I am using JMeter to load test some pages that reside in a SharePoint 2007 Site. The farm that contains the pages resides in a different domain than the machine running the test, and uses Windows Authenticiation. The connection to the server is over an unencrypted (non-SSL) connection. Because of this, I need to pass login credentials to the server.
How do I configure JMeter to login to the server using windows authentication?
make sure to use http sampler=JAVA
Try this
Edit based on the reply: new link
Scroll down to the Parameters section,
Username The username to authorize.
Password The password for the user.
Domain The domain to use for NTLM.
Realm The realm to use for NTLM.
Add HTTP Authorization Manager to the Thread Group.
Using [domain]username[#realm] as your Windows login example.
BASE URL: [yourdomainurl]
USERNAME: [domain\username] <- UPPERCASE ONLY
PASSOWORD: [password]
This work for my case.
Related
I am looking for a simple way to create a "realm" within WAS 8.5. I am specifically looking for something similar to the APACHE realm system in which a user, upon first access to a site, is presented with a javaScript username / password dialog and, if authenticated, is allowed to use the site. In Tomcat, this is accomplished by modifying the tomcat-users.xml file, adding a username, passowrd and role. Any suggestions are appreciated.
In WebSphere it is already built in, you just need to configure repository from where you want to take users e.g internal file based, or LDAP.
Than you need to enable Application security via Global Security.
Check this page for more details Enabling security
I followed these steps to implement basic authentication. http://itcareergrowth.com/blog/2018/02/25/configuring-basic-authentication-in-web-sphere-application-server/#.WpQiSOdMGUk
I have to mention that I am new to IIS. I have a local IIS 8.5 on a windows server 2012 machine. When I enable the windows authentication (basic authentication is disabled), I can access and see the home page of IIS (http://localhost) with the credentials of a LDAP user in the same domain. However, when I enable basic authentication (windows authentication is disabled), I cannot access the home page with the same credentials I used for windows (The authentication pop up never goes away).
Shouldn't the same credentials work for both basic and windows authentication or basic authentication works differently ? If not, then how are the credentials validated in case of basic authentication ?
Note: Eventually I plan to write restlet java code to post resources using basic authentication.
So finally I got this problem solved. For Basic Authentication (click on edit), we need to set the default domain (realm is optional). Once I set the default domain, I could login using the LDAP user credentials.
I have a requirement like while login in liferay i have to initiate a domino session for that user. How about the possibilities and is there any work around.
thanks in advance.
Domino needs to be configured for SSO.
Liferay and Domino servers must share the same DNS Domain.
You need to create the LtpaToken cookie manually.
I achieved this by writing a custom com.liferay.portal.security.auth.Authenticator that intercepts the username and password (after the Liferay login) and tries to login on Domino via DIIOP.
lotus.domino.Session session = lotus.domino.NotesFactory.create(hostname, username, password);
If the login succeeds you can get the LtpaToken by calling session.getSessionToken();
Just put the token into a custom Cookie called LtpaToken by default which is valid for the DNS Domain your servers share.
Our website has been working and still works if we are connected to the LAN but now if someone is elsewhere and tries to connect, they are presented with the screen called "User Authentification" asking for a username and password. What could have changed?
The website is http://pc.bartselectric.com
It sounds like you have Windows Authentication enabled on the site.
When logged in to the Active Directory network, IE will automatically pass through your Windows credentials to the site.
When off the network, you have to manually enter your network credentials.
Check the authentication mode in your web config file is Authentication mode=Windows or some thing else
also check : IIS Authentication
I found out that it was the firewall that was stopping the traffic from the outside and they needed to have a username and password to get through the firewall and then it works great. Thank you for the suggestions.
We have a SQUID reverse proxy and a MOSS 2007 portal. All sites are using NTLM.
We cannot get it working with SQUID as a reverse proxy.
Any ideas where to start?
Can you switch to Kerberos instead of NTLM?
You're encountering the "Double-Hop Issue", whereby NTLM authentication cannot traverse proxies or servers.
This is outlined at this location:
http://blogs.msdn.com/knowledgecast/archive/2007/01/31/the-double-hop-problem.aspx
And over here:
http://support.microsoft.com/default.aspx?scid=kb;en-us;329986
Double-Hop Issue
The double-hop issue is when the ASPX page tries to use resources that are located on a server that is different from the IIS server. In our case, the first "hop" is from the web browser client to the IIS ASPX page; the second hop is to the AD. The AD requires a primary token. Therefore, the IIS server must know the password for the client to pass a primary token to the AD. If the IIS server has a secondary token, the NTAUTHORITY\ANONYMOUS account credentials are used. This account is not a domain account and has very limited access to the AD.
The double-hop using a secondary token occurs, for example, when the browser client is authenticated to the IIS ASPX page by using NTLM authentication. In this example, the IIS server has a hashed version of the password as a result of using NTLM. If IIS turns around and passes the credentials to the AD, IIS is passing a hashed password. The AD cannot verify the password and, instead, authenticates by using the NTAUTHORITY\ANONYMOUS LOGON.
On the other hand, if your browser client is authenticated to the IIS ASPX page by using Basic authentication, the IIS server has the client password and can make a primary token to pass to the AD. The AD can verify the password and does authenticate as the domain user.
For more information, click the following article number to view the article in the Microsoft Knowledge Base:
264921 (http://support.microsoft.com/kb/264921/) How IIS authenticates browser clients
If switching to Kerberos is not an option, have you investigated the Squid NTLM project?
http://devel.squid-cache.org/ntlm/
you can use HAProxy for load balancing