You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@jmeter.apache.org by Hiro Protagonist <hi...@googlemail.com> on 2008/10/16 12:57:49 UTC
Oracle Single Sign-On redirect failure
Hi team,
I am trying to replay against an Oracle dashboard application (recording
with HTTP proxy works fine) and it fails on an implicit re-direct. This
single sign-on redirect gets the user's credentials from [*somewhere*]
and authenticates the user.
When I play back the initial page request, a redirect happens to the
authentication page, which comes back with a 401 Unauthorised response.
I am not sure what can be done about it, or even if the request is an
SSL-encrypted request. I am pretty sure that it would be, otherwise it
wouldn't be very good security.
I read this thread http://markmail.org/message/ofm3kqfvappuramw but this
is not what happens for me - no authentication pop-up window appears,
the request just fails. Below are the two requests; the first one that
succeeds and redirects, and the second one that fails.
==========
==========
Thread Name: Thread Group 1-1
Sample Start: 2008-10-16 11:18:05 BST
Load time: 0
Latency: 0
Size in bytes: 917
Sample Count: 1
Error Count: 0
Response code: 302
Response message: Redirect to Oracle SSO Server
Response headers:
HTTP/1.1 302 Redirect to Oracle SSO Server
Date: Thu, 16 Oct 2008 10:18:04 GMT
Server: Oracle-Application-Server-10g/10.1.3.1.0 Oracle-HTTP-Server
Location:
http://myserver:7777/pls/orasso/orasso.wwsso_app_admin.ls_login?Site2pstoreToken=v1.4~8D8A0B8B~blablabla
Keep-Alive: timeout=15, max=99
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=iso-8859-1
==========
then the re-direct, and failure
==========
Thread Name: Thread Group 1-1
Sample Start: 2008-10-16 11:18:05 BST
Load time: 0
Latency: 0
Size in bytes: 0
Sample Count: 1
Error Count: 1
Response code: 401
Response message: Unauthorized
Response headers:
HTTP/1.1 401 Unauthorized
Date: Thu, 16 Oct 2008 10:18:04 GMT
Server: Oracle-Application-Server-10g/10.1.2.2.0 Oracle-HTTP-Server
Set-Cookie:
JSESSIONID=0a34001530d5baaf944b3cb84652a9d0c5d8610f6f23.e3aTb34SbNaSe34Sa38Pa38Nc3b0n6jAmljGr5XDqQLvpAe; path=/sso
Cache-Control: private
WWW-Authenticate: Negotiate
WWW-Authenticate: Basic realm="SSO"
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: application/octet-stream
==========
==========
Now, when I take that second request, and create a new HTTP request
manually (from the automatic redirect request), but make it https, I get
this error:
javax.net.ssl.SSLException: Unrecognized SSL message, plaintext
connection?
at com.sun.net.ssl.internal.ssl.InputRecord.b(Unknown Source)
at com.sun.net.ssl.internal.ssl.InputRecord.read(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown
Source)
at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
at
sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(Unknown
Source)
at
org.apache.jmeter.protocol.http.sampler.HTTPSampler.sample(HTTPSampler.java:431)
at
org.apache.jmeter.protocol.http.sampler.HTTPSamplerBase.sample(HTTPSamplerBase.java:1021)
at
org.apache.jmeter.protocol.http.sampler.HTTPSamplerBase.sample(HTTPSamplerBase.java:1007)
at org.apache.jmeter.threads.JMeterThread.run(JMeterThread.java:290)
at java.lang.Thread.run(Unknown Source)
Can anyone help ? I am really stuck and not sure where to continue
investigating...
Thanks in advance !
hiro
---------------------------------------------------------------------
To unsubscribe, e-mail: jmeter-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: jmeter-user-help@jakarta.apache.org
Re: Oracle Single Sign-On redirect failure
Posted by sebb <se...@gmail.com>.
On 20/10/2008, Sonam Chauhan <so...@ce.com.au> wrote:
> Adding to what Sebb said already below:
>
> - The redirect to Oracle SSO port 7777 does not appear to be SSL
>
> - Try adding the Authorisation Manager as Sebb said, and use the
> 'HttpClient' HTTP Sampler (see below)
>
> - Try using the cookie manager
> (Unlikely to help since the start page doesn't issue a 'Set-Cookie:...'
> header in the HTTP response)
>
>
> Sebb, you said:
> > It's likely that the browser is getting the credentials from the
> > Windows login session, but JMeter (Java) cannot do that.
>
>
> I haven't used it myself, but the docs state the HTTP Authorization
> Manager, in conjunction with the 'HttpClient' HTTP Sampler, supports
> Windows NTLM authentication. Could this help Hiro?
> http://jakarta.apache.org/jmeter/usermanual/component_reference.html#HTT
> P_Authorization_Manager)
> (The 'Domain' and 'Realm' fields mention NTML authentication)
Unlike some browsers - e.g. Internet Explorer - JMeter cannot extract
the required information from the current login session.
JMeter can negotiate NTLM login (but not NTLMv2), but one has to
provide the user name and password etc to JMeter.
>
> -----Original Message-----
> From: sebb [mailto:sebbaz@gmail.com]
> Sent: Monday, 20 October 2008 12:09 PM
> To: JMeter Users List
> Subject: Re: Oracle Single Sign-On redirect failure
>
> On 16/10/2008, Hiro Protagonist <hi...@googlemail.com> wrote:
> > Hi team,
> >
> > I am trying to replay against an Oracle dashboard application
> (recording
> > with HTTP proxy works fine) and it fails on an implicit re-direct.
> This
> > single sign-on redirect gets the user's credentials from
> [*somewhere*]
> > and authenticates the user.
> > When I play back the initial page request, a redirect happens to the
> > authentication page, which comes back with a 401 Unauthorised
> response.
> > I am not sure what can be done about it, or even if the request is an
> > SSL-encrypted request. I am pretty sure that it would be, otherwise
> it
> > wouldn't be very good security.
> > I read this thread http://markmail.org/message/ofm3kqfvappuramw but
> this
> > is not what happens for me - no authentication pop-up window appears,
> > the request just fails. Below are the two requests; the first one
> that
> > succeeds and redirects, and the second one that fails.
