Hi Team,
I am facing 401 unauthorized error for Kerberos authentication (spnego) using JMeter. For JMeter Kerberos setup - I have configured krb5.conf, jaas.conf and system properties of Jmeter. Also added domain and realm to the HTTP Authorization Manager yet getting authentication issues. I have also enabled the Kerberos for the browser and able to record the scenarios but getting as SPNEGO authentication not supported in the recorded response code. Please help me with the steps to set up Jmeter for Kerberos authentication and suggestions to resolve the issue Regards, Akhilekhya Avantsa, Test Analyst, Infosys Ltd, India +91 8639828304. |
Am 17.11.20 um 20:23 schrieb Akhilekhya Avantsa: > Hi Team, > > I am facing 401 unauthorized error for Kerberos authentication (spnego) using JMeter. > > For JMeter Kerberos setup - I have configured krb5.conf, jaas.conf and system properties of Jmeter. Also added domain and realm to the HTTP Authorization Manager yet getting authentication issues. Can you give us more details? Always remember, we can't see you setup and have to guess what you mean by configured X or added Y. There are tons of ways to configure something and not all are correct. Are there any Kerberos/auth/SPNEGO related messages in jmeter.log? What are the headers looking like in the request/responses? I often stumble upon configuring the wrong paths for krb5.conf or jaas.conf, especially when using relative paths. If there are not enough log messages to help me, I try to tell Java to give me more. Try to add 'debug = true' to jaas.conf and/or |add -Dsun.security.krb5.debug=true to the environment variable JVM_ARGS.| Felix > I have also enabled the Kerberos for the browser and able to record the scenarios but getting as SPNEGO authentication not supported in the recorded response code. > > Please help me with the steps to set up Jmeter for Kerberos authentication and suggestions to resolve the issue. || > > > Regards, > Akhilekhya Avantsa, > Test Analyst, > Infosys Ltd, India > +91 8639828304. > |
Hi Felix,
Thank you for the prompt response. I have recorded a script for launching the SSO application of type Kerberos/Spnego authentication.(automatically logins when the application is launched) and captured the logs for the same. Attached folder contains the JMeter log file, logs captured while recording , the properties and configuration files I modified and the error screenshots. Please validate and suggest me if any changes required to achieve successful Kerberos authentication for the script. Thanks & Regards, Akhilekhya Avantsa, Test Analyst, Infosys Ltd, India +91 8639828304. -----Original Message----- From: Felix Schumacher <[hidden email]> Sent: Wednesday, November 18, 2020 4:06 PM To: [hidden email] Subject: Re: Kerberos/Spnego authentication Issues [**EXTERNAL EMAIL**] Am 17.11.20 um 20:23 schrieb Akhilekhya Avantsa: > Hi Team, > > I am facing 401 unauthorized error for Kerberos authentication (spnego) using JMeter. > > For JMeter Kerberos setup - I have configured krb5.conf, jaas.conf and system properties of Jmeter. Also added domain and realm to the HTTP Authorization Manager yet getting authentication issues. Can you give us more details? Always remember, we can't see you setup and have to guess what you mean by configured X or added Y. There are tons of ways to configure something and not all are correct. Are there any Kerberos/auth/SPNEGO related messages in jmeter.log? What are the headers looking like in the request/responses? I often stumble upon configuring the wrong paths for krb5.conf or jaas.conf, especially when using relative paths. If there are not enough log messages to help me, I try to tell Java to give me more. Try to add 'debug = true' to jaas.conf and/or |add -Dsun.security.krb5.debug=true to the environment variable JVM_ARGS.| Felix > I have also enabled the Kerberos for the browser and able to record the scenarios but getting as SPNEGO authentication not supported in the recorded response code. > > Please help me with the steps to set up Jmeter for Kerberos > authentication and suggestions to resolve the issue. || > > > Regards, > Akhilekhya Avantsa, > Test Analyst, > Infosys Ltd, India > +91 8639828304. > --------------------------------------------------------------------- To unsubscribe, e-mail: [hidden email] For additional commands, e-mail: [hidden email] |
