I'm relatively new to JMeter, but I am having a hard time getting an HTTP Sampler to land on a secured webpage. I think it requires NTLM authentication, so I used the HTTP Authorization Manager to pass credentials as specified in the BlazeMeter guide
My Authorization Manager has the following values:
Base URL: https:// [test site]
Username: [my user name]
Password: [my password]
Domain: Same as base URL
Mechanism: BASIC_DIGEST
However, I just get a 401 error (see Sampler Message below)
Thread Name: Thread Group 1-1
Sample Start: 2018-02-21 15:55:18 PST
Load time: 26
Connect Time: 0
Latency: 26
Size in bytes: 1602
Sent bytes:229
Headers size in bytes: 309
Body size in bytes: 1293
Sample Count: 1
Error Count: 1
Data type ("text"|"bin"|""): text
Response code: 401
Response message: 401
Response headers:
HTTP/1.1 401 401
Content-Type: text/html
Content-Language: en
Server: Microsoft-IIS/7.5
WWW-Authenticate: Negotiate
WWW-Authenticate: NTLM
WWW-Authenticate: Basic realm="BasicSecurityFilterProvider"
X-Powered-By: ASP.NET
Date: Wed, 21 Feb 2018 23:55:18 GMT
Connection: close
Content-Length: 1293
HTTPSampleResult fields:
ContentType: text/html
DataEncoding: iso-8859-1
I tried the following, but still get a 401 error. Any suggestions?
Changing all HTTP Request implementations to HTTPClient4
Setting httpclient4.auth.preemptive=true in the user.properties
Enable Use KeepAlive option
As per Windows Authentication with Apache JMeter guide you should replace Domain to not to be your base URL but rather Windows Domain name. As per the referenced guide:
Domain: should be “what you see in Windows Security pop-up” as this is what real browsers do. If you are uncertain you can type a fully qualified domain name into that field.
You can also figure out your domain name by running systeminfo command like:
systeminfo | find "Domain"
Related
I am getting "Response code 500 - Internal Server Error" for a performance test run in Apache J-Meter 4.0 for a recording of a simple test done over VPN. I am new to this tool and want to know how I can investigate this. As reference, I am mentioning the sampler result error that I am getting.
Sampler Result:
Thread Name: Thread Group 1-1
Sample Start: 2018-06-11 13:21:56 IST
Load time: 1941
Connect Time: 1700
Latency: 1941
Size in bytes: 2301
Sent bytes:2145
Headers size in bytes: 594
Body size in bytes: 1707
Sample Count: 1
Error Count: 1
Data type ("text"|"bin"|""): text
Response code: 500
Response message: Internal Server Error
Response headers:
HTTP/1.1 500 Internal Server Error
Date: Mon, 11 Jun 2018 07:51:58 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 1707
Connection: keep-alive
Set-Cookie: AWSALB=ZS1nnfJyJ+Wk5NEu/FmWGmiRWfEQPnfiywAN8b8f8De6AjOYDrh0nWRVVcsQeBanayjPnpp1IxhjK34EipQB4m/lsAZgdKJ4mgUDDS+Yep8atzWucMNdYTw0oIdB; Expires=Mon, 18 Jun 2018 07:51:58 GMT; Path=/
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept
Access-Control-Allow-Origin: *
Content-Security-Policy: default-src 'self'
Vary: X-HTTP-Method-Override
X-Content-Type-Options: nosniff
X-Powered-By: Express
HTTPSampleResult fields:
ContentType: text/html; charset=utf-8
DataEncoding: utf-8
In the majority of cases you will not be able to successfully replay recorded scenario without modifications.
Add HTTP Cookie Manager to your test plan
Detect all dynamic parameters and perform correlation
Also looking into AWSALB cookie my expectation is that your application under test "hides" behind Amazon Elastic Load Balancer so make sure to add DNS Cache Manager to your Test Plan.
If you still experience problems you can try catching the requests which is being sent by JMeter and by the real browser using a sniffer tool like Wireshark or Fiddler - the requests should be exactly the same (apart from dynamic parameters mentioned in point 2).