> >
> > ==========
> > ==========
> >
> > Thread Name: Thread Group 1-1
> > Sample Start: 2008-10-16 11:18:05 BST
> > Load time: 0
> > Latency: 0
> > Size in bytes: 917
> > Sample Count: 1
> > Error Count: 0
> > Response code: 302
> > Response message: Redirect to Oracle SSO Server
> >
> > Response headers:
> > HTTP/1.1 302 Redirect to Oracle SSO Server
> > Date: Thu, 16 Oct 2008 10:18:04 GMT
> > Server: Oracle-Application-Server-10g/10.1.3.1.0 Oracle-HTTP-Server
> > Location:
> >
> http://myserver:7777/pls/orasso/orasso.wwsso_app_admin.ls_login?Site2pst
> oreToken=v1.4~8D8A0B8B~blablabla
> > Keep-Alive: timeout=15, max=99
> > Connection: Keep-Alive
> > Transfer-Encoding: chunked
> > Content-Type: text/html; charset=iso-8859-1
> >
> > ==========
> > then the re-direct, and failure
> > ==========
> >
> > Thread Name: Thread Group 1-1
> > Sample Start: 2008-10-16 11:18:05 BST
> > Load time: 0
> > Latency: 0
> > Size in bytes: 0
> > Sample Count: 1
> > Error Count: 1
> > Response code: 401
> > Response message: Unauthorized
> >
> > Response headers:
> > HTTP/1.1 401 Unauthorized
> > Date: Thu, 16 Oct 2008 10:18:04 GMT
> > Server: Oracle-Application-Server-10g/10.1.2.2.0 Oracle-HTTP-Server
> > Set-Cookie:
> >
> JSESSIONID=0a34001530d5baaf944b3cb84652a9d0c5d8610f6f23.e3aTb34SbNaSe34S
> a38Pa38Nc3b0n6jAmljGr5XDqQLvpAe; path=/sso
> > Cache-Control: private
> > WWW-Authenticate: Negotiate
> > WWW-Authenticate: Basic realm="SSO"
> > Keep-Alive: timeout=15, max=100
> > Connection: Keep-Alive
> > Transfer-Encoding: chunked
> > Content-Type: application/octet-stream
> >
> > ==========
> > ==========
> >
> > Now, when I take that second request, and create a new HTTP request
> > manually (from the automatic redirect request), but make it https, I
> get
> > this error:
> >
> > javax.net.ssl.SSLException: Unrecognized SSL message, plaintext
> > connection?
> > at com.sun.net.ssl.internal.ssl.InputRecord.b(Unknown Source)
> > at com.sun.net.ssl.internal.ssl.InputRecord.read(Unknown
> Source)
> > at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(Unknown
> Source)
> > at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(Unknown
> Source)
> > at
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown
> > Source)
> > at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown
> Source)
> > at
> >
> sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Un
> known Source)
> > at
> sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(Unknown
> > Source)
> > at
> >
> org.apache.jmeter.protocol.http.sampler.HTTPSampler.sample(HTTPSampler.j
> ava:431)
> > at
> >
> org.apache.jmeter.protocol.http.sampler.HTTPSamplerBase.sample(HTTPSampl
> erBase.java:1021)
> > at
> >
> org.apache.jmeter.protocol.http.sampler.HTTPSamplerBase.sample(HTTPSampl
> erBase.java:1007)
> > at
> org.apache.jmeter.threads.JMeterThread.run(JMeterThread.java:290)
> > at java.lang.Thread.run(Unknown Source)
> >
> > Can anyone help ? I am really stuck and not sure where to continue
> > investigating...
> >
> > Thanks in advance !
>
> Have you set JMeter to use Follow redirects or Redirect Automatically?
> If so, turn these off.
> Also, add an Authorisation Manager to provide the required credentials.
>
> It's likely that the browser is getting the credentials from the
> Windows login session, but JMeter (Java) cannot do that.
>
> If there are still problems, the you'll need to compare what the
> browser is doing with what JMeter is doing, e.g. using a protocol
> analyser such as Wireshark, or using a browser addin that can capture
> the HTTP traffic.
>
> > hiro
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: jmeter-user-unsubscribe@jakarta.apache.org
> > For additional commands, e-mail: jmeter-user-help@jakarta.apache.org
> >
> >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: jmeter-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: jmeter-user-help@jakarta.apache.org
>
>
>
> The information contained in this email and any attached files are strictly
> private and confidential. This email should be read by the intended addressee
> only. If the recipient of this message is not the intended addressee, please
> call Corporate Express Australia Limited on +61 2 9335 0555 or Corporate Express
> New Zealand Limited on +64 9 279 2555 and promptly delete this email and any
> attachments. The intended recipient of this email may only use, reproduce,
> disclose or distribute the information contained in this email and any attached
> files with Corporate Express' permission. If you are not the intended addressee,
> you are strictly prohibited from using, reproducing, disclosing or distributing
> the information contained in this email and any attached files. Corporate
> Express advises that this email and any attached files should be scanned to
> detect viruses. Corporate Express accepts no liability for loss or damage
> (whether caused by negligence or not) resulting from the use of any attached
> files.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: jmeter-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: jmeter-user-help@jakarta.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: jmeter-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: jmeter-user-help@jakarta.apache.org
Re: Oracle Single Sign-On redirect failure
Posted by Hiro Protagonist <hi...@googlemail.com>.
Hi Sebb,
If I remember correctly, my attempts to get it to work through
Authorization Manager failed. However, it is entirely posible that my
increasing frustration/panic had clouded my judgment/ability to use it
correctly, so it may be PEBKAC all over again =)
I think it didn't pick up what I had put into Authorization Manager and
insisted on it being passed in header form.
hiro
On Thu, 2008-10-23 at 13:54 +0100, sebb wrote:
> On 23/10/2008, Hiro Protagonist <hi...@googlemail.com> wrote:
> > sebb, Sonam,
> >
> > After installing iehttpheaders (nice tool, easy to use and quite helpful
> > in this instance !), I found out that there was an extra header that
> > wasn't being captured by JMeter's proxy server.
>
> Which header was missing - Authorization?
>
> The JMeter proxy always removes Cookie and Authorization headers from
> the generated Header Manager elements.
>
> Cookies are removed because those are handled by the Cookie Manager,
> and Authorization because that is handled by the Authorization
> Manager.
>
> Both of these header types normally need special processing, as they
> are dynamic.
>
> The Proxy Manager documentation probably needs to make this clearer.
>
> > So, for everyone that needs to test against Oracle dashboard/reports in
> > a single sign-on environment with JMeter, here's what you need:
> >
> > 1. Do NOT follow redirects on the home page call - this will let you
> > capture the various session and view IDs, and token ID
> >
> > 2. On the orasso.wwsso_app_admin.ls_login page (which does the actual
> > authentication and subsequent redirection if successful), you MUST
> > include the "Authorization" header, and give it the Negotiate option,
> > followed by the hashed password
>
> Or use the Authorization Manager.
>
> > 3. The next requests CAN follow redirects, and once you've gotten beyond
> > point 2. above, you can figure it out.
> >
> > Thanks again guys for your help !!
> >
> >
> > hiro
> >
> >
> > P.S. I was lucky and the envorinment didn't have ssl enabled...
> >
> >
> > On Mon, 2008-10-20 at 12:31 +1100, Sonam Chauhan wrote:
> > > Adding to what Sebb said already below:
> > >
> > > - The redirect to Oracle SSO port 7777 does not appear to be SSL
> > >
> > > - Try adding the Authorisation Manager as Sebb said, and use the
> > > 'HttpClient' HTTP Sampler (see below)
> > >
> > > - Try using the cookie manager
> > > (Unlikely to help since the start page doesn't issue a 'Set-Cookie:...'
> > > header in the HTTP response)
> > >
> > > Sebb, you said:
> > > > It's likely that the browser is getting the credentials from the
> > > > Windows login session, but JMeter (Java) cannot do that.
> > >
> > > I haven't used it myself, but the docs state the HTTP Authorization
> > > Manager, in conjunction with the 'HttpClient' HTTP Sampler, supports
> > > Windows NTLM authentication. Could this help Hiro?
> > > http://jakarta.apache.org/jmeter/usermanual/component_reference.html#HTT
> > > P_Authorization_Manager)
> > > (The 'Domain' and 'Realm' fields mention NTML authentication)
> > >
> > > -----Original Message-----
> > > From: sebb [mailto:sebbaz@gmail.com]
> > > Sent: Monday, 20 October 2008 12:09 PM
> > > To: JMeter Users List
> > > Subject: Re: Oracle Single Sign-On redirect failure
> > >
> > > On 16/10/2008, Hiro Protagonist <hi...@googlemail.com> wrote:
> > > > Hi team,
> > > >
> > > > I am trying to replay against an Oracle dashboard application
> > > (recording
> > > > with HTTP proxy works fine) and it fails on an implicit re-direct.
> > > This
> > > > single sign-on redirect gets the user's credentials from
> > > [*somewhere*]
> > > > and authenticates the user.
> > > > When I play back the initial page request, a redirect happens to the
> > > > authentication page, which comes back with a 401 Unauthorised
> > > response.
> > > > I am not sure what can be done about it, or even if the request is an
> > > > SSL-encrypted request. I am pretty sure that it would be, otherwise
> > > it
> > > > wouldn't be very good security.
> > > > I read this thread http://markmail.org/message/ofm3kqfvappuramw but
> > > this
> > > > is not what happens for me - no authentication pop-up window appears,
> > > > the request just fails. Below are the two requests; the first one
> > > that
> > > > succeeds and redirects, and the second one that fails.
> > > >
> > > > ==========
> > > > ==========
> > > >
> > > > Thread Name: Thread Group 1-1
> > > > Sample Start: 2008-10-16 11:18:05 BST
> > > > Load time: 0
> > > > Latency: 0
> > > > Size in bytes: 917
> > > > Sample Count: 1
> > > > Error Count: 0
> > > > Response code: 302
> > > > Response message: Redirect to Oracle SSO Server
> > > >
> > > > Response headers:
> > > > HTTP/1.1 302 Redirect to Oracle SSO Server
> > > > Date: Thu, 16 Oct 2008 10:18:04 GMT
> > > > Server: Oracle-Application-Server-10g/10.1.3.1.0 Oracle-HTTP-Server
> > > > Location:
> > > >
> > > http://myserver:7777/pls/orasso/orasso.wwsso_app_admin.ls_login?Site2pst
> > > oreToken=v1.4~8D8A0B8B~blablabla
> > > > Keep-Alive: timeout=15, max=99
> > > > Connection: Keep-Alive
> > > > Transfer-Encoding: chunked
> > > > Content-Type: text/html; charset=iso-8859-1
> > > >
> > > > ==========
> > > > then the re-direct, and failure
> > > > ==========
> > > >
> > > > Thread Name: Thread Group 1-1
> > > > Sample Start: 2008-10-16 11:18:05 BST
> > > > Load time: 0
> > > > Latency: 0
> > > > Size in bytes: 0
> > > > Sample Count: 1
> > > > Error Count: 1
> > > > Response code: 401
> > > > Response message: Unauthorized
> > > >
> > > > Response headers:
> > > > HTTP/1.1 401 Unauthorized
> > > > Date: Thu, 16 Oct 2008 10:18:04 GMT
> > > > Server: Oracle-Application-Server-10g/10.1.2.2.0 Oracle-HTTP-Server
> > > > Set-Cookie:
> > > >
> > > JSESSIONID=0a34001530d5baaf944b3cb84652a9d0c5d8610f6f23.e3aTb34SbNaSe34S
> > > a38Pa38Nc3b0n6jAmljGr5XDqQLvpAe; path=/sso
> > > > Cache-Control: private
> > > > WWW-Authenticate: Negotiate
> > > > WWW-Authenticate: Basic realm="SSO"
> > > > Keep-Alive: timeout=15, max=100
> > > > Connection: Keep-Alive
> > > > Transfer-Encoding: chunked
> > > > Content-Type: application/octet-stream
> > > >
> > > > ==========
> > > > ==========
> > > >
> > > > Now, when I take that second request, and create a new HTTP request
> > > > manually (from the automatic redirect request), but make it https, I
> > > get
> > > > this error:
> > > >
> > > > javax.net.ssl.SSLException: Unrecognized SSL message, plaintext
> > > > connection?
> > > > at com.sun.net.ssl.internal.ssl.InputRecord.b(Unknown Source)
> > > > at com.sun.net.ssl.internal.ssl.InputRecord.read(Unknown
> > > Source)
> > > > at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(Unknown
> > > Source)
> > > > at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(Unknown
> > > Source)
> > > > at
> > > com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown
> > > > Source)
> > > > at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown
> > > Source)
> > > > at
> > > >
> > > sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Un
> > > known Source)
> > > > at
> > > sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(Unknown
> > > > Source)
> > > > at
> > > >
> > > org.apache.jmeter.protocol.http.sampler.HTTPSampler.sample(HTTPSampler.j
> > > ava:431)
> > > > at
> > > >
> > > org.apache.jmeter.protocol.http.sampler.HTTPSamplerBase.sample(HTTPSampl
> > > erBase.java:1021)
> > > > at
> > > >
> > > org.apache.jmeter.protocol.http.sampler.HTTPSamplerBase.sample(HTTPSampl
> > > erBase.java:1007)
> > > > at
> > > org.apache.jmeter.threads.JMeterThread.run(JMeterThread.java:290)
> > > > at java.lang.Thread.run(Unknown Source)
> > > >
> > > > Can anyone help ? I am really stuck and not sure where to continue
> > > > investigating...