Am 18.11.20 um 14:49 schrieb Akhilekhya Avantsa: > Hi Felix, > > Thank you for the prompt response. > > I have recorded a script for launching the SSO application of type Kerberos/Spnego authentication.(automatically logins when the application is launched) and captured the logs for the same. > > Attached folder contains the JMeter log file, logs captured while recording , the properties and configuration files I modified and the error screenshots. > > Please validate and suggest me if any changes required to achieve successful Kerberos authentication for the script. The jmeter.log file seems to be the one, that was written when recording. That is not so interesting to me :) The file 'Logs captured while recording the script.txt' seems to be the file, that contains the logs from the actual run and not the recording. In that file, you will find some lines like: Caused by: java.lang.SecurityException: java.io.IOException: jaas.conf (No such file or directory) and that indicates to me, that you should either put a absolute filename to point to your jaas.conf or start JMeter from the correct directory (the one, which contains jaas.conf (or the other way round, if you prefer)). Another problematic line from the log is: 2020-11-18 18:48:17,727 WARN o.a.j.p.h.c.KerberosManager: Execution of getting subject for ${AUTH_LOGIN} failed That indicates, that JMeter could not find a valid JMeter variable named AUTH_LOGIN. In such cases, JMeter will return the original value of the expression, which was ${AUTH_LOGIN}. The screenshot of the response-headers show, that your server is returning the correct header to initiate the SPNEGO authentication, but first you have to correct the two things about jaas.conf and AUTH_LOGIN. Felix > > Thanks & Regards, > Akhilekhya Avantsa, > Test Analyst, > Infosys Ltd, India > +91 8639828304. > > -----Original Message----- > From: Felix Schumacher <[hidden email]> > Sent: Wednesday, November 18, 2020 4:06 PM > To: [hidden email] > Subject: Re: Kerberos/Spnego authentication Issues > > [**EXTERNAL EMAIL**] > > Am 17.11.20 um 20:23 schrieb Akhilekhya Avantsa: >> Hi Team, >> >> I am facing 401 unauthorized error for Kerberos authentication (spnego) using JMeter. >> >> For JMeter Kerberos setup - I have configured krb5.conf, jaas.conf and system properties of Jmeter. Also added domain and realm to the HTTP Authorization Manager yet getting authentication issues. > Can you give us more details? Always remember, we can't see you setup and have to guess what you mean by configured X or added Y. There are tons of ways to configure something and not all are correct. > > Are there any Kerberos/auth/SPNEGO related messages in jmeter.log? What are the headers looking like in the request/responses? > > I often stumble upon configuring the wrong paths for krb5.conf or jaas.conf, especially when using relative paths. > > If there are not enough log messages to help me, I try to tell Java to give me more. Try to add 'debug = true' to jaas.conf and/or |add -Dsun.security.krb5.debug=true to the environment variable JVM_ARGS.| > > Felix > >> I have also enabled the Kerberos for the browser and able to record the scenarios but getting as SPNEGO authentication not supported in the recorded response code. >> >> Please help me with the steps to set up Jmeter for Kerberos >> authentication and suggestions to resolve the issue. || >> >> >> Regards, >> Akhilekhya Avantsa, >> Test Analyst, >> Infosys Ltd, India >> +91 8639828304. >> >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: [hidden email] >> For additional commands, e-mail: [hidden email] |
Hi Felix,
Thanks for your reply. I was able to resolve below errors occurred in previous log file with the work arounds you mentioned. But currently, I could see an error in log file as below. Attached is the detailed log file capture during script reply 2020-11-23 16:59:05,391 WARN o.a.j.p.h.c.KerberosManager: Could not log in user iqxja64 -->(username) javax.security.auth.login.LoginException: Client not found in Kerberos database (6) Please let me know if I need to configure anything in properties file or kerberos config files. Is any login configuration file or the prinicipal name to be added? Regards, Akhilekhya Avantsa, Test Analyst, Infosys Ltd, India +91 8639828304. -----Original Message----- From: Felix Schumacher <[hidden email]> Sent: Wednesday, November 18, 2020 8:00 PM To: [hidden email] Subject: Re: Kerberos/Spnego authentication Issues [**EXTERNAL EMAIL**] Am 18.11.20 um 14:49 schrieb Akhilekhya Avantsa: > Hi Felix, > > Thank you for the prompt response. > > I have recorded a script for launching the SSO application of type Kerberos/Spnego authentication.