I'm using apache jmeter for testing my java application. When I hit the GTM(global traffic manager: this routes the traffic to specific server depending on the load) url https:// on port 443 everything works fine.
When I try to hit the specific server on which the the application is deployed using the url http:// on port 8080, I get 401 unauthorized error because cookies are coming as null in the request.
How can I fix this?
It's hard to guess what is the problem when you don't provide any code/configuration.
Probably you are running into issue because of same origin policy (browser and tools are sending only cookies which belongs to the origin to which you are sending request).
I guess that you are retrieving cookies from https://someApp.com:443 and try to reuse them with http://someapp.com:8080. The problem is, that they are not same origins (port number is treated as part of origin URL).
Check out this links:
JMeter Issue with SSO and Cookies
https://bz.apache.org/bugzilla/show_bug.cgi?id=56358
You could try disabling JMeter cookies checking:
Temporarily (once only), via -J command-line argument like:
jmeter -JCookieManager.check.cookies=false -n -t test.jmx -l result.jtl
Permanent, by adding the next line to user.properties file (located in "bin" folder of your JMeter installation)
CookieManager.check.cookies=false
JMeter restart will be required to pick the property up.
References:
Configuring JMeter
Apache JMeter Properties Customization Guide
HTTP Cookie Manager documentation
Notice that you have only 1 Cookie Manager.
If there is more than one Cookie Manager in the scope of a Sampler,
there is currently no way to specify which one is to be used. Also, a
cookie stored in one cookie manager is not available to any other
manager, so use multiple Cookie Managers with care
Related
I followed this guide and cloned the authserver. The project has an authserver and a client (as test). Example works fine but if I remove context-path property (I just want my app to work on /), it fails after redirect back to the client. Example:
Go to the client (localhost:9999);
Redirected to the authserver (localhost:8080);
Login through GitHub;
Redirected to the authserver and immediatly to the client with next url:
http://localhost:9999/login?code=dqoxz4&state=79qtJ5
Whitelabel error page responds:
There was an unexpected error (type=Unauthorized, status=401).
Authentication Failed: Could not obtain access token
As I mentioned above, it fails only if context-path is / (or removed at all). Otherwise, all works.
From your link:
The context path has to be explicit if you are running both the client
and the auth server on localhost, otherwise the cookie paths clash and
the two apps cannot agree on a session identifier.
We run successfully an app on / and AuthServer on /uaa. Try to set Context-Path on your AuthServer. Look at cookies from your app and AuthServer: they should not have same path.
EDIT:
Different domains should be fine. They don't share cookies. On same host, like localhost, you must use context path, because cookies are not port specific. See: https://stackoverflow.com/a/16328399/926620
Alternatively, you put domains in /etc/hosts (linux) or c:\windos\system32\drivers\etc\hosts. Just add line like:
127.0.0.1 website authserver
And then you can use http://website:9999 and http://authserver:8080 on same machine for development.
Or you can also set different names for cookies. See http://docs.spring.io/spring-boot/docs/current/reference/html/common-application-properties.html:
server.session.cookie.name=auth
server.session.cookie.name=web
You can set RedirecURI in your client application:
security: oauth2:
client:
client-id: acme
client-secret: acmesecret
access-token-uri: http://localhost:8080/oauth/token
user-authorization-uri: http://localhost:8080/oauth/authorize
pre-established-redirect-uri: http://localhost:9999/client
and you can set it on oauth2 server while registering the clients.
but I think it return to your ROOT context pass, Somthing like it have not enough persmission on Root pass or another application uses this context pass...
I am new to Windows authentication and am facing a weird issue.
I have setup an application with SPNEGO filter library for Java.
All settings as per the documentations have been set.
Now when i open the URL of my application from another machine in the same domain, using any browser, i get a negotiation header as
TlRMTVNTUAABAAAAl4II...
This means that it is an NTLM negotiation request.
if i start fiddler and then try to run the same request for testing, i am getting a kerberos authentication request.
YIIGgwYGKwYBBQUCoIIGdzCCBnOgMDAuBg...
This means that when I am calling using fiddler, the browser is assuming that the system is on same network.
I am unable to figure out why this is happening..??
I need the kerberos ticket even in normal execution.
Server: JBoss 4.3.2 GA
anybody has any idea...??
thanks in advance
I'm behind a squid HTTP proxy requiring authentication and want to make API requests to an external server. However when I do so, I get the following error :
Caused by: java.io.IOException: Unable to tunnel through proxy. Proxy returns "HTTP/1.0 407 Proxy Authentication Required"
I've tried setting the proxy configuration by going to Control Panel > Java > Network Settings, but to no avail.
How to solve this?
You should set the proxy-settings in java.
