-----Original Message----- From: Shmuel Krakower [mailto:[email protected]] Sent: Tuesday, November 13, 2012 2:42 PM To: JMeter Users List Subject: Re: HttpClient4 Selecting Authentication Method
> How did you figure that HC is choosing Kerberos? I interpret this line as HTTPClient using SPEGNO/Kerberos. Maybe I misinterpret what the "negotiate" scheme is. 2012/11/13 12:17:56 DEBUG - org.apache.http.impl.client.DefaultTargetAuthenticationHandler: negotiate authentication scheme selected >Anyway - NTLM v2 is not supported by JMeter and NTLM v1 is too old for >being used in Sharepoint2010. >Sorry to ruin the party, but you cannot use JMeter for load testing a NTLM >v2 based application. >You may only use anonymous users or switch to another authentication method >on the servers. I've read this, but I've been able to use NTLM w/ Jmeter + HC4 on SharePoint2010. The first time I've had an issue is now when Kerberos enters the picture. That is why I wanted to strip out the "WWW-Authenticate: Negotiate" header and attempt to force Jmeter to use NTLM. On Tue, Nov 13, 2012 at 10:32 PM, HUSSEY, SCOTT T <[email protected]> wrote: > As a followup, I did sort out the logging configuration and it does look > like HTTP Client is choosing Kerberos over NTLM even though Jmeter doesn't > support it. Is this intended? > > 2012/11/13 12:17:56 DEBUG - > org.apache.http.impl.client.DefaultTargetAuthenticationHandler: > Authentication schemes in the order of preference: [negotiate, NTLM, > Digest, Basic] > 2012/11/13 12:17:56 DEBUG - > org.apache.http.impl.client.DefaultTargetAuthenticationHandler: negotiate > authentication scheme selected > 2012/11/13 12:17:56 DEBUG - org.apache.http.impl.auth.NegotiateScheme: > Received challenge '' from the auth server > 2012/11/13 12:17:56 DEBUG - > org.apache.http.client.protocol.RequestAddCookies: CookieSpec selected: > ignoreCookies > 2012/11/13 12:17:56 DEBUG - > org.apache.http.client.protocol.RequestAuthCache: Auth cache not set in the > context > 2012/11/13 12:17:56 DEBUG - org.apache.http.impl.auth.NegotiateScheme: > init <hostname> > 2012/11/13 12:17:56 ERROR - > org.apache.http.client.protocol.RequestTargetAuthentication: Authentication > error: Invalid name provided (Mechanism level: Cannot locate default realm) > > -----Original Message----- > From: HUSSEY, SCOTT T > Sent: Tuesday, November 13, 2012 10:41 AM > To: '[email protected]' > Subject: HttpClient4 Selecting Authentication Method > > All, > I'm trying to test a SharePoint 2010 site (Jmeter 2.7, JRE 1.6, Windows > Server 2008). This site is configured to use Kerberos authentication, but > fall back to NTLM if needed. > > 2012/11/13 08:19:10 DEBUG - httpclient.wire.header: << "WWW-Authenticate: > Negotiate[\r][\n]" > 2012/11/13 08:19:10 DEBUG - httpclient.wire.header: << "WWW-Authenticate: > NTLM[\r][\n]" > > When I use HTTPClient 3.1 and enable trace, I see it selects NTLM but > fails authentication because the site is using NTLM v2. When I switch to > HTTPClient4 I only get the below error. I cannot figure out a way to enable > more verbose output and do not know if this error is from HTTPClient4 > attempting to use Kerberos (which it supports but Jmeter doesn't) or if it > is from an NTLM issue. I'm leaning to the first issue of HTTPClient > attempting to use Kerberos because a similar site setup as only NTLM works > fine w/ HTTPClient4. I do have an HTTP Authorization Manager in scope with > the domain and user account entered. > > 2012/11/13 08:06:02 ERROR - > org.apache.http.client.protocol.RequestTargetAuthentication: Authentication > error: Invalid name provided (Mechanism level: Cannot locate default realm) > > As a test, is there a way I can rewrite the server headers to remove " > WWW-Authenticate: Negotiate" before HTTPClient responds? > > Thank you for your time. > > Scott > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > >
