CASE:
There are many times situations where you have to switch between login accounts to execute a Test scenario. If the application is using SAML then it is not a problem. But what if the Application is using single sign on / NTLM authentication mechanism.
Understanding NTLM
NTLM is a suite of authentication and session security protocols used in various Microsoft network protocol implementations and supported by the NTLM Security Support Provider ("NTLMSSP"). Originally used for authentication and negotiation of secure DCE/RPC, NTLM is also used throughout Microsoft's systems as an integrated single sign-on mechanism. It is probably best recognized as part of the "Integrated Windows Authentication" stack for HTTP authentication; however, it is also used in Microsoft implementations of SMTP, POP3, IMAP (all part of Exchange), CIFS/SMB, Telnet, SIP, and possibly others.
The NTLM Security Support Provider provides authentication, integrity, and confidentiality services within the Window Security Support Provider Interface (SSPI) framework. SSPI specifies a core set of security functionality that is implemented by supporting providers; the NTLMSSP is such a provider. The SSPI specifies, and the NTLMSSP implements, the following core operations:
Solution:
HTTP sampler settings: JAVA
now java uses the single sign on user account with which you have logged into the laptop or test server. so while test execution or capturing the calls you might need to log into as a other user.
You can check if the application is using NTLM Authentication or not in Firefox (F12)/ Developer
: Network: Headers--> Request Headers of the login page call.
so to do so follow this :
open cmd and execute:
c:\RahulAgnihotri\apache-jmeter-2.13\bin>runas /user:ICS\ex000222002212 cmd
now in the new cmd execute:
c:\RahulAgnihotri\apache-jmeter-2.13\bin>jmeter.bat
Now you can proceed as this other user. Firefox will log in as a new ex000222002212
Start Task manager : Java process will be running with new user now: ex000222002212
There are many times situations where you have to switch between login accounts to execute a Test scenario. If the application is using SAML then it is not a problem. But what if the Application is using single sign on / NTLM authentication mechanism.
Understanding NTLM
NTLM is a suite of authentication and session security protocols used in various Microsoft network protocol implementations and supported by the NTLM Security Support Provider ("NTLMSSP"). Originally used for authentication and negotiation of secure DCE/RPC, NTLM is also used throughout Microsoft's systems as an integrated single sign-on mechanism. It is probably best recognized as part of the "Integrated Windows Authentication" stack for HTTP authentication; however, it is also used in Microsoft implementations of SMTP, POP3, IMAP (all part of Exchange), CIFS/SMB, Telnet, SIP, and possibly others.
The NTLM Security Support Provider provides authentication, integrity, and confidentiality services within the Window Security Support Provider Interface (SSPI) framework. SSPI specifies a core set of security functionality that is implemented by supporting providers; the NTLMSSP is such a provider. The SSPI specifies, and the NTLMSSP implements, the following core operations:
- Authentication -- NTLM provides a challenge-response authentication mechanism, in which clients are able to prove their identities without sending a password to the server.
- Signing -- The NTLMSSP provides a means of applying a digital "signature" to a message. This ensures that the signed message has not been modified (either accidentally or intentionally) and that that signing party has knowledge of a shared secret. NTLM implements a symmetric signature scheme (Message Authentication Code, or MAC); that is, a valid signature can only be generated and verified by parties that possess the common shared key.
- Sealing -- The NTLMSSP implements a symmetric-key encryption mechanism, which provides message confidentiality. In the case of NTLM, sealing also implies signing (a signed message is not necessarily sealed, but all sealed messages are signed).
Solution:
HTTP sampler settings: JAVA
now java uses the single sign on user account with which you have logged into the laptop or test server. so while test execution or capturing the calls you might need to log into as a other user.
You can check if the application is using NTLM Authentication or not in Firefox (F12)/ Developer
: Network: Headers--> Request Headers of the login page call.
so to do so follow this :
open cmd and execute:
c:\RahulAgnihotri\apache-jmeter-2.13\bin>runas /user:ICS\ex000222002212 cmd
now in the new cmd execute:
c:\RahulAgnihotri\apache-jmeter-2.13\bin>jmeter.bat
Now you can proceed as this other user. Firefox will log in as a new ex000222002212
Start Task manager : Java process will be running with new user now: ex000222002212
No comments:
Post a Comment