I am using JMeter 4.0 for recording & running performance tests. I am also fairly new to this tool and for the 1st time, I'm getting Error 400 Bad request for which all the tests are failing. I am recording a website through VPN & trying it to run the test the same way as I did before.
Can you please help me with this. I can provide additional screenshots and details as & when you say required.
Sampler Result:
Thread Name: Converse_Chat_No 1-1
Sample Start: 2018-06-06 14:29:19 IST
Load time: 1313
Connect Time: 1104
Latency: 1313
Size in bytes: 1639
Sent bytes:1982
Headers size in bytes: 554
Body size in bytes: 1085
Sample Count: 1
Error Count: 1
Data type ("text"|"bin"|""): text
Response code: 400
Response message: Bad Request
Response headers:
HTTP/1.1 400 Bad Request
Date: Wed, 06 Jun 2018 08:59:22 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 1085
Connection: keep-alive
Set-Cookie: AWSALB=hCxbUY5Kq+Vdfv1jhO/JGeLqCqRHT281vZy+T4LFgJCRnItYwGILJLnD3KPsv5wYlVGiy85bYqVH75PSlLNCLcPPDTDtgGHoXAKbw9T8QoT6WPxPm6qVI4tyG7H1; Expires=Wed, 13 Jun 2018 08:59:22 GMT; Path=/
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept
Access-Control-Allow-Origin: *
Content-Security-Policy: default-src 'self'
X-Content-Type-Options: nosniff
X-Powered-By: Express
HTTPSampleResult fields:
ContentType: text/html; charset=utf-8
DataEncoding: utf-8
As per 400 Bad Request description:
The HyperText Transfer Protocol (HTTP) 400 Bad Request response status code indicates that the server could not understand the request due to invalid syntax.
The client should not repeat this request without modification.
So most probably you're sending malformed requests which server doesn't understand.
The only troubleshooting technique I can think of is recording requests which real browser sends using a sniffer tool like Fiddler or Wireshark and comparing them to what JMeter sends. The requests should be the same (apart from dynamic data which has to be correlated)
As soon as you amend your JMeter test plan to 100% match requests which are being sent by the real browser it should start working. Don't forget about Cookies and Headers.
In our company the web app that we are testing uses the active directory roles assigned to the user for accessing the website.
Edit:
Important information that I forgot to mention is that, while accessing the website I am not prompted for the username and password. The website is only displayed if I have the correct Active Directory role assigned to my user profile.
For Example,
Opening IE as myself - able to access the website.
Opening IE as a service account (with required Active Directory roles) - able to access the website.
Opening IE as a different user outside my project - not able to access the website.
I have tried (skeptically, desperate to get it working) Basic/ Kerberos Authorization in the HTTP Authorization Manager and even running JMeter as that service account still no luck. I keep getting the below
Thread Name: Users 1-1
Sample Start: 2017-04-26 17:08:18 CDT
Load time: 83
Connect Time: 13
Latency: 83
Size in bytes: 438
Sent bytes:136
Headers size in bytes: 243
Body size in bytes: 195
Sample Count: 1
Error Count: 1
Data type ("text"|"bin"|""): text
Response code: 401
Response message: Unauthorized
Response headers:
HTTP/1.1 401 Unauthorized
Server: nginx/1.10.1
Date: Wed, 26 Apr 2017 22:08:18 GMT
Content-Type: text/html
Content-Length: 195
Connection: keep-alive
WWW-Authenticate: Negotiate
X-Frame-Options: deny
X-Content-Type-Options: nosniff
HTTPSampleResult fields:
ContentType: text/html
DataEncoding: null
I am just trying to find out if any one here has got the JMeter working in a similar scenario/ if any one can point me in the right direction to overcome this hurdle.
Thanks all for your help in advance.
You need to identify the exact implementation of the authentication in your application.
Given you receive WWW-Authenticate: Negotiate - this is definitely not Basic HTTP Auth.
Negotiate may stand either for NTLM or for Kerberos (or in some cases for both, i.e. if Kerberos is not successful it will fall back to NTLM) and JMeter needs to be configured differently for these schemes.
