUG - jmeter.protocol.http.control.AuthManager:
>> Checking match against auth'n entry: http://tst-crm20.test.nl
>> 2015/01/15 17:13:02 DEBUG - jmeter.protocol.http.control.AuthManager:
>> Matched
>> 2015/01/15 17:13:02 DEBUG - jmeter.protocol.http.control.AuthManager:
>> Target URL strings to match against: http://tst-crm20.test.nl/TEST/
>> main.aspx
>>  and http://tst-crm20.test.nl:80/TEST/main.aspx
>> <http://tst-crm20.test.nl/TEST/main.aspx>
>> 2015/01/15 17:13:02 DEBUG - jmeter.protocol.http.control.AuthManager:
>> Checking match against auth'n entry: http://tst-crm20.test.nl
>> 2015/01/15 17:13:02 DEBUG - jmeter.protocol.http.control.AuthManager:
>> Matched
>> 2015/01/15 17:13:02 DEBUG - jmeter.protocol.http.control.AuthManager:
>> m.devrieze > D=TEST R= M=KERBEROS
>> 2015/01/15 17:13:02 DEBUG - jmeter.protocol.http.control.CacheManager:
>> GET(OAH) http://tst-crm20.test.nl/TEST/main.aspx null
>> 2015/01/15 17:13:02 DEBUG - jmeter.protocol.http.control.
>> HC4CookieHandler:
>> Found 0 cookies for http://tst-crm20.test.nl/TEST/main.aspx
>> 2015/01/15 17:13:02 DEBUG - jmeter.protocol.http.control.CacheManager:
>> inCache http://tst-crm20.test.nl/TEST/main.aspx null
>> 2015/01/15 17:13:02 DEBUG - jmeter.protocol.http.control.AuthManager:
>> Target URL strings to match against: http://tst-crm20.test.nl/TEST/
>> main.aspx
>>  and http://tst-crm20.test.nl:80/TEST/main.aspx
>> <http://tst-crm20.test.nl/TEST/main.aspx>
>> 2015/01/15 17:13:02 DEBUG - jmeter.protocol.http.control.AuthManager:
>> Checking match against auth'n entry: http://tst-crm20.test.nl
>> 2015/01/15 17:13:02 DEBUG - jmeter.protocol.http.control.AuthManager:
>> Matched
>> 2015/01/15 17:13:02 DEBUG - jmeter.protocol.http.control.KerberosManager:
>> Subject cached:[] before:m.devrieze
>> 2015/01/15 17:14:32 WARN  - jmeter.protocol.http.control.KerberosManager:
>> Could not log in user m.devrieze javax.security.auth.login.
>> LoginException:
>> Receive timed out
>>
> It seems, that the kerberos server did not answer the request for a
> service ticket (at least not within the default timeout of 30s).
> Could you rerun the test with the java system property
> "sun.security.krb5.debug" set to true?
>
> Could you post the contents of your krb5.conf and jaas.conf file?
>
> Regards
>  Felix
>
>>
>> *Thanks! *
>>
>> *Martijn de Vrieze*
>>
>>
>> Skype: martijndevrieze | gtalk: martijndevrieze@qa-rocks.com | Twitter:
>> http://www.twitter.com/martijndevrieze |
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscribe@jmeter.apache.org
> For additional commands, e-mail: user-help@jmeter.apache.org
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message