> > > >
> > > > Thanks in advance !
> > >
> > > Have you set JMeter to use Follow redirects or Redirect Automatically?
> > > If so, turn these off.
> > > Also, add an Authorisation Manager to provide the required credentials.
> > >
> > > It's likely that the browser is getting the credentials from the
> > > Windows login session, but JMeter (Java) cannot do that.
> > >
> > > If there are still problems, the you'll need to compare what the
> > > browser is doing with what JMeter is doing, e.g. using a protocol
> > > analyser such as Wireshark, or using a browser addin that can capture
> > > the HTTP traffic.
> > >
> > > > hiro
> > > >
> > > >
> > > > ---------------------------------------------------------------------
> > > > To unsubscribe, e-mail: jmeter-user-unsubscribe@jakarta.apache.org
> > > > For additional commands, e-mail: jmeter-user-help@jakarta.apache.org
> > > >
> > > >
> > >
> > > ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: jmeter-user-unsubscribe@jakarta.apache.org
> > > For additional commands, e-mail: jmeter-user-help@jakarta.apache.org
> > >
> > >
> > > The information contained in this email and any attached files are strictly
> > > private and confidential. This email should be read by the intended addressee
> > > only. If the recipient of this message is not the intended addressee, please
> > > call Corporate Express Australia Limited on +61 2 9335 0555 or Corporate Express
> > > New Zealand Limited on +64 9 279 2555 and promptly delete this email and any
> > > attachments. The intended recipient of this email may only use, reproduce,
> > > disclose or distribute the information contained in this email and any attached
> > > files with Corporate Express' permission. If you are not the intended addressee,
> > > you are strictly prohibited from using, reproducing, disclosing or distributing
> > > the information contained in this email and any attached files. Corporate
> > > Express advises that this email and any attached files should be scanned to
> > > detect viruses. Corporate Express accepts no liability for loss or damage
> > > (whether caused by negligence or not) resulting from the use of any attached
> > > files.
> > >
> > > ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: jmeter-user-unsubscribe@jakarta.apache.org
> > > For additional commands, e-mail: jmeter-user-help@jakarta.apache.org
> > >
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: jmeter-user-unsubscribe@jakarta.apache.org
> > For additional commands, e-mail: jmeter-user-help@jakarta.apache.org
> >
> >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: jmeter-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: jmeter-user-help@jakarta.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: jmeter-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: jmeter-user-help@jakarta.apache.org
Re: Oracle Single Sign-On redirect failure
Posted by sebb <se...@gmail.com>.
On 23/10/2008, Hiro Protagonist <hi...@googlemail.com> wrote:
> sebb, Sonam,
>
> After installing iehttpheaders (nice tool, easy to use and quite helpful
> in this instance !), I found out that there was an extra header that
> wasn't being captured by JMeter's proxy server.
Which header was missing - Authorization?
The JMeter proxy always removes Cookie and Authorization headers from
the generated Header Manager elements.
Cookies are removed because those are handled by the Cookie Manager,
and Authorization because that is handled by the Authorization
Manager.
Both of these header types normally need special processing, as they
are dynamic.
The Proxy Manager documentation probably needs to make this clearer.
> So, for everyone that needs to test against Oracle dashboard/reports in
> a single sign-on environment with JMeter, here's what you need:
>
> 1. Do NOT follow redirects on the home page call - this will let you
> capture the various session and view IDs, and token ID
>
> 2. On the orasso.wwsso_app_admin.ls_login page (which does the actual
> authentication and subsequent redirection if successful), you MUST
> include the "Authorization" header, and give it the Negotiate option,
> followed by the hashed password
Or use the Authorization Manager.
> 3. The next requests CAN follow redirects, and once you've gotten beyond
> point 2. above, you can figure it out.
>
> Thanks again guys for your help !!
>
>
> hiro
>
>
> P.S. I was lucky and the envorinment didn't have ssl enabled...
>
>
> On Mon, 2008-10-20 at 12:31 +1100, Sonam Chauhan wrote:
> > Adding to what Sebb said already below:
> >
> > - The redirect to Oracle SSO port 7777 does not appear to be SSL
> >
> > - Try adding the Authorisation Manager as Sebb said, and use the
> > 'HttpClient' HTTP Sampler (see below)
> >
> > - Try using the cookie manager
> > (Unlikely to help since the start page doesn't issue a 'Set-Cookie:...'
> > header in the HTTP response)
> >
> > Sebb, you said:
> > > It's likely that the browser is getting the credentials from the
> > > Windows login session, but JMeter (Java) cannot do that.
> >
> > I haven't used it myself, but the docs state the HTTP Authorization
> > Manager, in conjunction with the 'HttpClient' HTTP Sampler, supports
> > Windows NTLM authentication. Could this help Hiro?
> > http://jakarta.apache.org/jmeter/usermanual/component_reference.html#HTT
> > P_Authorization_Manager)
> > (The 'Domain' and 'Realm' fields mention NTML authentication)
> >
> > -----Original Message-----
> > From: sebb [mailto:sebbaz@gmail.com]
> > Sent: Monday, 20 October 2008 12:09 PM
> > To: JMeter Users List
> > Subject: Re: Oracle Single Sign-On redirect failure
> >
> > On 16/10/2008, Hiro Protagonist <hi...@googlemail.com> wrote:
> > > Hi team,
> > >
> > > I am trying to replay against an Oracle dashboard application
> > (recording
> > > with HTTP proxy works fine) and it fails on an implicit re-direct.
> > This
> > > single sign-on redirect gets the user's credentials from
> > [*somewhere*]
> > > and authenticates the user.
> > > When I play back the initial page request, a redirect happens to the
> > > authentication page, which comes back with a 401 Unauthorised
> > response.
> > > I am not sure what can be done about it, or even if the request is an
> > > SSL-encrypted request. I am pretty sure that it would be, otherwise
> > it
> > > wouldn't be very good security.
