-----Original Message----- From: Shmuel Krakower [mailto:[email protected]] Sent: Wednesday, November 14, 2012 8:00 AM To: JMeter Users List Subject: Re: HttpClient4 Selecting Authentication Method
>It means that SCOTT may succeed with his project :) >Sorry for not helping though, maybe other know better. Thanks for the feedback though. At least I believe it isn't something simple I missed. I'll continue to work on it and I'm going to attempt it with Jmeter 2.8 today. On Wed, Nov 14, 2012 at 3:45 PM, sebb <[email protected]> wrote: > On 14 November 2012 13:30, Shmuel Krakower <[email protected]> wrote: > > Hi Sebb, > > This is good news, last time we discussed this topic we agreed that NTLM > v2 > > is not supported by HC: > > > http://mail-archives.apache.org/mod_mbox/jmeter-user/201204.mbox/%3CCAOGo0VZnv3=q_w0mtgyuoghsfvjbw6+8tpwf+8bxvyyegdx...@mail.gmail.com%3E > > > > I think that in the link you provided they say that this is only somewhat > > supported with HC4.1 and later, but we only have HC4.0 on JMeter > > Depends on the jars that are included; 2.8 includes 4.2.1 > > > (or the name HTTPClient4 is misleading). > > 4 does not imply 4.0 only. > > > Anyhow this is good direction as I found NTLM not being supported in > JMeter > > as one of the key factors of Enterprises not tending to welcome JMeter > > (as NTLM authentication is very popular in intranet applications). > > Surely only applications which rely on Microsoft servers. > > > SCOTT - I have no suggestion for you. > > > > Shmuel Krakower. > > Beatsoo.org - re-use your jmeter scripts for application performance > > monitoring from worldwide locations for free. > > > > > > > > On Tue, Nov 13, 2012 at 10:51 PM, sebb <[email protected]> wrote: > > > >> On 13 November 2012 20:42, Shmuel Krakower <[email protected]> wrote: > >> > How did you figure that HC is choosing Kerberos? > >> > Anyway - NTLM v2 is not supported by JMeter and NTLM v1 is too old for > >> > being used in Sharepoint2010. > >> > >> HttpClient 4.x does support NTLMv2 [1], but the implementation is not > >> guaranteed to work with all providers. > >> > >> [1] http://hc.apache.org/httpcomponents-client-ga/ntlm.html > >> > >> > Sorry to ruin the party, but you cannot use JMeter for load testing a > >> NTLM > >> > v2 based application. > >> > You may only use anonymous users or switch to another authentication > >> method > >> > on the servers. > >> > > >> > Shmuel Krakower. > >> > Beatsoo.org - re-use your jmeter scripts for application performance > >> > monitoring from worldwide locations for free. > >> > > >> > > >> > > >> > On Tue, Nov 13, 2012 at 10:32 PM, HUSSEY, SCOTT T <[email protected]> > >> wrote: > >> > > >> >> As a followup, I did sort out the logging configuration and it does > look > >> >> like HTTP Client is choosing Kerberos over NTLM even though Jmeter > >> doesn't > >> >> support it. Is this intended? > >> >> > >> >> 2012/11/13 12:17:56 DEBUG - > >> >> org.apache.http.impl.client.DefaultTargetAuthenticationHandler: > >> >> Authentication schemes in the order of preference: [negotiate, NTLM, > >> >> Digest, Basic] > >> >> 2012/11/13 12:17:56 DEBUG - > >> >> org.apache.http.impl.client.DefaultTargetAuthenticationHandler: > >> negotiate > >> >> authentication scheme selected > >> >> 2012/11/13 12:17:56 DEBUG - > org.apache.http.impl.auth.NegotiateScheme: > >> >> Received challenge '' from the auth server > >> >> 2012/11/13 12:17:56 DEBUG - > >> >> org.apache.http.client.protocol.RequestAddCookies: CookieSpec > selected: > >> >> ignoreCookies > >> >> 2012/11/13 12:17:56 DEBUG - > >> >> org.apache.http.client.protocol.RequestAuthCache: Auth cache not set > in > >> the > >> >> context > >> >> 2012/11/13 12:17:56 DEBUG - > org.apache.http.impl.auth.NegotiateScheme: > >> >> init <hostname> > >> >> 2012/11/13 12:17:56 ERROR - > >> >> org.apache.http.client.protocol.RequestTargetAuthentication: > >> Authentication > >> >> error: Invalid name provided (Mechanism level: Cannot locate default > >> realm) > >> >> > >> >> -----Original Message----- > >> >> From: HUSSEY, SCOTT T > >> >> Sent: Tuesday, November 13, 2012 10:41 AM > >> >> To: '[email protected]' > >> >> Subject: HttpClient4 Selecting Authentication Method > >> >> > >> >> All, > >> >> I'm trying to test a SharePoint 2010 site (Jmeter 2.7, JRE 1.6, > >> Windows > >> >> Server 2008). This site is configured to use Kerberos authentication, > >> but > >> >> fall back to NTLM if needed. > >> >> > >> >> 2012/11/13 08:19:10 DEBUG - httpclient.wire.header: << > >> "WWW-Authenticate: > >> >> Negotiate[\r][\n]" > >> >> 2012/11/13 08:19:10 DEBUG - httpclient.wire.header: << > >> "WWW-Authenticate: > >> >> NTLM[\r][\n]" > >> >> > >> >> When I use HTTPClient 3.1 and enable trace, I see it selects NTLM but > >> >> fails authentication because the site is using NTLM v2. When I > switch to > >> >> HTTPClient4 I only get the below error. I cannot figure out a way to > >> enable > >> >> more verbose output and do not know if this error is from HTTPClient4 > >> >> attempting to use Kerberos (which it supports but Jmeter doesn't) or > if > >> it > >> >> is from an NTLM issue. I'm leaning to the first issue of HTTPClient > >> >> attempting to use Kerberos because a similar site setup as only NTLM > >> works > >> >> fine w/ HTTPClient4. I do have an HTTP Authorization Manager in scope > >> with > >> >> the domain and user account entered. > >> >> > >> >> 2012/11/13 08:06:02 ERROR - > >> >> org.apache.http.client.protocol.RequestTargetAuthentication: > >> Authentication > >> >> error: Invalid name provided (Mechanism level: Cannot locate default > >> realm) > >> >> > >> >> As a test, is there a way I can rewrite the server headers to remove > " > >> >> WWW-Authenticate: Negotiate" before HTTPClient responds? > >> >> > >> >> Thank you for your time. > >> >> > >> >> Scott > >> >> > >> >> --------------------------------------------------------------------- > >> >> To unsubscribe, e-mail: [email protected] > >> >> For additional commands, e-mail: [email protected] > >> >> > >> >> > >> > >> --------------------------------------------------------------------- > >> To unsubscribe, e-mail: [email protected] > >> For additional commands, e-mail: [email protected] > >> > >> > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > >
