jmeter-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Felix Schumacher <felix.schumac...@internetallee.de>
Subject Re: Jmeter Kerberos
Date Thu, 07 Jun 2018 17:51:51 GMT


Am 06.06.2018 um 05:18 schrieb Swathi Chandrika:
> Hi ,
>
> I'm trying to use jmeter for Kerberos authentication but the authentication
> is not happening successfully.
>
> Here are the steps followed:
>
> 1.Updated the krb5.conf with right hosts and kdc details.
Could you show us the configuration? Replace the domain names with 
something you would be comfortable to share publicly - like 
domain.example.invalid and EXAMPLE.INVALID.
> 2. Add the applications url request (that is going to redirect to auth
> server and after successfully validation it will redirect to the
> application.)
> 3. Added the HTTP authorization manager and updated with the login
> information.

Have you set the JVM parameters

java.security.krb5.conf=krb5.conf
java.security.auth.login.config=jaas.conf

and do they point to the correct files?

I would use the newly added feature of specifying them in bin/setenv.sh 
(for a linux system) by adding something like

KRB_CONF=${JMETER_HOME}/bin/krb5.conf
JAAS_CONF=${JMETER_HOME}/bin/jaas.conf
export JMETER_OPTS="-Djava.security.krb5.conf=${KRB_CONF} 
-Djava.security.auth.login.config=${JAAS_CONF}"

to that (probably newly created) file.

If it still doesn't work. I would modify the jaas.conf file to include 
debug=true so that it would probably read:

  JMeter {
     com.sun.security.auth.module.Krb5LoginModule required
     doNotPrompt=false
     useKeyTab=false
     debug=true
     storeKey=false;
};

And always have a look in jmeter.log.

>
> Tried the following:
> 1. Add invalid login credentials, I get error in jmeter logs saying userid
> not found in kdc. So this make sure that kdc config is right.
Good.

> 1. If I run this script, the auth servers redirects back to the same since
> it was not able to authorize
Maybe the server has a problem then? Are there any messages in the logs?

> 2. If I add the http header and include the UserAgent string , I get an
> error saying:
Which header do you add?
>
> WARN  - org.apache.http.client.protocol.RequestTargetAuthentication:
> NEGOTIATE authentication error: No valid credentials provided (Mechanism
> level: No valid credentials provided (Mechanism level: Message stream
> modified (41)))
>
> WARN  - org.apache.http.client.protocol.RequestTargetAuthentication:
> NEGOTIATE authentication error: No valid credentials provided (Mechanism
> level: No valid credentials provided (Mechanism level: Message stream
> modified (41)))
>
> Response headers:
>
> Responsecode: 401
>
> Response message: Unauthorized
>
> Response headers:
>
> HTTP/1.1 401 Unauthorized
>
> Date: Tue, 05 Jun 2018 20:11:24 GMT
>
> Server:
>
> Content-Length: 0
>
> Connection: keep-alive
>
> Host: xxx.com
>
> User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows; Trident/6.0)
>
> WWW-Authenticate: Negotiate
>
>
>
> Did anyone come across similar issue? Any suggestions/pointers ?

What is the answer JMeter gives to this 401 request?

Regards,
  Felix

>
>
> Thank you.
>


---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@jmeter.apache.org
For additional commands, e-mail: user-help@jmeter.apache.org


Mime
View raw message