> > > I read this thread http://markmail.org/message/ofm3kqfvappuramw but
> > this
> > > is not what happens for me - no authentication pop-up window appears,
> > > the request just fails. Below are the two requests; the first one
> > that
> > > succeeds and redirects, and the second one that fails.
> > >
> > > ==========
> > > ==========
> > >
> > > Thread Name: Thread Group 1-1
> > > Sample Start: 2008-10-16 11:18:05 BST
> > > Load time: 0
> > > Latency: 0
> > > Size in bytes: 917
> > > Sample Count: 1
> > > Error Count: 0
> > > Response code: 302
> > > Response message: Redirect to Oracle SSO Server
> > >
> > > Response headers:
> > > HTTP/1.1 302 Redirect to Oracle SSO Server
> > > Date: Thu, 16 Oct 2008 10:18:04 GMT
> > > Server: Oracle-Application-Server-10g/10.1.3.1.0 Oracle-HTTP-Server
> > > Location:
> > >
> > http://myserver:7777/pls/orasso/orasso.wwsso_app_admin.ls_login?Site2pst
> > oreToken=v1.4~8D8A0B8B~blablabla
> > > Keep-Alive: timeout=15, max=99
> > > Connection: Keep-Alive
> > > Transfer-Encoding: chunked
> > > Content-Type: text/html; charset=iso-8859-1
> > >
> > > ==========
> > > then the re-direct, and failure
> > > ==========
> > >
> > > Thread Name: Thread Group 1-1
> > > Sample Start: 2008-10-16 11:18:05 BST
> > > Load time: 0
> > > Latency: 0
> > > Size in bytes: 0
> > > Sample Count: 1
> > > Error Count: 1
> > > Response code: 401
> > > Response message: Unauthorized
> > >
> > > Response headers:
> > > HTTP/1.1 401 Unauthorized
> > > Date: Thu, 16 Oct 2008 10:18:04 GMT
> > > Server: Oracle-Application-Server-10g/10.1.2.2.0 Oracle-HTTP-Server
> > > Set-Cookie:
> > >
> > JSESSIONID=0a34001530d5baaf944b3cb84652a9d0c5d8610f6f23.e3aTb34SbNaSe34S
> > a38Pa38Nc3b0n6jAmljGr5XDqQLvpAe; path=/sso
> > > Cache-Control: private
> > > WWW-Authenticate: Negotiate
> > > WWW-Authenticate: Basic realm="SSO"
> > > Keep-Alive: timeout=15, max=100
> > > Connection: Keep-Alive
> > > Transfer-Encoding: chunked
> > > Content-Type: application/octet-stream
> > >
> > > ==========
> > > ==========
> > >
> > > Now, when I take that second request, and create a new HTTP request
> > > manually (from the automatic redirect request), but make it https, I
> > get
> > > this error:
> > >
> > > javax.net.ssl.SSLException: Unrecognized SSL message, plaintext
> > > connection?
> > > at com.sun.net.ssl.internal.ssl.InputRecord.b(Unknown Source)
> > > at com.sun.net.ssl.internal.ssl.InputRecord.read(Unknown
> > Source)
> > > at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(Unknown
> > Source)
> > > at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(Unknown
> > Source)
> > > at
> > com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown
> > > Source)
> > > at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown
> > Source)
> > > at
> > >
> > sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Un
> > known Source)
> > > at
> > sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(Unknown
> > > Source)
> > > at
> > >
> > org.apache.jmeter.protocol.http.sampler.HTTPSampler.sample(HTTPSampler.j
> > ava:431)
> > > at
> > >
> > org.apache.jmeter.protocol.http.sampler.HTTPSamplerBase.sample(HTTPSampl
> > erBase.java:1021)
> > > at
> > >
> > org.apache.jmeter.protocol.http.sampler.HTTPSamplerBase.sample(HTTPSampl
> > erBase.java:1007)
> > > at
> > org.apache.jmeter.threads.JMeterThread.run(JMeterThread.java:290)
> > > at java.lang.Thread.run(Unknown Source)
> > >
> > > Can anyone help ? I am really stuck and not sure where to continue
> > > investigating...
> > >
> > > Thanks in advance !
> >
> > Have you set JMeter to use Follow redirects or Redirect Automatically?
> > If so, turn these off.
> > Also, add an Authorisation Manager to provide the required credentials.
> >
> > It's likely that the browser is getting the credentials from the
> > Windows login session, but JMeter (Java) cannot do that.
> >
> > If there are still problems, the you'll need to compare what the
> > browser is doing with what JMeter is doing, e.g. using a protocol
> > analyser such as Wireshark, or using a browser addin that can capture
> > the HTTP traffic.
> >
> > > hiro
> > >
> > >
> > > ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: jmeter-user-unsubscribe@jakarta.apache.org
> > > For additional commands, e-mail: jmeter-user-help@jakarta.apache.org
> > >
> > >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: jmeter-user-unsubscribe@jakarta.apache.org
> > For additional commands, e-mail: jmeter-user-help@jakarta.apache.org
> >
> >
> > The information contained in this email and any attached files are strictly
> > private and confidential. This email should be read by the intended addressee
> > only. If the recipient of this message is not the intended addressee, please
> > call Corporate Express Australia Limited on +61 2 9335 0555 or Corporate Express
> > New Zealand Limited on +64 9 279 2555 and promptly delete this email and any
> > attachments. The intended recipient of this email may only use, reproduce,
> > disclose or distribute the information contained in this email and any attached
> > files with Corporate Express' permission. If you are not the intended addressee,
> > you are strictly prohibited from using, reproducing, disclosing or distributing
> > the information contained in this email and any attached files. Corporate
> > Express advises that this email and any attached files should be scanned to
> > detect viruses. Corporate Express accepts no liability for loss or damage
> > (whether caused by negligence or not) resulting from the use of any attached
> > files.
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: jmeter-user-unsubscribe@jakarta.apache.org
> > For additional commands, e-mail: jmeter-user-help@jakarta.apache.org
> >
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: jmeter-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: jmeter-user-help@jakarta.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: jmeter-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: jmeter-user-help@jakarta.apache.org
RE: Oracle Single Sign-On redirect failure
Posted by Hiro Protagonist <hi...@googlemail.com>.
sebb, Sonam,
After installing iehttpheaders (nice tool, easy to use and quite helpful
in this instance !), I found out that there was an extra header that
wasn't being captured by JMeter's proxy server.
