As a followup, I did sort out the logging configuration and it does look like HTTP Client is choosing Kerberos over NTLM even though Jmeter doesn't support it. Is this intended?
2012/11/13 12:17:56 DEBUG - org.apache.http.impl.client.DefaultTargetAuthenticationHandler: Authentication schemes in the order of preference: [negotiate, NTLM, Digest, Basic] 2012/11/13 12:17:56 DEBUG - org.apache.http.impl.client.DefaultTargetAuthenticationHandler: negotiate authentication scheme selected 2012/11/13 12:17:56 DEBUG - org.apache.http.impl.auth.NegotiateScheme: Received challenge '' from the auth server 2012/11/13 12:17:56 DEBUG - org.apache.http.client.protocol.RequestAddCookies: CookieSpec selected: ignoreCookies 2012/11/13 12:17:56 DEBUG - org.apache.http.client.protocol.RequestAuthCache: Auth cache not set in the context 2012/11/13 12:17:56 DEBUG - org.apache.http.impl.auth.NegotiateScheme: init <hostname> 2012/11/13 12:17:56 ERROR - org.apache.http.client.protocol.RequestTargetAuthentication: Authentication error: Invalid name provided (Mechanism level: Cannot locate default realm) -----Original Message----- From: HUSSEY, SCOTT T Sent: Tuesday, November 13, 2012 10:41 AM To: '[email protected]' Subject: HttpClient4 Selecting Authentication Method All, I'm trying to test a SharePoint 2010 site (Jmeter 2.7, JRE 1.6, Windows Server 2008). This site is configured to use Kerberos authentication, but fall back to NTLM if needed. 2012/11/13 08:19:10 DEBUG - httpclient.wire.header: << "WWW-Authenticate: Negotiate[\r][\n]" 2012/11/13 08:19:10 DEBUG - httpclient.wire.header: << "WWW-Authenticate: NTLM[\r][\n]" When I use HTTPClient 3.1 and enable trace, I see it selects NTLM but fails authentication because the site is using NTLM v2. When I switch to HTTPClient4 I only get the below error. I cannot figure out a way to enable more verbose output and do not know if this error is from HTTPClient4 attempting to use Kerberos (which it supports but Jmeter doesn't) or if it is from an NTLM issue. I'm leaning to the first issue of HTTPClient attempting to use Kerberos because a similar site setup as only NTLM works fine w/ HTTPClient4. I do have an HTTP Authorization Manager in scope with the domain and user account entered. 2012/11/13 08:06:02 ERROR - org.apache.http.client.protocol.RequestTargetAuthentication: Authentication error: Invalid name provided (Mechanism level: Cannot locate default realm) As a test, is there a way I can rewrite the server headers to remove " WWW-Authenticate: Negotiate" before HTTPClient responds? Thank you for your time. Scott --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
