Hi Sebb, If I remember correctly, my attempts to get it to work through Authorization Manager failed. However, it is entirely posible that my increasing frustration/panic had clouded my judgment/ability to use it correctly, so it may be PEBKAC all over again =) I think it didn't pick up what I had put into Authorization Manager and insisted on it being passed in header form.
hiro On Thu, 2008-10-23 at 13:54 +0100, sebb wrote: > On 23/10/2008, Hiro Protagonist <[EMAIL PROTECTED]> wrote: > > sebb, Sonam, > > > > After installing iehttpheaders (nice tool, easy to use and quite helpful > > in this instance !), I found out that there was an extra header that > > wasn't being captured by JMeter's proxy server. > > Which header was missing - Authorization? > > The JMeter proxy always removes Cookie and Authorization headers from > the generated Header Manager elements. > > Cookies are removed because those are handled by the Cookie Manager, > and Authorization because that is handled by the Authorization > Manager. > > Both of these header types normally need special processing, as they > are dynamic. > > The Proxy Manager documentation probably needs to make this clearer. > > > So, for everyone that needs to test against Oracle dashboard/reports in > > a single sign-on environment with JMeter, here's what you need: > > > > 1. Do NOT follow redirects on the home page call - this will let you > > capture the various session and view IDs, and token ID > > > > 2. On the orasso.wwsso_app_admin.ls_login page (which does the actual > > authentication and subsequent redirection if successful), you MUST > > include the "Authorization" header, and give it the Negotiate option, > > followed by the hashed password > > Or use the Authorization Manager. > > > 3. The next requests CAN follow redirects, and once you've gotten beyond > > point 2. above, you can figure it out. > > > > Thanks again guys for your help !! > > > > > > hiro > > > > > > P.S. I was lucky and the envorinment didn't have ssl enabled... > > > > > > On Mon, 2008-10-20 at 12:31 +1100, Sonam Chauhan wrote: > > > Adding to what Sebb said already below: > > > > > > - The redirect to Oracle SSO port 7777 does not appear to be SSL > > > > > > - Try adding the Authorisation Manager as Sebb said, and use the > > > 'HttpClient' HTTP Sampler (see below) > > > > > > - Try using the cookie manager > > > (Unlikely to help since the start page doesn't issue a 'Set-Cookie:...' > > > header in the HTTP response) > > > > > > Sebb, you said: > > > > It's likely that the browser is getting the credentials from the > > > > Windows login session, but JMeter (Java) cannot do that. > > > > > > I haven't used it myself, but the docs state the HTTP Authorization > > > Manager, in conjunction with the 'HttpClient' HTTP Sampler, supports > > > Windows NTLM authentication. Could this help Hiro? > > > http://jakarta.apache.org/jmeter/usermanual/component_reference.html#HTT > > > P_Authorization_Manager) > > > (The 'Domain' and 'Realm' fields mention NTML authentication) > > > > > > -----Original Message----- > > > From: sebb [mailto:[EMAIL PROTECTED] > > > Sent: Monday, 20 October 2008 12:09 PM > > > To: JMeter Users List > > > Subject: Re: Oracle Single Sign-On redirect failure > > > > > > On 16/10/2008, Hiro Protagonist <[EMAIL PROTECTED]> wrote: > > > > Hi team, > > > > > > > > I am trying to replay against an Oracle dashboard application > > > (recording > > > > with HTTP proxy works fine) and it fails on an implicit re-direct. > > > This > > > > single sign-on redirect gets the user's credentials from > > > [*somewhere*] > > > > and authenticates the user. > > > > When I play back the initial page request, a redirect happens to the > > > > authentication page, which comes back with a 401 Unauthorised > > > response. > > > > I am not sure what can be done about it, or even if the request is an > > > > SSL-encrypted request. I am pretty sure that it would be, otherwise > > > it > > > > wouldn't be very good security. > > > > I read this thread http://markmail.org/message/ofm3kqfvappuramw but > > > this > > > > is not what happens for me - no authentication pop-up window appears, > > > > the request just fails. Below are the two requests; the first one > > > that > > > > succeeds and redirects, and the second one that fails. > > > > > > > > ========== > > > > ========== > > > > > > > > Thread Name: Thread Group 1-1 > > > > Sample Start: 2008-10-16 11:18:05 BST > > > > Load time: 0 > > > > Latency: 0 > > > > Size in bytes: 917 > > > > Sample Count: 1 > > > > Error Count: 0 > > > > Response code: 302 > > > > Response message: Redirect to Oracle SSO Server > > > > > > > > Response headers: > > > > HTTP/1.1 302 Redirect to Oracle SSO Server > > > > Date: Thu, 16 Oct 2008 10:18:04 GMT > > > > Server: Oracle-Application-Server-10g/10.1.3.1.0 Oracle-HTTP-Server > > > > Location: > > > > > > > http://myserver:7777/pls/orasso/orasso.wwsso_app_admin.ls_login?Site2pst > > > oreToken=v1.4~8D8A0B8B~blablabla > > > > Keep-Alive: timeout=15, max=99 > > > > Connection: Keep-Alive > > > > Transfer-Encoding: chunked > > > > Content-Type: text/html; charset=iso-8859-1 > > > > > > > > ========== > > > > then the re-direct, and failure > > > > ========== > > > > > > > > Thread Name: Thread Group 1-1 > > > > Sample Start: 2008-10-16 11:18:05 BST > > > > Load time: 0 > > > > Latency: 0 > > > > Size in bytes: 0 > > > > Sample Count: 1 > > > > Error Count: 1 > > > > Response code: 401 > > > > Response message: Unauthorized > > > > > > > > Response headers: > > > > HTTP/1.1 401 Unauthorized > > > > Date: Thu, 16 Oct 2008 10:18:04 GMT > > > > Server: Oracle-Application-Server-10g/10.1.2.2.0 Oracle-HTTP-Server > > > > Set-Cookie: > > > > > > > JSESSIONID=0a34001530d5baaf944b3cb84652a9d0c5d8610f6f23.e3aTb34SbNaSe34S > > > a38Pa38Nc3b0n6jAmljGr5XDqQLvpAe; path=/sso > > > > Cache-Control: private > > > > WWW-Authenticate: Negotiate > > > > WWW-Authenticate: Basic realm="SSO" > > > > Keep-Alive: timeout=15, max=100 > > > > Connection: Keep-Alive > > > > Transfer-Encoding: chunked > > > > Content-Type: application/octet-stream > > > > > > > > ========== > > > > ========== > > > > > > > > Now, when I take that second request, and create a new HTTP request > > > > manually (from the automatic redirect request), but make it https, I > > > get > > > > this error: > > > > > > > > javax.net.ssl.SSLException: Unrecognized SSL message, plaintext > > > > connection? > > > > at com.sun.net.ssl.internal.ssl.InputRecord.b(Unknown Source) > > > > at com.sun.net.ssl.internal.ssl.InputRecord.read(Unknown > > > Source) > > > > at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(Unknown > > > Source) > > > > at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(Unknown > > > Source) > > > > at > > > com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown > > > > Source) > > > > at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown > > > Source) > > > > at > > > > > > > sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Un > > > known Source) > > > > at > > > sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(Unknown > > > > Source) > > > > at > > > > > > > org.apache.jmeter.protocol.http.sampler.HTTPSampler.sample(HTTPSampler.j > > > ava:431) > > > > at > > > > > > > org.apache.jmeter.protocol.http.sampler.HTTPSamplerBase.sample(HTTPSampl > > > erBase.java:1021) > > > > at > > > > > > > org.apache.jmeter.protocol.http.sampler.HTTPSamplerBase.sample(HTTPSampl > > > erBase.java:1007) > > > > at > > > org.apache.jmeter.threads.JMeterThread.run(JMeterThread.java:290) > > > > at java.lang.Thread.run(Unknown Source) > > > > > > > > Can anyone help ? I am really stuck and not sure where to continue > > > > investigating... > > > > > > > > Thanks in advance ! > > > > > > Have you set JMeter to use Follow redirects or Redirect Automatically? > > > If so, turn these off. > > > Also, add an Authorisation Manager to provide the required credentials. > > > > > > It's likely that the browser is getting the credentials from the > > > Windows login session, but JMeter (Java) cannot do that. > > > > > > If there are still problems, the you'll need to compare what the > > > browser is doing with what JMeter is doing, e.g. using a protocol > > > analyser such as Wireshark, or using a browser addin that can capture > > > the HTTP traffic. > > > > > > > hiro > > > > > > > > > > > > --------------------------------------------------------------------- > > > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > > > > > > > --------------------------------------------------------------------- > > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > > The information contained in this email and any attached files are > > strictly > > > private and confidential. This email should be read by the intended > > addressee > > > only. If the recipient of this message is not the intended addressee, > > please > > > call Corporate Express Australia Limited on +61 2 9335 0555 or Corporate > > Express > > > New Zealand Limited on +64 9 279 2555 and promptly delete this email and > > any > > > attachments. The intended recipient of this email may only use, > > reproduce, > > > disclose or distribute the information contained in this email and any > > attached > > > files with Corporate Express' permission. If you are not the intended > > addressee, > > > you are strictly prohibited from using, reproducing, disclosing or > > distributing > > > the information contained in this email and any attached files. > > Corporate > > > Express advises that this email and any attached files should be scanned > > to > > > detect viruses. Corporate Express accepts no liability for loss or damage > > > (whether caused by negligence or not) resulting from the use of any > > attached > > > files. > > > > > > --------------------------------------------------------------------- > > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
