Hello, In order to configure JMeter to use Kerberos/SPNEGO authentication , we have done the below configurations :
1. In the "jaas.conf" file present in the bin folder for apache JMeter we added the details for keytab and principal 2. Also, the other properties that we set were use "keytab=true, storekey=true and isInitator-=false".In short, the jaas.conf in JMeter contains the same details as contained by our jaas.conf present on our server. 3. We have configured the "krb5.conf" as mentioned in the JMeter help guide.The krb5.conf contains the same details as the krb5.conf on our server. 4. In the "system.properties"we uncommented the properties "java.security.krb5.conf & java.security.auth.login.config" .We modified these file paths to use absolute location of jaas.conf and krb5.conf present in the bin folder of apache JMeter. 5. In the "user.properties" file we uncommented the three properties "kerberos_jaas_application=JMeter, kerberos.spnego.strip_port=true and kerberos.spnego.delegate_cred=false." When we send a REST request to our application using the appropriate settings in the HTTP authentication manager via Jmeter, we observe in our application logs that the authentication header has the value null and we are getting the username as "tomcat". When we hit the REST url through a browser, in our application logs we see that the authentication header starts with "Negotiate" and our correct username is picked. Thanks/ Best Regards/ Mit freundlichen Grüßen, Chandan Dembla -- Knorr-Bremse Technology Center India Pvt. Ltd Survey No. 276, Village Mann, Hinjawadi, Phase-II, Tal Mulshi, Pune - 411057, Maharashtra, India Phone: +91-20-39959028 Mobile: +91-9922111920 Fax: +91 20 3914 7099 mailto: [email protected]<mailto:[email protected]> http://www.knorr-bremse.com<http://www.knorr-bremse.com/> This transmission is intended solely for the addressee and contains confidential information. If you are not the intended recipient, please immediately inform the sender and delete the message and any attachments from your system. Furthermore, please do not copy the message or disclose the contents to anyone unless agreed otherwise. To the extent permitted by law we shall in no way be liable for any damages, whatever their nature, arising out of transmission failures, viruses, external influence, delays and the like.
