Am 10.09.20 um 14:48 schrieb SAS:
> Hi Felix,
>
> Can you please let me know if you have a solution for this issue?
Please, write to the mailing list, not to the responder directly.
Well, I have no direct solution for you, as I don't know enough about
your setup. But I have tried to simulate a NTLM server that is reached
through JMeter as a proxy.
For that I setup the test plan that I attached. It was set up with the
template "Recording with think time" and I added a mirror server element
to the thread group. Both the mirror server and the proxy server need to
be started. The proxy will listen on port 8888 and the mirror server on
port 8081.
Now to simulate a NTLM authenticating server I use the features of the
mirror server, where you can specify the response headers in the request
headers using X-SetHeaders and X-SetResponseStatus and generated the
request using curl (under linux):
$ http_proxy=http://localhost:8888 curl --ntlm -u user:password -D - -H
"X-SetHeaders: something: strange|www-authenticate: Negotiate" -H
"X-SetResponseStatus: 401" localhost:8081
HTTP/1.0 200 OK
Content-Type: text/plain
something: strange
www-authenticate: Negotiate
GET / HTTP/1.1
Connection: close
Authorization: NTLM TlRMTVNTUAABAAAABoIIAAAAAAAAAAAAAAAAAAAAAAA=
X-SetResponseStatus: 401
Host: localhost:8081
User-Agent: curl/7.68.0
Accept: */*
X-SetHeaders: something: strange|www-authenticate: Negotiate
As you can see (besides the strange header and the munged headers), the
client got the www-authenticate header and responded with an
authorization header. Inside JMeter you can find the requests both in
the View Results Tree and the recording controller. In the test plan
JMeter should have added a HTTP authorization manager with an entry for
the server.
I suggest you try to setup this simple test for yourself and see, if you
can find all the requests that were made during the recording. After
that, I would repeat the more complex setup you are trying and try to
find differences in the recorded samples.
Felix
>
> Thanks
> Sastry
>
> On Wed, Sep 9, 2020 at 2:42 PM SAS <sastry...@gmail.com
> <mailto:sastry...@gmail.com>> wrote:
>
> here are response headers:
>
> HTTP/1.1 401 Unauthorized
> Content-Type: text/html; charset=us-ascii
> Server: Microsoft-HTTPAPI/2.0
> WWW-Authenticate: NTLM
> {deleted encoded data}
> Date: Wed, 09 Sep 2020 18:38:29 GMT
> Connection: close
> Content-Length: 341
>
> On Wed, Sep 9, 2020 at 12:42 PM Felix Schumacher
> <felix.schumac...@internetallee.de
> <mailto:felix.schumac...@internetallee.de>> wrote:
>
>
> Am 09.09.20 um 16:35 schrieb SAS:
> > *Here are request headers: I have deleted the value of
> authorization for
> > security reasons.*
> >
> > Connection: close
> > Authorization: NTLM {Deleted the value here}
> This is good, as it shows, that the client has sent some
> credentials.
> > Accept-Language: en-US,en;q=0.5
> > Host: corportaluat.corp.xxxxxx.com
> <http://corportaluat.corp.xxxxxx.com>
> > Upgrade-Insecure-Requests: 1
> > Accept-Encoding: gzip, deflate, br
> > User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:68.0)
> > Gecko/20100101 Firefox/68.0
> > Accept:
> text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
> >
> > *Here are response headers:*
>
> But the below lines are not the response headers. That was the
> response
> data.
>
> Do you have access to the server you are contacting? It might
> be easier
> to look for the headers there (or the absence).
>
> If you don't have access, or it is not possible to look at the
> headers
> there, you can try to start JMeter with the java option
> *-Djavax.net.debug=all*
>
> I think it will log into the console. It should print out all
> network
> traffic, that is routed through JMeter, so it might be quite a
> lot. Have
> a look for the headers there, too.
>
> Note, I haven't tried NTLM authentication together with the proxy
> feature. I think it should work, but I can't tell for sure.