(automatically logins when the application is launched) and captured the logs for the same. > > Attached folder contains the JMeter log file, logs captured while recording , the properties and configuration files I modified and the error screenshots. > > Please validate and suggest me if any changes required to achieve successful Kerberos authentication for the script. The jmeter.log file seems to be the one, that was written when recording. That is not so interesting to me :) The file 'Logs captured while recording the script.txt' seems to be the file, that contains the logs from the actual run and not the recording. In that file, you will find some lines like: Caused by: java.lang.SecurityException: java.io.IOException: jaas.conf (No such file or directory) and that indicates to me, that you should either put a absolute filename to point to your jaas.conf or start JMeter from the correct directory (the one, which contains jaas.conf (or the other way round, if you prefer)). Another problematic line from the log is: 2020-11-18 18:48:17,727 WARN o.a.j.p.h.c.KerberosManager: Execution of getting subject for ${AUTH_LOGIN} failed That indicates, that JMeter could not find a valid JMeter variable named AUTH_LOGIN. In such cases, JMeter will return the original value of the expression, which was ${AUTH_LOGIN}. The screenshot of the response-headers show, that your server is returning the correct header to initiate the SPNEGO authentication, but first you have to correct the two things about jaas.conf and AUTH_LOGIN. Felix > > Thanks & Regards, > Akhilekhya Avantsa, > Test Analyst, > Infosys Ltd, India > +91 8639828304. > > -----Original Message----- > From: Felix Schumacher <[hidden email]> > Sent: Wednesday, November 18, 2020 4:06 PM > To: [hidden email] > Subject: Re: Kerberos/Spnego authentication Issues > > [**EXTERNAL EMAIL**] > > Am 17.11.20 um 20:23 schrieb Akhilekhya Avantsa: >> Hi Team, >> >> I am facing 401 unauthorized error for Kerberos authentication (spnego) using JMeter. >> >> For JMeter Kerberos setup - I have configured krb5.conf, jaas.conf and system properties of Jmeter. Also added domain and realm to the HTTP Authorization Manager yet getting authentication issues. > Can you give us more details? Always remember, we can't see you setup and have to guess what you mean by configured X or added Y. There are tons of ways to configure something and not all are correct. > > Are there any Kerberos/auth/SPNEGO related messages in jmeter.log? What are the headers looking like in the request/responses? > > I often stumble upon configuring the wrong paths for krb5.conf or jaas.conf, especially when using relative paths. > > If there are not enough log messages to help me, I try to tell Java to > give me more. Try to add 'debug = true' to jaas.conf and/or |add > -Dsun.security.krb5.debug=true to the environment variable JVM_ARGS.| > > Felix > >> I have also enabled the Kerberos for the browser and able to record the scenarios but getting as SPNEGO authentication not supported in the recorded response code. >> >> Please help me with the steps to set up Jmeter for Kerberos >> authentication and suggestions to resolve the issue. || >> >> >> Regards, >> Akhilekhya Avantsa, >> Test Analyst, >> Infosys Ltd, India >> +91 8639828304. >> >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: [hidden email] >> For additional commands, e-mail: [hidden email] --------------------------------------------------------------------- To unsubscribe, e-mail: [hidden email] For additional commands, e-mail: [hidden email] |
Am 23.11.20 um 14:25 schrieb Akhilekhya Avantsa: > Hi Felix, > > Thanks for your reply. I was able to resolve below errors occurred in previous log file with the work arounds you mentioned. > > But currently, I could see an error in log file as below. Attached is the detailed log file capture during script reply > > 2020-11-23 16:59:05,391 WARN o.a.j.p.h.c.KerberosManager: Could not log in user iqxja64 -->(username) > javax.security.auth.login.LoginException: Client not found in Kerberos database (6) Have you checked, that iqxja64 is a valid user (and has the password you use) in the domain of your choosing? If your user (iqxja64) is not in the default domain you specified in HTTP Authorization Manager, you could try to specify a user with a domain added, for example [hidden email] As you used a variable for the user in the authorization manager, you could add the @MY.DOMAIN.INVALID to the field where you used "${AUTH_USER}", that is "${AUTH_USER}@MY.DOMAIN.INVALID". If you enabled debug logs