On 16/10/2008, Hiro Protagonist <[EMAIL PROTECTED]> wrote: > Hi team, > > I am trying to replay against an Oracle dashboard application (recording > with HTTP proxy works fine) and it fails on an implicit re-direct. This > single sign-on redirect gets the user's credentials from [*somewhere*] > and authenticates the user. > When I play back the initial page request, a redirect happens to the > authentication page, which comes back with a 401 Unauthorised response. > I am not sure what can be done about it, or even if the request is an > SSL-encrypted request. I am pretty sure that it would be, otherwise it > wouldn't be very good security. > I read this thread http://markmail.org/message/ofm3kqfvappuramw but this > is not what happens for me - no authentication pop-up window appears, > the request just fails. Below are the two requests; the first one that > succeeds and redirects, and the second one that fails. > > ========== > ========== > > Thread Name: Thread Group 1-1 > Sample Start: 2008-10-16 11:18:05 BST > Load time: 0 > Latency: 0 > Size in bytes: 917 > Sample Count: 1 > Error Count: 0 > Response code: 302 > Response message: Redirect to Oracle SSO Server > > Response headers: > HTTP/1.1 302 Redirect to Oracle SSO Server > Date: Thu, 16 Oct 2008 10:18:04 GMT > Server: Oracle-Application-Server-10g/10.1.3.1.0 Oracle-HTTP-Server > Location: > > http://myserver:7777/pls/orasso/orasso.wwsso_app_admin.ls_login?Site2pstoreToken=v1.4~8D8A0B8B~blablabla > Keep-Alive: timeout=15, max=99 > Connection: Keep-Alive > Transfer-Encoding: chunked > Content-Type: text/html; charset=iso-8859-1 > > ========== > then the re-direct, and failure > ========== > > Thread Name: Thread Group 1-1 > Sample Start: 2008-10-16 11:18:05 BST > Load time: 0 > Latency: 0 > Size in bytes: 0 > Sample Count: 1 > Error Count: 1 > Response code: 401 > Response message: Unauthorized > > Response headers: > HTTP/1.1 401 Unauthorized > Date: Thu, 16 Oct 2008 10:18:04 GMT > Server: Oracle-Application-Server-10g/10.1.2.2.0 Oracle-HTTP-Server > Set-Cookie: > > JSESSIONID=0a34001530d5baaf944b3cb84652a9d0c5d8610f6f23.e3aTb34SbNaSe34Sa38Pa38Nc3b0n6jAmljGr5XDqQLvpAe; > path=/sso > Cache-Control: private > WWW-Authenticate: Negotiate > WWW-Authenticate: Basic realm="SSO" > Keep-Alive: timeout=15, max=100 > Connection: Keep-Alive > Transfer-Encoding: chunked > Content-Type: application/octet-stream > > ========== > ========== > > Now, when I take that second request, and create a new HTTP request > manually (from the automatic redirect request), but make it https, I get > this error: > > javax.net.ssl.SSLException: Unrecognized SSL message, plaintext > connection? > at com.sun.net.ssl.internal.ssl.InputRecord.b(Unknown Source) > at com.sun.net.ssl.internal.ssl.InputRecord.read(Unknown Source) > at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(Unknown Source) > at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(Unknown Source) > at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown > Source) > at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source) > at > > sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown > Source) > at sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(Unknown > Source) > at > > org.apache.jmeter.protocol.http.sampler.HTTPSampler.sample(HTTPSampler.java:431) > at > > org.apache.jmeter.protocol.http.sampler.HTTPSamplerBase.sample(HTTPSamplerBase.java:1021) > at > > org.apache.jmeter.protocol.http.sampler.HTTPSamplerBase.sample(HTTPSamplerBase.java:1007) > at org.apache.jmeter.threads.JMeterThread.run(JMeterThread.java:290) > at java.lang.Thread.run(Unknown Source) > > Can anyone help ? I am really stuck and not sure where to continue > investigating... > > Thanks in advance !
Have you set JMeter to use Follow redirects or Redirect Automatically? If so, turn these off. Also, add an Authorisation Manager to provide the required credentials. It's likely that the browser is getting the credentials from the Windows login session, but JMeter (Java) cannot do that. If there are still problems, the you'll need to compare what the browser is doing with what JMeter is doing, e.g. using a protocol analyser such as Wireshark, or using a browser addin that can capture the HTTP traffic. > hiro > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