> **
>
> Felix
>
> >
> > <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""
> > http://www.w3.org/TR/html4/strict.dtd";>
> > <HTML><HEAD><TITLE>Not Authorized</TITLE>
> > <META HTTP-EQUIV="Content-Type" Content="text/html;
> > charset=us-ascii"></HEAD>
> > <BODY><h2>Not Authorized</h2>
> > <hr><p>HTTP Error 401. The requested resource requires user
> > authentication.</p>
> > </BODY></HTML>
> >
> > I am giving valid credentials and still it says, not authorized.
> >
> >
> > On Wed, Sep 9, 2020 at 9:50 AM Felix Schumacher <
> > felix.schumac...@internetallee.de
> <mailto:felix.schumac...@internetallee.de>> wrote:
> >
> >> Am 09.09.20 um 14:58 schrieb SAS:
> >>> I am not creating manual HTTP requests to add
> authentication manually.
> >>>
> >>> The issue I am facing is happening during the recording
> process.
> >> shouldn't
> >>> the tool automatically detect the authentication and pass
> through this
> >>> step?
> >> JMeter acts as a proxy and doesn't care about the
> authentication
> >> mechanism of the website you are using.
> >>
> >> To help you here, we probably need more information on the
> headers, that
> >> your client sends and that the webserver is replying with.
> If you
> >> started your test plan (and the proxy) from the template
> "Recording with
> >> think time" (which I recommend), than you will find all the
> requests in
> >> the View Results Tree element under the HTTP(s) Test Script
> Recorder.
> >>
> >> Have a look at the headers and if you can, show them to us.
> Most
> >> interesting will be the headers that are named
> Authorization and
> >> WWW-Authenticate.
> >>
> >> Note, that the value of the Authorization header includes your
> >> credentials, so replace them with something safe.
> >>
> >> Also note, that JMeter will not extract your credentials
> from the
> >> headers. You have to insert those into the test plan by
> hand after the
> >> recording has finished. But I understood that this is not
> your problem.
> >>
> >> Felix
> >>
> >>> Thanks,
> >>> Sastry
> >>>
> >>> On Wed, Sep 9, 2020 at 1:06 AM Amit Dhumal
> <amitdhumal...@gmail.com <mailto:amitdhumal...@gmail.com>>
> >> wrote:
> >>>> Please verify the type of authentication in HTTP request
> header. In
> >> case of
> >>>> NTLM authentication please follow steps as per:
> >>>>
> https://www.blazemeter.com/blog/windows-authentication-apache-jmeter
> >>>>
> >>>> On Wed, Sep 9, 2020 at 9:18 AM SAS <sastry...@gmail.com
> <mailto:sastry...@gmail.com>> wrote:
> >>>>
> >>>>>> Hi,
> >>>>>>
> >>>>>> I am trying to record the script using JMeter for a web
> application
> >>>> that
> >>>>>> has windows authentication enabled. I have setup a
> proxy in Firefox
> >>>> for
> >>>>>> recording purposes.
> >>>>>>
> >>>>>> However, when I tried recording the script,
> "Authentication required"
> >>>>>> message kept popping up even after I provided valid
> credentials. If I
> >>>>> hit
> >>>>>> cancel on the popup message, I see the "401
> Unauthorized" message.
> >>>>>>
> >>>>>> Please note, it happens only during recording. I am
> able to
> >>>> successfully
> >>>>>> login to the website when I was not recording.
