sebb, Sonam, After installing iehttpheaders (nice tool, easy to use and quite helpful in this instance !), I found out that there was an extra header that wasn't being captured by JMeter's proxy server.
So, for everyone that needs to test against Oracle dashboard/reports in a single sign-on environment with JMeter, here's what you need: 1. Do NOT follow redirects on the home page call - this will let you capture the various session and view IDs, and token ID 2. On the orasso.wwsso_app_admin.ls_login page (which does the actual authentication and subsequent redirection if successful), you MUST include the "Authorization" header, and give it the Negotiate option, followed by the hashed password 3. The next requests CAN follow redirects, and once you've gotten beyond point 2. above, you can figure it out. Thanks again guys for your help !! hiro P.S. I was lucky and the envorinment didn't have ssl enabled... On Mon, 2008-10-20 at 12:31 +1100, Sonam Chauhan wrote: > Adding to what Sebb said already below: > > - The redirect to Oracle SSO port 7777 does not appear to be SSL > > - Try adding the Authorisation Manager as Sebb said, and use the > 'HttpClient' HTTP Sampler (see below) > > - Try using the cookie manager > (Unlikely to help since the start page doesn't issue a 'Set-Cookie:...' > header in the HTTP response) > > Sebb, you said: > > It's likely that the browser is getting the credentials from the > > Windows login session, but JMeter (Java) cannot do that. > > I haven't used it myself, but the docs state the HTTP Authorization > Manager, in conjunction with the 'HttpClient' HTTP Sampler, supports > Windows NTLM authentication. Could this help Hiro? > http://jakarta.apache.org/jmeter/usermanual/component_reference.html#HTT > P_Authorization_Manager) > (The 'Domain' and 'Realm' fields mention NTML authentication) > > -----Original Message----- > From: sebb [mailto:[EMAIL PROTECTED] > Sent: Monday, 20 October 2008 12:09 PM > To: JMeter Users List > Subject: Re: Oracle Single Sign-On redirect failure > > On 16/10/2008, Hiro Protagonist <[EMAIL PROTECTED]> wrote: > > Hi team, > > > > I am trying to replay against an Oracle dashboard application > (recording > > with HTTP proxy works fine) and it fails on an implicit re-direct. > This > > single sign-on redirect gets the user's credentials from > [*somewhere*] > > and authenticates the user. > > When I play back the initial page request, a redirect happens to the > > authentication page, which comes back with a 401 Unauthorised > response. > > I am not sure what can be done about it, or even if the request is an > > SSL-encrypted request. I am pretty sure that it would be, otherwise > it > > wouldn't be very good security. > > I read this thread http://markmail.org/message/ofm3kqfvappuramw but > this > > is not what happens for me - no authentication pop-up window appears, > > the request just fails. Below are the two requests; the first one > that > > succeeds and redirects, and the second one that fails. > > > > ========== > > ========== > > > > Thread Name: Thread Group 1-1 > > Sample Start: 2008-10-16 11:18:05 BST > > Load time: 0 > > Latency: 0 > > Size in bytes: 917 > > Sample Count: 1 > > Error Count: 0 > > Response code: 302 > > Response message: Redirect to Oracle SSO Server > > > > Response headers: > > HTTP/1.1 302 Redirect to Oracle SSO Server > > Date: Thu, 16 Oct 2008 10:18:04 GMT > > Server: Oracle-Application-Server-10g/10.1.3.1.0 Oracle-HTTP-Server > > Location: > > > http://myserver:7777/pls/orasso/orasso.wwsso_app_admin.ls_login?Site2pst > oreToken=v1.4~8D8A0B8B~blablabla > > Keep-Alive: timeout=15, max=99 > > Connection: Keep-Alive > > Transfer-Encoding: chunked > > Content-Type: text/html; charset=iso-8859-1 > > > > ========== > > then the re-direct, and failure > > ========== > > > > Thread Name: Thread Group 1-1 > > Sample Start: 2008-10-16 11:18:05 BST > > Load time: 0 > > Latency: 0 > > Size in bytes: 0 > > Sample Count: 1 > > Error Count: 1 > > Response code: 401 > > Response message: Unauthorized > > > > Response headers: > > HTTP/1.1 401 Unauthorized > > Date: Thu, 16 Oct 2008 10:18:04 GMT > > Server: Oracle-Application-Server-10g/10.1.2.2.0 Oracle-HTTP-Server > > Set-Cookie: > > > JSESSIONID=0a34001530d5baaf944b3cb84652a9d0c5d8610f6f23.e3aTb34SbNaSe34S > a38Pa38Nc3b0n6jAmljGr5XDqQLvpAe; path=/sso > > Cache-Control: private > > WWW-Authenticate: Negotiate > > WWW-Authenticate: Basic realm="SSO" > > Keep-Alive: timeout=15, max=100 > > Connection: Keep-Alive > > Transfer-Encoding: chunked > > Content-Type: application/octet-stream > > > > ========== > > ========== > > > > Now, when I take that second request, and create a new HTTP request > > manually (from the automatic redirect request), but make it https, I > get > > this error: > > > > javax.net.ssl.SSLException: Unrecognized SSL message, plaintext > > connection? > > at com.sun.net.ssl.internal.ssl.InputRecord.b(Unknown Source) > > at com.sun.net.ssl.internal.ssl.InputRecord.read(Unknown > Source) > > at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(Unknown > Source) > > at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(Unknown > Source) > > at > com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown > > Source) > > at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown > Source) > > at > > > sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Un > known Source) > > at > sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(Unknown > > Source) > > at > > > org.apache.jmeter.protocol.http.sampler.HTTPSampler.sample(HTTPSampler.j > ava:431) > > at > > > org.apache.jmeter.protocol.http.sampler.HTTPSamplerBase.sample(HTTPSampl > erBase.java:1021) > > at > > > org.apache.jmeter.protocol.http.sampler.HTTPSamplerBase.sample(HTTPSampl > erBase.java:1007) > > at > org.apache.jmeter.threads.JMeterThread.run(JMeterThread.java:290) > > at java.lang.Thread.run(Unknown Source) > > > > Can anyone help ? I am really stuck and not sure where to continue > > investigating... > > > > Thanks in advance ! > > Have you set JMeter to use Follow redirects or Redirect Automatically? > If so, turn these off. > Also, add an Authorisation Manager to provide the required credentials. > > It's likely that the browser is getting the credentials from the > Windows login session, but JMeter (Java) cannot do that. > > If there are still problems, the you'll need to compare what the > browser is doing with what JMeter is doing, e.g. using a protocol > analyser such as Wireshark, or using a browser addin that can capture > the HTTP traffic. > > > hiro > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > The information contained in this email and any attached files are strictly > private and confidential. This email should be read by the intended addressee > only. If the recipient of this message is not the intended addressee, please > call Corporate Express Australia Limited on +61 2 9335 0555 or Corporate > Express > New Zealand Limited on +64 9 279 2555 and promptly delete this email and any > attachments. The intended recipient of this email may only use, reproduce, > disclose or distribute the information contained in this email and any > attached > files with Corporate Express' permission. If you are not the intended > addressee, > you are strictly prohibited from using, reproducing, disclosing or > distributing > the information contained in this email and any attached files. Corporate > Express advises that this email and any attached files should be scanned to > detect viruses. Corporate Express accepts no liability for loss or damage > (whether caused by negligence or not) resulting from the use of any attached > files. > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
