Alternatively, has anyone determined that this cannot be done or does not work?
I am trying to use Jmeter to load test a site that uses OKTA Oauth2 for authorization, but uses ADFS/SSO for authentication. It appears that the authentication scheme is SPNEGO with KERBEROS, which should be supported by the HttpClient. I have no trouble with the OKTA part, but cannot get Jmeter to authenticate against the SSO server.
I have an HTTP Cookie Manager as well as an HTTP Header Manager that has some common Request Header values. I use a separate HTTP Header Manager with HTTP Request samplers when additional Request Header values are required. There is no problem constructing Request Headers (with one exception noted in step 6 below) and cookies are all handled correctly. I am using the default HttpClient4 implementation for the HTTP Request sampler. I am only using an HTTP Authorization Manager where indicated below. Our security team has provided a user and password, and associated keytab, as well as the realm, domain, KDC and Admin servers. krb5.conf and jaas.conf are configured and their location specified. I am not getting any Java exceptions.
Jmeter log extract:
DEBUG o.a.h.i.c.TargetAuthenticationStrategy: Authentication schemes in the order of preference: [Negotiate, Kerberos, NTLM, CredSSP, Digest, Basic]
DEBUG o.a.h.i.c.TargetAuthenticationStrategy: Challenge for Kerberos authentication scheme not available
DEBUG o.a.h.i.c.TargetAuthenticationStrategy: Challenge for CredSSP authentication scheme not available
DEBUG o.a.h.i.c.TargetAuthenticationStrategy: Challenge for Digest authentication scheme
The problem is that Jmeter does not respond to any of the challenges from the server to carry out the multi-step authentication process.