So, for everyone that needs to test against Oracle dashboard/reports in
a single sign-on environment with JMeter, here's what you need:
1. Do NOT follow redirects on the home page call - this will let you
capture the various session and view IDs, and token ID
2. On the orasso.wwsso_app_admin.ls_login page (which does the actual
authentication and subsequent redirection if successful), you MUST
include the "Authorization" header, and give it the Negotiate option,
followed by the hashed password
3. The next requests CAN follow redirects, and once you've gotten beyond
point 2. above, you can figure it out.
Thanks again guys for your help !!
hiro
P.S. I was lucky and the envorinment didn't have ssl enabled...
On Mon, 2008-10-20 at 12:31 +1100, Sonam Chauhan wrote:
> Adding to what Sebb said already below:
>
> - The redirect to Oracle SSO port 7777 does not appear to be SSL
>
> - Try adding the Authorisation Manager as Sebb said, and use the
> 'HttpClient' HTTP Sampler (see below)
>
> - Try using the cookie manager
> (Unlikely to help since the start page doesn't issue a 'Set-Cookie:...'
> header in the HTTP response)
>
> Sebb, you said:
> > It's likely that the browser is getting the credentials from the
> > Windows login session, but JMeter (Java) cannot do that.
>
> I haven't used it myself, but the docs state the HTTP Authorization
> Manager, in conjunction with the 'HttpClient' HTTP Sampler, supports
> Windows NTLM authentication. Could this help Hiro?
> http://jakarta.apache.org/jmeter/usermanual/component_reference.html#HTT
> P_Authorization_Manager)
> (The 'Domain' and 'Realm' fields mention NTML authentication)
>
> -----Original Message-----
> From: sebb [mailto:sebbaz@gmail.com]
> Sent: Monday, 20 October 2008 12:09 PM
> To: JMeter Users List
> Subject: Re: Oracle Single Sign-On redirect failure
>
> On 16/10/2008, Hiro Protagonist <hi...@googlemail.com> wrote:
> > Hi team,
> >
> > I am trying to replay against an Oracle dashboard application
> (recording
> > with HTTP proxy works fine) and it fails on an implicit re-direct.
> This
> > single sign-on redirect gets the user's credentials from
> [*somewhere*]
> > and authenticates the user.
> > When I play back the initial page request, a redirect happens to the
> > authentication page, which comes back with a 401 Unauthorised
> response.
> > I am not sure what can be done about it, or even if the request is an
> > SSL-encrypted request. I am pretty sure that it would be, otherwise
> it
> > wouldn't be very good security.
> > I read this thread http://markmail.org/message/ofm3kqfvappuramw but
> this
> > is not what happens for me - no authentication pop-up window appears,
> > the request just fails. Below are the two requests; the first one
> that
> > succeeds and redirects, and the second one that fails.
> >
> > ==========
> > ==========
> >
> > Thread Name: Thread Group 1-1
> > Sample Start: 2008-10-16 11:18:05 BST
> > Load time: 0
> > Latency: 0
> > Size in bytes: 917
> > Sample Count: 1
> > Error Count: 0
> > Response code: 302
> > Response message: Redirect to Oracle SSO Server
> >
> > Response headers:
> > HTTP/1.1 302 Redirect to Oracle SSO Server
> > Date: Thu, 16 Oct 2008 10:18:04 GMT
> > Server: Oracle-Application-Server-10g/10.1.3.1.0 Oracle-HTTP-Server
> > Location:
> >
> http://myserver:7777/pls/orasso/orasso.wwsso_app_admin.ls_login?Site2pst
> oreToken=v1.4~8D8A0B8B~blablabla
> > Keep-Alive: timeout=15, max=99
> > Connection: Keep-Alive
> > Transfer-Encoding: chunked
> > Content-Type: text/html; charset=iso-8859-1
> >
> > ==========
> > then the re-direct, and failure
> > ==========
> >
> > Thread Name: Thread Group 1-1
> > Sample Start: 2008-10-16 11:18:05 BST
> > Load time: 0
> > Latency: 0
> > Size in bytes: 0
> > Sample Count: 1
> > Error Count: 1
> > Response code: 401
> > Response message: Unauthorized
> >
> > Response headers:
> > HTTP/1.1 401 Unauthorized
> > Date: Thu, 16 Oct 2008 10:18:04 GMT
> > Server: Oracle-Application-Server-10g/10.1.2.2.0 Oracle-HTTP-Server
> > Set-Cookie:
> >
> JSESSIONID=0a34001530d5baaf944b3cb84652a9d0c5d8610f6f23.e3aTb34SbNaSe34S
> a38Pa38Nc3b0n6jAmljGr5XDqQLvpAe; path=/sso
> > Cache-Control: private
> > WWW-Authenticate: Negotiate
> > WWW-Authenticate: Basic realm="SSO"
> > Keep-Alive: timeout=15, max=100
> > Connection: Keep-Alive
> > Transfer-Encoding: chunked
> > Content-Type: application/octet-stream
> >
> > ==========
> > ==========
> >
> > Now, when I take that second request, and create a new HTTP request
> > manually (from the automatic redirect request), but make it https, I
> get
> > this error:
> >
> > javax.net.ssl.SSLException: Unrecognized SSL message, plaintext
> > connection?
> > at com.sun.net.ssl.internal.ssl.InputRecord.b(Unknown Source)
> > at com.sun.net.ssl.internal.ssl.InputRecord.read(Unknown
> Source)
> > at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(Unknown
> Source)
> > at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(Unknown
> Source)
> > at
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown
> > Source)
> > at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown
> Source)
> > at
> >
> sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Un
> known Source)
> > at
> sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(Unknown
> > Source)
> > at
> >
> org.apache.jmeter.protocol.http.sampler.HTTPSampler.sample(HTTPSampler.j
> ava:431)
> > at
> >
> org.apache.jmeter.protocol.http.sampler.HTTPSamplerBase.sample(HTTPSampl
> erBase.java:1021)
> > at
> >
> org.apache.jmeter.protocol.http.sampler.HTTPSamplerBase.sample(HTTPSampl
> erBase.java:1007)
> > at
> org.apache.jmeter.threads.JMeterThread.run(JMeterThread.java:290)
> > at java.lang.Thread.run(Unknown Source)
> >
> > Can anyone help ? I am really stuck and not sure where to continue
> > investigating...
> >
> > Thanks in advance !
>
> Have you set JMeter to use Follow redirects or Redirect Automatically?
> If so, turn these off.
> Also, add an Authorisation Manager to provide the required credentials.
>
> It's likely that the browser is getting the credentials from the
> Windows login session, but JMeter (Java) cannot do that.