For example for NTLM you need to provide only credentials and domain in the HTTP Authorization Manager and for Kerberos you need to populate Realm and set your Kerberos settings (KDC and login config) under jaas.conf and krb5.conf files
See Windows Authentication with Apache JMeter article for more information and example configurations.
I am getting a Response code 401 and Response Message as Unauthorized while recorded script through JMeter
Sampler Result
Thread Name: Thread Group 1-1
Sample Start: 2016-07-19 14:40:53 IST
Load time: 285
Connect Time: 0
Latency: 283
Size in bytes: 534
Headers size in bytes: 456
Body size in bytes: 78
Sample Count: 1
Error Count: 1
Data type ("text"|"bin"|""): text
Response code: 401
Response message: Unauthorized
Response headers:
HTTP/1.1 401 Unauthorized
Date: Tue, 19 Jul 2016 09:10:53 GMT
Server: Apache-Coyote/1.1
Pragma: no-cache
Cache-Control: no-store
x-ca-err: 992
Content-Type: application/json;charset=UTF-8
Vary: Accept-Encoding,User-Agent
P3P: CP="This is not a P3P policy. Please see http://www.networkfleet.com/privacy-policy/ for the official privacy policy."
Keep-Alive: timeout=3, max=99
Connection: Keep-Alive
Content-Length: 78
Content-Encoding: gzip
HTTPSampleResult fields:
ContentType: application/json;charset=UTF-8
DataEncoding: UTF-8
Response Data
{
"error":"invalid_request",
"error_description":"Validation error"
}
Depending on authentication information your application expects you can work it around in several ways:
Basic HTTP (looks like modal pop-up window when you're trying to open protected page). To bypass it add HTTP Authorization Manager to your Test Plan and provide credentials there. See How to Use HTTP Basic Authentication in JMeter article for details.
Missing or incorrect parameter. Some applications use dynamic parameters for security purposes and if you recorded it - it is hard-coded and cannot be replayed successfully. Try recording your application 2 times and inspect request details for differences. If there are any - work them around using JSON Path PostProcessor
I'm new to jMeter testing. I want to test the field update on UI. So When I run my test I'm getting the CSRF validation error. How can I resolve this. My test plan looks as,
And the sampler result is as follows,
Thread Name: Thread Group 1-1
Sample Start: 2014-11-18 23:37:49 IST
Load time: 688
Latency: 688
Size in bytes: 483
Headers size in bytes: 457
Body size in bytes: 26
Sample Count: 1
Error Count: 1
Response code: 401
Response message: Unauthorized : CSRF validation failed
Response headers:
HTTP/1.1 401 Unauthorized : CSRF validation failed
Date: Tue, 18 Nov 2014 18:08:07 GMT
Server: Apache/2.4.7 (Ubuntu)
X-Powered-By: PHP/5.5.9-1ubuntu4.5
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Tue, 18 Nov 2014 18:08:07 +0000
Cache-Control: no-cache, must-revalidate, post-check=0, pre-check=0
ETag: "1416334087"
Vary: Accept
Content-Length: 26
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/json
Why do we get CSRF validation error and how to resolve it.
CSRF stands for Cross-site request forgery and you're getting CSRF Validation error due to missing mandatory dynamic request parameter, usually a Cookie or a Header.
I would suggest executing your scenario in i.e. Firefox Browser with HttpFox or FireBug extension enabled and inspect request details. CSRF token usually comes as a cookie in server's response and needs to be passed as a header or request parameter. So it is similar to usual correlation. So the flow should look as follows:
First HTTP Request: open first page
Extract CSRF token from response via one of the following Post Processors
Regular Expression Extractor
XPath Extractor
CSS/JQuery Extractor
Second HTTP Request: open second page (CSRF-protected). Add the token, extracted in step 2 to one of the following:
HTTP Request Parameter
HTTP Header Manager
HTTP Cookie Manager
Depending on where your server expects the token to live.
For the future, looking at your "localhost" server name - don't run JMeter performance tests on the same machine where application lives.