> >>>>>>
> >>>>>> Please let me know how we can resolve this-
> >>>>>>
> >>>>>>
> >>>>>> Thanks
> >>>>>> SASTRY
> >>>>>>
> >>>> --
> >>>> Thanks & Regards,
> >>>> Amit Dhumal
> >>>>
> >>
> ---------------------------------------------------------------------
> >> To unsubscribe, e-mail: user-unsubscr...@jmeter.apache.org
> <mailto:user-unsubscr...@jmeter.apache.org>
> >> For additional commands, e-mail:
> user-h...@jmeter.apache.org <mailto:user-h...@jmeter.apache.org>
> >>
> >>
>
>
>
> --
>
>
> Thanks
> SASTRY
>
>
>
> --
>
>
> Thanks
> SASTRY
<?xml version="1.0" encoding="UTF-8"?>
<jmeterTestPlan version="1.2" properties="5.0" jmeter="5.3.1-SNAPSHOT b34ba26">
<hashTree>
<TestPlan guiclass="TestPlanGui" testclass="TestPlan" testname="Test Plan" enabled="true">
<stringProp name="TestPlan.comments"></stringProp>
<boolProp name="TestPlan.functional_mode">false</boolProp>
<boolProp name="TestPlan.serialize_threadgroups">false</boolProp>
<elementProp name="TestPlan.user_defined_variables" elementType="Arguments" guiclass="ArgumentsPanel" testclass="Arguments" testname="User Defined Variables" enabled="true">
<collectionProp name="Arguments.arguments"/>
</elementProp>
<stringProp name="TestPlan.user_define_classpath"></stringProp>
</TestPlan>
<hashTree>
<Arguments guiclass="ArgumentsPanel" testclass="Arguments" testname="User Defined Variables" enabled="true">
<collectionProp name="Arguments.arguments"/>
</Arguments>
<hashTree/>
<ConfigTestElement guiclass="HttpDefaultsGui" testclass="ConfigTestElement" testname="HTTP Request Defaults" enabled="true">
<elementProp name="HTTPsampler.Arguments" elementType="Arguments" guiclass="HTTPArgumentsPanel" testclass="Arguments" testname="User Defined Variables" enabled="true">
<collectionProp name="Arguments.arguments"/>
</elementProp>
<stringProp name="HTTPSampler.domain"></stringProp>
<stringProp name="HTTPSampler.port"></stringProp>
<stringProp name="HTTPSampler.protocol"></stringProp>
<stringProp name="HTTPSampler.contentEncoding"></stringProp>
<stringProp name="HTTPSampler.path"></stringProp>
<stringProp name="HTTPSampler.concurrentPool">6</stringProp>
<stringProp name="HTTPSampler.connect_timeout"></stringProp>
<stringProp name="HTTPSampler.response_timeout"></stringProp>
</ConfigTestElement>
<hashTree/>
<CookieManager guiclass="CookiePanel" testclass="CookieManager" testname="HTTP Cookie Manager" enabled="true">
<collectionProp name="CookieManager.cookies"/>
<boolProp name="CookieManager.clearEachIteration">false</boolProp>
<boolProp name="CookieManager.controlledByThreadGroup">false</boolProp>
</CookieManager>
<hashTree/>
<ThreadGroup guiclass="ThreadGroupGui" testclass="ThreadGroup" testname="Thread Group" enabled="true">
<stringProp name="ThreadGroup.on_sample_error">continue</stringProp>
<elementProp name="ThreadGroup.main_controller" elementType="LoopController" guiclass="LoopControlPanel" testclass="LoopController" testname="Loop Controller" enabled="true">
<boolProp name="LoopController.continue_forever">false</boolProp>
<stringProp name="LoopController.loops">1</stringProp>
</elementProp>
<stringProp name="ThreadGroup.num_threads">1</stringProp>
<stringProp name="ThreadGroup.ramp_time">1</stringProp>
<longProp name="ThreadGroup.start_time">1370726934000</longProp>
<longProp name="ThreadGroup.end_time">1370726934000</longProp>
<boolProp name="ThreadGroup.scheduler">false</boolProp>
<stringProp name="ThreadGroup.duration"></stringProp>
<stringProp name="ThreadGroup.delay"></stringProp>
<boolProp name="ThreadGroup.same_user_on_next_iteration">true</boolProp>
</ThreadGroup>
<hashTree>
<RecordingController guiclass="RecordController" testclass="RecordingController" testname="Recording Controller" enabled="true"/>
<hashTree>
<AuthManager guiclass="AuthPanel" testclass="AuthManager" testname="HTTP Authorization Manager" enabled="true">
<collectionProp name="AuthManager.auth_list">
<elementProp name="" elementType="Authorization">
<stringProp name="Authorization.url">http://localhost:8081/</stringProp>
<stringProp name="Authorization.username">${AUTH_LOGIN}</stringProp>
<stringProp name="Authorization.password">${AUTH_PASSWORD}</stringProp>
<stringProp name="Authorization.domain"></stringProp>
<stringProp name="Authorization.realm"></stringProp>
<stringProp name="Authorization.mechanism">KERBEROS</stringProp>
</elementProp>
</collectionProp>
<boolProp name="AuthManager.controlledByThreadGroup">false</boolProp>
</AuthManager>
<hashTree/>
</hashTree>
</hashTree>
<ResultCollector guiclass="ViewResultsFullVisualizer" testclass="ResultCollector" testname="View Results Tree" enabled="true">
<boolProp name="ResultCollector.error_logging">false</boolProp>
<objProp>
<name>saveConfig</name>
<value class="SampleSaveConfiguration">
<time>true</time>
<latency>true</latency>
<timestamp>true</timestamp>
<success>true</success>
<label>true</label>
<code>true</code>
<message>true</message>
<threadName>true</threadName>
<dataType>false</dataType>
<encoding>false</encoding>
<assertions>true</assertions>
<subresults>false</subresults>
<responseData>false</responseData>
<samplerData>false</samplerData>
<xml>false</xml>
<fieldNames>true</fieldNames>
<responseHeaders>false</responseHeaders>
<requestHeaders>false</requestHeaders>
<responseDataOnError>true</responseDataOnError>
<saveAssertionResultsFailureMessage>true</saveAssertionResultsFailureMessage>
<assertionsResultsToSave>0</assertionsResultsToSave>
<bytes>true</bytes>
<hostname>true</hostname>
<threadCounts>true</threadCounts>
<sampleCount>true</sampleCount>
</value>
</objProp>
<stringProp name="filename"></stringProp>
</ResultCollector>
<hashTree/>
<ProxyControl guiclass="ProxyControlGui" testclass="ProxyControl" testname="HTTP(S) Test Script Recorder" enabled="false">
<stringProp name="ProxyControlGui.port">8888</stringProp>
<collectionProp name="ProxyControlGui.exclude_list">
<stringProp name="1179605444">(?i).*\.(bmp|css|js|gif|ico|jpe?g|png|swf|eot|otf|ttf|mp4|woff|woff2)</stringProp>
<stringProp name="-88591710">www\.download\.windowsupdate\.com.*</stringProp>
<stringProp name="1206954446">tiles.*\.mozilla\.com.*</stringProp>
<stringProp name="-1424663473">.*detectportal\.firefox\.com.*</stringProp>
<stringProp name="-1899150273">api\.bing\.com.*</stringProp>
<stringProp name="-192420923">.*yimg\.com.*</stringProp>
<stringProp name="305776760">(?i).*\.(bmp|css|js|gif|ico|jpe?g|png|swf|eot|otf|ttf|mp4|woff|woff2)[\?;].*</stringProp>
<stringProp name="2118375536">www\.google-analytics\.com.*</stringProp>
<stringProp name="-1314416226">sqm\.microsoft\.com.*</stringProp>
<stringProp name="11072252">.*toolbar\.yahoo\.com.*</stringProp>
<stringProp name="1726898318">geo\.yahoo\.com.*</stringProp>
<stringProp name="805311387">windowsupdate\.microsoft\.com.*</stringProp>
<stringProp name="1658855950">.*toolbar\.live\.com.*</stringProp>
<stringProp name="110431874">.*msg\.yahoo\.com.*</stringProp>
<stringProp name="1323576868">toolbarqueries\.google\..*</stringProp>
<stringProp name="1739087931">http?://self-repair\.mozilla\.org.*</stringProp>
<stringProp name="1779943373">us\.update\.toolbar\.yahoo\.com.*</stringProp>
<stringProp name="-190610036">.*\.google\.com.*/safebrowsing/.*</stringProp>
<stringProp name="-958112859">toolbar\.google\.com.*</stringProp>
<stringProp name="-576820688">toolbar\.msn\.com.*</stringProp>