for kerberos, as I described before, you should get more log messages (may be on STDOUT, only). Felix > > Please let me know if I need to configure anything in properties file or kerberos config files. Is any login configuration file or the prinicipal name to be added? > > Regards, > Akhilekhya Avantsa, > Test Analyst, > Infosys Ltd, India > +91 8639828304. > > -----Original Message----- > From: Felix Schumacher <[hidden email]> > Sent: Wednesday, November 18, 2020 8:00 PM > To: [hidden email] > Subject: Re: Kerberos/Spnego authentication Issues > > [**EXTERNAL EMAIL**] > > Am 18.11.20 um 14:49 schrieb Akhilekhya Avantsa: >> Hi Felix, >> >> Thank you for the prompt response. >> >> I have recorded a script for launching the SSO application of type Kerberos/Spnego authentication.(automatically logins when the application is launched) and captured the logs for the same. >> >> Attached folder contains the JMeter log file, logs captured while recording , the properties and configuration files I modified and the error screenshots. >> >> Please validate and suggest me if any changes required to achieve successful Kerberos authentication for the script. > The jmeter.log file seems to be the one, that was written when recording. That is not so interesting to me :) > > The file 'Logs captured while recording the script.txt' seems to be the file, that contains the logs from the actual run and not the recording. > In that file, you will find some lines like: > > Caused by: java.lang.SecurityException: java.io.IOException: jaas.conf (No such file or directory) > > and that indicates to me, that you should either put a absolute filename to point to your jaas.conf or start JMeter from the correct directory (the one, which contains jaas.conf (or the other way round, if you prefer)). > > Another problematic line from the log is: > > 2020-11-18 18:48:17,727 WARN o.a.j.p.h.c.KerberosManager: Execution of getting subject for ${AUTH_LOGIN} failed > > That indicates, that JMeter could not find a valid JMeter variable named AUTH_LOGIN. In such cases, JMeter will return the original value of the expression, which was ${AUTH_LOGIN}. > > The screenshot of the response-headers show, that your server is returning the correct header to initiate the SPNEGO authentication, but first you have to correct the two things about jaas.conf and AUTH_LOGIN. > > Felix > >> Thanks & Regards, >> Akhilekhya Avantsa, >> Test Analyst, >> Infosys Ltd, India >> +91 8639828304. >> >> -----Original Message----- >> From: Felix Schumacher <[hidden email]> >> Sent: Wednesday, November 18, 2020 4:06 PM >> To: [hidden email] >> Subject: Re: Kerberos/Spnego authentication Issues >> >> [**EXTERNAL EMAIL**] >> >> Am 17.11.20 um 20:23 schrieb Akhilekhya Avantsa: >>> Hi Team, >>> >>> I am facing 401 unauthorized error for Kerberos authentication (spnego) using JMeter. >>> >>> For JMeter Kerberos setup - I have configured krb5.conf, jaas.conf and system properties of Jmeter. Also added domain and realm to the HTTP Authorization Manager yet getting authentication issues. >> Can you give us more details? Always remember, we can't see you setup and have to guess what you mean by configured X or added Y. There are tons of ways to configure something and not all are correct. >> >> Are there any Kerberos/auth/SPNEGO related messages in jmeter.log? What are the headers looking like in the request/responses? >> >> I often stumble upon configuring the wrong paths for krb5.conf or jaas.conf, especially when using relative paths. >> >> If there are not enough log messages to help me, I try to tell Java to >> give me more. Try to add 'debug = true' to jaas.conf and/or |add >> -Dsun.security.krb5.debug=true to the environment variable JVM_ARGS.| >> >> Felix >> >>> I have also enabled the Kerberos for the browser and able to record the scenarios but getting as SPNEGO authentication not supported in the recorded response code. >>> >>> Please help me with the steps to set up Jmeter for Kerberos >>> authentication and suggestions to resolve the issue. || >>> >>> >>> Regards, >>> Akhilekhya Avantsa, >>> Test Analyst, >>> Infosys Ltd, India >>> +91 8639828304. >>> >>> >>> --------------------------------------------------------------------- >>> To unsubscribe, e-mail: [hidden email] >>> For additional commands, e-mail: [hidden email] >>> >>> --------------------------------------------------------------------- >>> To unsubscribe, e-mail: [hidden email] >>> For additional commands, e-mail: [hidden email] |
Free forum by Nabble | Edit this page |