>
> If there are still problems, the you'll need to compare what the
> browser is doing with what JMeter is doing, e.g. using a protocol
> analyser such as Wireshark, or using a browser addin that can capture
> the HTTP traffic.
>
> > hiro
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: jmeter-user-unsubscribe@jakarta.apache.org
> > For additional commands, e-mail: jmeter-user-help@jakarta.apache.org
> >
> >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: jmeter-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: jmeter-user-help@jakarta.apache.org
>
>
> The information contained in this email and any attached files are strictly
> private and confidential. This email should be read by the intended addressee
> only. If the recipient of this message is not the intended addressee, please
> call Corporate Express Australia Limited on +61 2 9335 0555 or Corporate Express
> New Zealand Limited on +64 9 279 2555 and promptly delete this email and any
> attachments. The intended recipient of this email may only use, reproduce,
> disclose or distribute the information contained in this email and any attached
> files with Corporate Express' permission. If you are not the intended addressee,
> you are strictly prohibited from using, reproducing, disclosing or distributing
> the information contained in this email and any attached files. Corporate
> Express advises that this email and any attached files should be scanned to
> detect viruses. Corporate Express accepts no liability for loss or damage
> (whether caused by negligence or not) resulting from the use of any attached
> files.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: jmeter-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: jmeter-user-help@jakarta.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: jmeter-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: jmeter-user-help@jakarta.apache.org
RE: Oracle Single Sign-On redirect failure
Posted by Sonam Chauhan <so...@ce.com.au>.
Adding to what Sebb said already below:
- The redirect to Oracle SSO port 7777 does not appear to be SSL
- Try adding the Authorisation Manager as Sebb said, and use the
'HttpClient' HTTP Sampler (see below)
- Try using the cookie manager
(Unlikely to help since the start page doesn't issue a 'Set-Cookie:...'
header in the HTTP response)
Sebb, you said:
> It's likely that the browser is getting the credentials from the
> Windows login session, but JMeter (Java) cannot do that.
I haven't used it myself, but the docs state the HTTP Authorization
Manager, in conjunction with the 'HttpClient' HTTP Sampler, supports
Windows NTLM authentication. Could this help Hiro?
http://jakarta.apache.org/jmeter/usermanual/component_reference.html#HTT
P_Authorization_Manager)
(The 'Domain' and 'Realm' fields mention NTML authentication)
-----Original Message-----
From: sebb [mailto:sebbaz@gmail.com]
Sent: Monday, 20 October 2008 12:09 PM
To: JMeter Users List
Subject: Re: Oracle Single Sign-On redirect failure
On 16/10/2008, Hiro Protagonist <hi...@googlemail.com> wrote:
> Hi team,
>
> I am trying to replay against an Oracle dashboard application
(recording
> with HTTP proxy works fine) and it fails on an implicit re-direct.
This
> single sign-on redirect gets the user's credentials from
[*somewhere*]
> and authenticates the user.
> When I play back the initial page request, a redirect happens to the
> authentication page, which comes back with a 401 Unauthorised
response.
> I am not sure what can be done about it, or even if the request is an
> SSL-encrypted request. I am pretty sure that it would be, otherwise
it
> wouldn't be very good security.
> I read this thread http://markmail.org/message/ofm3kqfvappuramw but
this
> is not what happens for me - no authentication pop-up window appears,
> the request just fails. Below are the two requests; the first one
that
> succeeds and redirects, and the second one that fails.
>
> ==========
> ==========
>
> Thread Name: Thread Group 1-1
> Sample Start: 2008-10-16 11:18:05 BST
> Load time: 0
> Latency: 0
> Size in bytes: 917
> Sample Count: 1
> Error Count: 0
> Response code: 302
> Response message: Redirect to Oracle SSO Server
>
> Response headers:
> HTTP/1.1 302 Redirect to Oracle SSO Server
> Date: Thu, 16 Oct 2008 10:18:04 GMT
> Server: Oracle-Application-Server-10g/10.1.3.1.0 Oracle-HTTP-Server
> Location:
>
http://myserver:7777/pls/orasso/orasso.wwsso_app_admin.ls_login?Site2pst
oreToken=v1.4~8D8A0B8B~blablabla
> Keep-Alive: timeout=15, max=99
> Connection: Keep-Alive
> Transfer-Encoding: chunked
> Content-Type: text/html; charset=iso-8859-1
>
> ==========
> then the re-direct, and failure
> ==========
>
> Thread Name: Thread Group 1-1
> Sample Start: 2008-10-16 11:18:05 BST
> Load time: 0
> Latency: 0
> Size in bytes: 0
> Sample Count: 1
> Error Count: 1
> Response code: 401
> Response message: Unauthorized
>
> Response headers:
> HTTP/1.1 401 Unauthorized
> Date: Thu, 16 Oct 2008 10:18:04 GMT
> Server: Oracle-Application-Server-10g/10.1.2.2.0 Oracle-HTTP-Server
> Set-Cookie:
>
JSESSIONID=0a34001530d5baaf944b3cb84652a9d0c5d8610f6f23.e3aTb34SbNaSe34S
a38Pa38Nc3b0n6jAmljGr5XDqQLvpAe; path=/sso
> Cache-Control: private
> WWW-Authenticate: Negotiate
> WWW-Authenticate: Basic realm="SSO"
> Keep-Alive: timeout=15, max=100
> Connection: Keep-Alive
> Transfer-Encoding: chunked
> Content-Type: application/octet-stream
>
> ==========
> ==========
>
> Now, when I take that second request, and create a new HTTP request
> manually (from the automatic redirect request), but make it https, I
get
> this error:
>
> javax.net.ssl.SSLException: Unrecognized SSL message, plaintext
> connection?
> at com.sun.net.ssl.internal.ssl.InputRecord.b(Unknown Source)
> at com.sun.net.ssl.internal.ssl.InputRecord.read(Unknown
Source)
> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(Unknown
Source)
> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(Unknown
Source)
> at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown
> Source)
> at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown
Source)
> at
>
sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Un
known Source)
> at
sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(Unknown
> Source)
> at
>
org.apache.jmeter.protocol.http.sampler.HTTPSampler.sample(HTTPSampler.j
ava:431)
> at
>
org.apache.jmeter.protocol.http.sampler.HTTPSamplerBase.sample(HTTPSampl
erBase.java:1021)
> at
>
org.apache.jmeter.protocol.http.sampler.HTTPSamplerBase.sample(HTTPSampl
erBase.java:1007)
> at
org.apache.jmeter.threads.JMeterThread.run(JMeterThread.java:290)
> at java.lang.Thread.run(Unknown Source)
>
> Can anyone help ? I am really stuck and not sure where to continue
> investigating...
