1

I am getting HTTP-401 (Unauthorized) error for single sign-on (SSO) application which I am trying to test. I am passing HTTP Authorization Manager with following information: Username/Password/Domain/Mechanism(KERBEROS).

I am getting following response headers in "View Results Tree" listener:

HTTP/1.1 401 Unauthorized content-length: 11785 content-type: text/html date: Thu, 09 Nov 2017 21:55:38 GMT p3p: CP="NON CUR OTPi OUR NOR UNI" www-authenticate: Negotiate cache-control: no-cache pragma: no-cache Set-Cookie: PD-S-SESSION-ID=0_7Yn3C....Ra4+IsxI=; Path=/; Secure; HttpOnly

Can anybody help please?

Thanks, Krunal

kmodi85
  • 11
  • 2

1 Answers1

0

WWW-Authenticate header has several directives which determine authentication scheme.

Negotiate value may stand either for NTLM or for Kerberos so you need to add HTTP Authorization Manager to your Test Plan and configure it accordingly (you might need to contact your system administrator or application developers to get the correct details).

See Windows Authentication with Apache JMeter article for more details on bypassing NTLM and/or Kerberos authentication challenges in JMeter tests.

Community
  • 1
  • 1
Dmitri T
  • 159,985
  • 5
  • 83
  • 133
  • 1
    Hi Dmitri, thanks for your answer. I already had discussion with developers as well as server resources and I was told it’s not Kerberos. They use TAM WebSeal for authentication, not sure about NTLM. I tried HTTP Authorization Manager but I see 2 auth mechanisms - one is Basic and Digestive and another is Kerberos. If it is not Kerberos then I am left with basic and digestive method. I am not sure if it is NTLM then how would I handle it. Any thoughts? – kmodi85 Nov 14 '17 at 13:20