JMeter call to kerberos protected rest api fails (works from IE browser)

Question

Using JMeter to execute get request on a rest api that is protected with Kerberos (active directory). API works from Internet Explorer, fails from Chrome and fails from JMeter.

The first request gets a 401 response (expected this)

Here is the second request. It looks like it has a Kerberos authentication token:

Connection: keep-alive Accept-Language: en-US Content-Type: application/json;odata=verbose Pragma: no-cache Accept-Encoding: gzip, deflate User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko Accept: application/json;odata=verbose Authorization: Negotiate YIIFwwYGK (...I CUT THIS SHORT)

Response: HEADER: HTTP/1.1 500 Internal Server Error Cache-Control: no-cache Pragma: no-cache Content-Type: application/json; charset=utf-8 Expires: -1 Server: Microsoft-IIS/10.0 X-AspNet-Version: 4.0.30319 Persistent-Auth: true X-Powered-By: ASP.NET Date: Fri, 01 Mar 2019 20:52:42 GMT Content-Length: 3231

BEGINNING OF BODY: {"Message":"An error has occurred.","ExceptionMessage":"The remote server returned an error: (401) Unauthorized.","ExceptionType":"System.Net.WebException","StackTrace":" at

Does anyone have ideas of how to make this request work in JMeter?

Are there client settings or server settings that can be set to make the rest api work from chrome or JMeter?

Thanks.

Answer 1

You need to add HTTP Authorization Manager to your Test Plan and configure it to use your domain credentials, also specify Domain and Realm.

Additionally you will need to amend krb5.conf and in some cases jaas.conf files to match your infrastructure setup.

Check out Windows Authentication with Apache JMeter article to learn how to bypass Kerberos login challenge in JMeter tests.