Adding to what Sebb said already below: - The redirect to Oracle SSO port 7777 does not appear to be SSL
- Try adding the Authorisation Manager as Sebb said, and use the 'HttpClient' HTTP Sampler (see below) - Try using the cookie manager (Unlikely to help since the start page doesn't issue a 'Set-Cookie:...' header in the HTTP response) Sebb, you said: > It's likely that the browser is getting the credentials from the > Windows login session, but JMeter (Java) cannot do that. I haven't used it myself, but the docs state the HTTP Authorization Manager, in conjunction with the 'HttpClient' HTTP Sampler, supports Windows NTLM authentication. Could this help Hiro? http://jakarta.apache.org/jmeter/usermanual/component_reference.html#HTT P_Authorization_Manager) (The 'Domain' and 'Realm' fields mention NTML authentication) -----Original Message----- From: sebb [mailto:[EMAIL PROTECTED] Sent: Monday, 20 October 2008 12:09 PM To: JMeter Users List Subject: Re: Oracle Single Sign-On redirect failure On 16/10/2008, Hiro Protagonist <[EMAIL PROTECTED]> wrote: > Hi team, > > I am trying to replay against an Oracle dashboard application (recording > with HTTP proxy works fine) and it fails on an implicit re-direct. This > single sign-on redirect gets the user's credentials from [*somewhere*] > and authenticates the user. > When I play back the initial page request, a redirect happens to the > authentication page, which comes back with a 401 Unauthorised response. > I am not sure what can be done about it, or even if the request is an > SSL-encrypted request. I am pretty sure that it would be, otherwise it > wouldn't be very good security. > I read this thread http://markmail.org/message/ofm3kqfvappuramw but this > is not what happens for me - no authentication pop-up window appears, > the request just fails. Below are the two requests; the first one that > succeeds and redirects, and the second one that fails. > > ========== > ========== > > Thread Name: Thread Group 1-1 > Sample Start: 2008-10-16 11:18:05 BST > Load time: 0 > Latency: 0 > Size in bytes: 917 > Sample Count: 1 > Error Count: 0 > Response code: 302 > Response message: Redirect to Oracle SSO Server > > Response headers: > HTTP/1.1 302 Redirect to Oracle SSO Server > Date: Thu, 16 Oct 2008 10:18:04 GMT > Server: Oracle-Application-Server-10g/10.1.3.1.0 Oracle-HTTP-Server > Location: > http://myserver:7777/pls/orasso/orasso.wwsso_app_admin.ls_login?Site2pst oreToken=v1.4~8D8A0B8B~blablabla > Keep-Alive: timeout=15, max=99 > Connection: Keep-Alive > Transfer-Encoding: chunked > Content-Type: text/html; charset=iso-8859-1 > > ========== > then the re-direct, and failure > ========== > > Thread Name: Thread Group 1-1 > Sample Start: 2008-10-16 11:18:05 BST > Load time: 0 > Latency: 0 > Size in bytes: 0 > Sample Count: 1 > Error Count: 1 > Response code: 401 > Response message: Unauthorized > > Response headers: > HTTP/1.1 401 Unauthorized > Date: Thu, 16 Oct 2008 10:18:04 GMT > Server: Oracle-Application-Server-10g/10.1.2.2.0 Oracle-HTTP-Server > Set-Cookie: > JSESSIONID=0a34001530d5baaf944b3cb84652a9d0c5d8610f6f23.e3aTb34SbNaSe34S a38Pa38Nc3b0n6jAmljGr5XDqQLvpAe; path=/sso > Cache-Control: private > WWW-Authenticate: Negotiate > WWW-Authenticate: Basic realm="SSO" > Keep-Alive: timeout=15, max=100 > Connection: Keep-Alive > Transfer-Encoding: chunked > Content-Type: application/octet-stream > > ========== > ========== > > Now, when I take that second request, and create a new HTTP request > manually (from the automatic redirect request), but make it https, I get > this error: > > javax.net.ssl.SSLException: Unrecognized SSL message, plaintext > connection? > at com.sun.net.ssl.internal.ssl.InputRecord.b(Unknown Source) > at com.sun.net.ssl.internal.ssl.InputRecord.read(Unknown Source) > at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(Unknown Source) > at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(Unknown Source) > at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown > Source) > at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source) > at > sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Un known Source) > at sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(Unknown > Source) > at > org.apache.jmeter.protocol.http.sampler.HTTPSampler.sample(HTTPSampler.j ava:431) > at > org.apache.jmeter.protocol.http.sampler.HTTPSamplerBase.sample(HTTPSampl erBase.java:1021) > at > org.apache.jmeter.protocol.http.sampler.HTTPSamplerBase.sample(HTTPSampl erBase.java:1007) > at org.apache.jmeter.threads.JMeterThread.run(JMeterThread.java:290) > at java.lang.Thread.run(Unknown Source) > > Can anyone help ? I am really stuck and not sure where to continue > investigating... > > Thanks in advance ! Have you set JMeter to use Follow redirects or Redirect Automatically? If so, turn these off. Also, add an Authorisation Manager to provide the required credentials. It's likely that the browser is getting the credentials from the Windows login session, but JMeter (Java) cannot do that. If there are still problems, the you'll need to compare what the browser is doing with what JMeter is doing, e.g. using a protocol analyser such as Wireshark, or using a browser addin that can capture the HTTP traffic. > hiro > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] The information contained in this email and any attached files are strictly private and confidential. This email should be read by the intended addressee only. If the recipient of this message is not the intended addressee, please call Corporate Express Australia Limited on +61 2 9335 0555 or Corporate Express New Zealand Limited on +64 9 279 2555 and promptly delete this email and any attachments. The intended recipient of this email may only use, reproduce, disclose or distribute the information contained in this email and any attached files with Corporate Express' permission. If you are not the intended addressee, you are strictly prohibited from using, reproducing, disclosing or distributing the information contained in this email and any attached files. Corporate Express advises that this email and any attached files should be scanned to detect viruses. Corporate Express accepts no liability for loss or damage (whether caused by negligence or not) resulting from the use of any attached files. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
