Authentication
Supported authentication mechanisms
NeoLoad supports the following authentication mechanisms: Basic, Digest, NTLM and Negotiate.
Negotiate scheme With SPNEGO and Kerberos
SPNEGO is at the heart of the HTTP Negotiate authentication mechanism. When using SPNEGO, the browser and server negotiate as to which underlying mechanism to use, Kerberos or NTLM. If Kerberos -the default protocol- fails, Negotiate will try NTLM.
Note that Integrated Windows Authentication on Microsoft IIS uses both Kerberos v5 and NTLM authentication.
For performance reasons however, NeoLoad uses NTLM in place of SPNEGO as the default underlying mechanism for Negotiate, since SPNEGO+Kerberos has a major impact on Load Generator performance. When SPNEGO+Kerberos is used, a Load Generator cannot generate as many Virtual Users.
Enabling SPNEGO therefore, is not recommended. However, if it is absolutely required, please follow this procedure:
To enable SPNEGO, follow these steps:
-
Open the
<install-dir>/conf/controller.propertiesfile in a text editor. -
In the
[Authentication]scheme.negotiate.subprotocol= key, change the value tospnego(default value isntlm). -
Open the
<install-dir>/conf/krb5.conffile in a text editor. -
Set the Key Distribution Center (KDC) for each Realm and Domain.
Note: In some specific Kerberos configurations, like for example using Windows Constrained Delegation, it may be necessary to add the following key to the [libdefaults] category: forwardable = true.
Scheme priority order
Some servers support multiple schemes for authenticating users. NeoLoad prioritizes them in the order Negotiate, NTLM, Digest, Basic to reflect the order used by regular browsers.
In certain cases, you may wish to change this default order. To modify the scheme priority, follow these steps:
Make the following change to the <install-dir>/conf/controller.properties file:
Edit the value of the [Authentication]scheme.priority key.