>
> Thanks in advance !
Have you set JMeter to use Follow redirects or Redirect Automatically?
If so, turn these off.
Also, add an Authorisation Manager to provide the required credentials.
It's likely that the browser is getting the credentials from the
Windows login session, but JMeter (Java) cannot do that.
If there are still problems, the you'll need to compare what the
browser is doing with what JMeter is doing, e.g. using a protocol
analyser such as Wireshark, or using a browser addin that can capture
the HTTP traffic.
> hiro
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: jmeter-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: jmeter-user-help@jakarta.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: jmeter-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: jmeter-user-help@jakarta.apache.org
The information contained in this email and any attached files are strictly
private and confidential. This email should be read by the intended addressee
only. If the recipient of this message is not the intended addressee, please
call Corporate Express Australia Limited on +61 2 9335 0555 or Corporate Express
New Zealand Limited on +64 9 279 2555 and promptly delete this email and any
attachments. The intended recipient of this email may only use, reproduce,
disclose or distribute the information contained in this email and any attached
files with Corporate Express' permission. If you are not the intended addressee,
you are strictly prohibited from using, reproducing, disclosing or distributing
the information contained in this email and any attached files. Corporate
Express advises that this email and any attached files should be scanned to
detect viruses. Corporate Express accepts no liability for loss or damage
(whether caused by negligence or not) resulting from the use of any attached
files.
---------------------------------------------------------------------
To unsubscribe, e-mail: jmeter-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: jmeter-user-help@jakarta.apache.org
Re: Oracle Single Sign-On redirect failure
Posted by sebb <se...@gmail.com>.
On 16/10/2008, Hiro Protagonist <hi...@googlemail.com> wrote:
> Hi team,
>
> I am trying to replay against an Oracle dashboard application (recording
> with HTTP proxy works fine) and it fails on an implicit re-direct. This
> single sign-on redirect gets the user's credentials from [*somewhere*]
> and authenticates the user.
> When I play back the initial page request, a redirect happens to the
> authentication page, which comes back with a 401 Unauthorised response.
> I am not sure what can be done about it, or even if the request is an
> SSL-encrypted request. I am pretty sure that it would be, otherwise it
> wouldn't be very good security.
> I read this thread http://markmail.org/message/ofm3kqfvappuramw but this
> is not what happens for me - no authentication pop-up window appears,
> the request just fails. Below are the two requests; the first one that
> succeeds and redirects, and the second one that fails.
>
> ==========
> ==========
>
> Thread Name: Thread Group 1-1
> Sample Start: 2008-10-16 11:18:05 BST
> Load time: 0
> Latency: 0
> Size in bytes: 917
> Sample Count: 1
> Error Count: 0
> Response code: 302
> Response message: Redirect to Oracle SSO Server
>
> Response headers:
> HTTP/1.1 302 Redirect to Oracle SSO Server
> Date: Thu, 16 Oct 2008 10:18:04 GMT
> Server: Oracle-Application-Server-10g/10.1.3.1.0 Oracle-HTTP-Server
> Location:
> http://myserver:7777/pls/orasso/orasso.wwsso_app_admin.ls_login?Site2pstoreToken=v1.4~8D8A0B8B~blablabla
> Keep-Alive: timeout=15, max=99
> Connection: Keep-Alive
> Transfer-Encoding: chunked
> Content-Type: text/html; charset=iso-8859-1
>
> ==========
> then the re-direct, and failure
> ==========
>
> Thread Name: Thread Group 1-1
> Sample Start: 2008-10-16 11:18:05 BST
> Load time: 0
> Latency: 0
> Size in bytes: 0
> Sample Count: 1
> Error Count: 1
> Response code: 401
> Response message: Unauthorized
>
> Response headers:
> HTTP/1.1 401 Unauthorized
> Date: Thu, 16 Oct 2008 10:18:04 GMT
> Server: Oracle-Application-Server-10g/10.1.2.2.0 Oracle-HTTP-Server
> Set-Cookie:
> JSESSIONID=0a34001530d5baaf944b3cb84652a9d0c5d8610f6f23.e3aTb34SbNaSe34Sa38Pa38Nc3b0n6jAmljGr5XDqQLvpAe; path=/sso
> Cache-Control: private
> WWW-Authenticate: Negotiate
> WWW-Authenticate: Basic realm="SSO"
> Keep-Alive: timeout=15, max=100
> Connection: Keep-Alive
> Transfer-Encoding: chunked
> Content-Type: application/octet-stream
>
> ==========
> ==========
>
> Now, when I take that second request, and create a new HTTP request
> manually (from the automatic redirect request), but make it https, I get
> this error:
>
> javax.net.ssl.SSLException: Unrecognized SSL message, plaintext
> connection?
> at com.sun.net.ssl.internal.ssl.InputRecord.b(Unknown Source)
> at com.sun.net.ssl.internal.ssl.InputRecord.read(Unknown Source)
> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(Unknown Source)
> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(Unknown Source)
> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown
> Source)
> at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
> at
> sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)
> at sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(Unknown
> Source)
> at
> org.apache.jmeter.protocol.http.sampler.HTTPSampler.sample(HTTPSampler.java:431)
> at
> org.apache.jmeter.protocol.http.sampler.HTTPSamplerBase.sample(HTTPSamplerBase.java:1021)
> at
> org.apache.jmeter.protocol.http.sampler.HTTPSamplerBase.sample(HTTPSamplerBase.java:1007)
> at org.apache.jmeter.threads.JMeterThread.run(JMeterThread.java:290)
> at java.lang.Thread.run(Unknown Source)
>
> Can anyone help ? I am really stuck and not sure where to continue
> investigating...
>
> Thanks in advance !
Have you set JMeter to use Follow redirects or Redirect Automatically?
If so, turn these off.
Also, add an Authorisation Manager to provide the required credentials.
It's likely that the browser is getting the credentials from the
Windows login session, but JMeter (Java) cannot do that.
If there are still problems, the you'll need to compare what the
browser is doing with what JMeter is doing, e.g. using a protocol
analyser such as Wireshark, or using a browser addin that can capture
the HTTP traffic.
> hiro
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: jmeter-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: jmeter-user-help@jakarta.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: jmeter-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: jmeter-user-help@jakarta.apache.org