System.getProperties().put("http.proxyHost", "someProxyURL");
System.getProperties().put("http.proxyPort", "someProxyPort");
System.getProperties().put("http.proxyUser", "someUserName");
System.getProperties().put("http.proxyPassword", "somePassword");
Copy from http://www.it.iitb.ac.in/~roshan/articles/javahttpproxy.html:
Tomcat Settings: catalina.properties
Append these properties to the catalina.properties file in Tomcat: ${CATALINA_OME}/conf/catalina.properties file:
http.proxyHost=yourProxyURL
http.proxyPort=yourProxyPort
http.proxyUser=yourUserName
http.proxyPassword=yourPassword
Tomcat Settings: catalina.bat
Add all the parameters defined above in the ${CATALINA_HOME}/bin/catalina.bat (for Windows) or ${CATALINA_HOME}/bin/catalina.bat (for *nix):
JAVA_OPTS="-Dhttp.proxyHost=yourProxyURL ..."
(Each option is seperated by spaces.)
I'm new with this authentication through kerberos protocol so I tried to read a lot of howto on it but seems like I can't find any specifics with my constraints. Here is what I have :
An Active Directory Server on which users authenticate to log into their workstations
Each end user uses IE 7 to connect to my intranet application
An Apache server with load balancing
Some Tomcats servers acting as workers for the Apache server.
on each tomcat, I have 2 jakarta servlet running, users connect only on one servlet (further i will call it the servlet as if there is only one)
my tomcats need to run under jdk5. not jdk6 or jdk4. it's jdk5 period.
Now I want one to automatically get logged on my servlet. Basically I just need my servlet to retrieve the client's principal then I can manage the rest.
Based on what I understood, my client has a ticket, he ask the KDC for a special ticket for accessing the apache server, then he tries to connect to the Apache server. Based on his keytab, the apache server then decode the auth data and grant/refuse the access to specified resource.
Am I right? please guide me through this, I've been reading pages for 4 days and still no clue on which solution is the more appropriate. I tried mod_auth_kerberos for Apache but instead of grabbing the user's ticket he ask it like a basic auth. Apparently spgneo
Thanks
Ok I got this working :
Install Kerberos 5 + apache 2 + mod_auth_kerb.
On your AD, generate a keytab with only the principal you will use for Apache, I use HTTP/apache.mydom.com#MYDOM.COM
Put this keytab file on your apache server and make it readable only
by your Apache user.
Then edit your apache conf with these directive for your secure
location
apache.conf:
[…]
ServerName apache.mydom.com:80
[…]
LoadModule auth_kerb_module modules/mod_auth_kerb.so
[…]
<LocationMatch /secure)>
[… some other stuff …]
Order allow,deny
Allow from all
AuthType Kerberos
AuthName "Authentification requise"
KrbAuthRealms MYDOM.COM
#this allows user to be saved in the request
KrbSaveCredentials on
#this one force Negotiate AuthType instead of basic fallback
KrbMethodNegotiate on
#this trim the realm from username saved in the request (request.getRemoteUser() will give you "user" instead of "user#MYDOM.COM"
KrbLocalUserMapping on
KrbAuthoritative on
KrbVerifyKDC on
Krb5Keytab /install/binaries/httpd/apache.keytab
KrbServiceName HTTP
require valid-user
</LocationMatch>
And the one thing I almost failed to find on the web, you have to modify your tomcat server config (tomcat/conf/server.xml) :
<Connector [... AJP connector configuration ...] request.tomcatAuthentication="false"/>
This is really important because without it you tomcat won't retrieve any info from tomcat auth.
Don't forget too, DNS is really really really really important for a Kerberos install. If you have any issue try checking your DNS for all of your servers.
I wrote a web-application which is using java library SOCIAL AUTH for oauth .
For this i need to generate a secret with oauth provider like google,twitter .
while generating the key i gave the location of site eg: www.xyz.com .
Now these oauth provider are retuning their response at the location www.xyz.com
But i want to test my application on localhost wheather is going fine or not.So while runnning on localhost oauth provider is coming as null .
IS there any way by which i can use do by which i can say my tomcat to take the properties or response from www.xyz.com .So that it ll be able to read the response coming from oauth provider
One trick for these types of situations is to temporarily change your /etc/hosts file (if you're on Linux or Mac) so that www.xyz.com points to your localhost. That is, put the following line in the file:
127.0.0.1 www.xyz.com
Then, when the remote site redirects you back to www.xyz.com, that will resolve to localhost. You just have to remember to comment out this line in /etc/hosts whenever you want to access the real production system.
(You can do the same thing on Windows, but I can't remember where the equivalent of /etc/hosts is on Windows, and I don't have access to a Windows box right now.)