<stringProp name="-1435252351">toolbar\.avg\.com/.*</stringProp>
<stringProp name="1193216536">update\.microsoft\.com.*</stringProp>
<stringProp name="-1279148329">pgq\.yahoo\.com.*</stringProp>
<stringProp name="1815174768">safebrowsing.*\.google\.com.*</stringProp>
<stringProp name="587935979">g\.msn.*</stringProp>
<stringProp name="1629558731">clients.*\.google.*</stringProp>
</collectionProp>
<collectionProp name="ProxyControlGui.include_list"/>
<boolProp name="ProxyControlGui.capture_http_headers">true</boolProp>
<intProp name="ProxyControlGui.grouping_mode">4</intProp>
<boolProp name="ProxyControlGui.add_assertion">false</boolProp>
<stringProp name="ProxyControlGui.sampler_type_name"></stringProp>
<boolProp name="ProxyControlGui.sampler_redirect_automatically">false</boolProp>
<boolProp name="ProxyControlGui.sampler_follow_redirects">true</boolProp>
<boolProp name="ProxyControlGui.use_keepalive">true</boolProp>
<boolProp name="ProxyControlGui.sampler_download_images">false</boolProp>
<boolProp name="ProxyControlGui.regex_match">true</boolProp>
<stringProp name="ProxyControlGui.content_type_include"></stringProp>
<stringProp name="ProxyControlGui.content_type_exclude"></stringProp>
<boolProp name="ProxyControlGui.notify_child_sl_filtered">false</boolProp>
<stringProp name="ProxyControlGui.proxy_prefix_http_sampler_name">trans</stringProp>
<intProp name="ProxyControlGui.proxy_http_sampler_naming_mode">1</intProp>
<stringProp name="ProxyControlGui.proxy_pause_http_sampler"></stringProp>
<stringProp name="ProxyControlGui.default_encoding">UTF-8</stringProp>
</ProxyControl>
<hashTree>
<UniformRandomTimer guiclass="UniformRandomTimerGui" testclass="UniformRandomTimer" testname="Uniform Random Timer" enabled="true">
<stringProp name="ConstantTimer.delay">${T}</stringProp>
<stringProp name="RandomTimer.range">100.0</stringProp>
</UniformRandomTimer>
<hashTree/>
<ResultCollector guiclass="ViewResultsFullVisualizer" testclass="ResultCollector" testname="View Results Tree" enabled="true">
<boolProp name="ResultCollector.error_logging">false</boolProp>
<objProp>
<name>saveConfig</name>
<value class="SampleSaveConfiguration">
<time>true</time>
<latency>true</latency>
<timestamp>true</timestamp>
<success>true</success>
<label>true</label>
<code>true</code>
<message>true</message>
<threadName>true</threadName>
<dataType>true</dataType>
<encoding>true</encoding>
<assertions>true</assertions>
<subresults>true</subresults>
<responseData>true</responseData>
<samplerData>true</samplerData>
<xml>true</xml>
<fieldNames>false</fieldNames>
<responseHeaders>true</responseHeaders>
<requestHeaders>true</requestHeaders>
<responseDataOnError>true</responseDataOnError>
<saveAssertionResultsFailureMessage>true</saveAssertionResultsFailureMessage>
<assertionsResultsToSave>0</assertionsResultsToSave>
<bytes>true</bytes>
<url>true</url>
<fileName>true</fileName>
<hostname>true</hostname>
<threadCounts>true</threadCounts>
<sampleCount>true</sampleCount>
<idleTime>true</idleTime>
<connectTime>true</connectTime>
</value>
</objProp>
<stringProp name="filename">recording.xml</stringProp>
</ResultCollector>
<hashTree/>
</hashTree>
<HttpMirrorControl guiclass="HttpMirrorControlGui" testclass="HttpMirrorControl" testname="HTTP Mirror Server" enabled="true">
<stringProp name="HttpMirrorControlGui.port">8081</stringProp>
<stringProp name="HttpMirrorControlGui.maxPoolSize">0</stringProp>
<stringProp name="HttpMirrorControlGui.maxQueueSize">25</stringProp>
</HttpMirrorControl>
<hashTree/>
</hashTree>
</hashTree>
</jmeterTestPlan>
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscr...@jmeter.apache.org
For additional commands, e-mail: user-h...@jmeter.apache.org
