TechQA.

JMeter test with smart card and knox

382 views Asked by At

I am trying to test an application which is behind a KnoxToken service and the user is required to use a smartcard and his PIN. Using JMeter to test apps without security features is working as expected.

In this case I get an error: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake

From Jmeter-> Options -> SSL Manager , I am importing a certificate that I found in my machine. When I run and I am prompted to enter a password. After typing the smart card password (once per JMeter session) it seems to continue, but then again it breaks... I assume that this resolved the smart card authentication and that is breaks when communicating with knox...

from the log file:

2019-10-25 17:09:42,768 WARN o.a.j.c.KeystoreConfig: https.use.cached.ssl.context property must be set to false to ensure Multiple Certificates are used
2019-10-25 17:09:42,768 INFO o.a.j.c.KeystoreConfig: Configuring Keystore with (preload: 'True', startIndex: 0, endIndex: -1, clientCertAliasVarName: 'certAlias')
2019-10-25 17:09:42,768 INFO o.a.j.u.SSLManager: JmeterKeyStore Location: C:\Users\MI\Desktop\FFFRootCA21.crt type JKS
2019-10-25 17:09:42,768 INFO o.a.j.u.SSLManager: KeyStore created OK
2019-10-25 17:09:47,648 ERROR o.a.j.u.SSLManager: Problem loading keystore: Invalid keystore format
java.io.IOException: Invalid keystore format
    at sun.security.provider.JavaKeyStore.engineLoad(Unknown Source) ~[?:1.8.0_171]
    at sun.security.provider.JavaKeyStore$JKS.engineLoad(Unknown Source) ~[?:1.8.0_171]
    at sun.security.provider.KeyStoreDelegator.engineLoad(Unknown Source) ~[?:1.8.0_171]
    at sun.security.provider.JavaKeyStore$DualFormatJKS.engineLoad(Unknown Source) ~[?:1.8.0_171]
    at java.security.KeyStore.load(Unknown Source) ~[?:1.8.0_171]
    at org.apache.jmeter.util.keystore.JmeterKeyStore.load(JmeterKeyStore.java:117) ~[ApacheJMeter_core.jar:5.1.1 r1855137]
    at org.apache.jmeter.util.SSLManager.getKeyStore(SSLManager.java:132) [ApacheJMeter_core.jar:5.1.1 r1855137]
    at org.apache.jmeter.util.SSLManager.configureKeystore(SSLManager.java:290) [ApacheJMeter_core.jar:5.1.1 r1855137]
    at org.apache.jmeter.config.KeystoreConfig.testStarted(KeystoreConfig.java:99) [ApacheJMeter_components.jar:5.1.1 r1855137]
    at org.apache.jmeter.config.KeystoreConfig.testStarted(KeystoreConfig.java:63) [ApacheJMeter_components.jar:5.1.1 r1855137]
    at org.apache.jmeter.engine.StandardJMeterEngine.notifyTestListenersOfStart(StandardJMeterEngine.java:206) [ApacheJMeter_core.jar:5.1.1 r1855137]
    at org.apache.jmeter.engine.StandardJMeterEngine.run(StandardJMeterEngine.java:381) [ApacheJMeter_core.jar:5.1.1 r1855137]
    at java.lang.Thread.run(Unknown Source) [?:1.8.0_171]

2019-10-25 17:09:47,857 WARN o.a.j.p.h.s.HTTPSamplerBase: Existing CookieManager HTTP Cookie Manager superseded by HTTP Cookie Manager

2019-10-25 17:09:47,862 WARN o.a.j.p.h.c.KerberosManager: Could not log in user 
javax.security.auth.login.LoginException: No LoginModules configured for JMeter
    at javax.security.auth.login.LoginContext.init(Unknown Source) ~[?:1.8.0_171]
    at javax.security.auth.login.LoginContext.<init>(Unknown Source) ~[?:1.8.0_171]
    at org.apache.jmeter.protocol.http.control.KerberosManager.lambda$getSubjectForUser$0(KerberosManager.java:68) ~[ApacheJMeter_http.jar:5.1.1 r1855137]
    at java.util.concurrent.FutureTask.run(Unknown Source) [?:1.8.0_171]
    at org.apache.jmeter.protocol.http.control.KerberosManager.getSubjectForUser(KerberosManager.java:83) [ApacheJMeter_http.jar:5.1.1 r1855137]
    at org.apache.jmeter.protocol.http.control.AuthManager.getSubjectForUrl(AuthManager.java:294) [ApacheJMeter_http.jar:5.1.1 r1855137]
    at org.apache.jmeter.protocol.http.sampler.HTTPHC4Impl.executeRequest(HTTPHC4Impl.java:831) [ApacheJMeter_http.jar:5.1.1 r1855137]
    at org.apache.jmeter.protocol.http.sampler.HTTPHC4Impl.sample(HTTPHC4Impl.java:574) [ApacheJMeter_http.jar:5.1.1 r1855137]
    at org.apache.jmeter.protocol.http.sampler.HTTPSamplerProxy.sample(HTTPSamplerProxy.java:67) [ApacheJMeter_http.jar:5.1.1 r1855137]
    at org.apache.jmeter.protocol.http.sampler.HTTPSamplerBase.sample(HTTPSamplerBase.java:1231) [ApacheJMeter_http.jar:5.1.1 r1855137]
    at org.apache.jmeter.protocol.http.sampler.HTTPSamplerBase.sample(HTTPSamplerBase.java:1220) [ApacheJMeter_http.jar:5.1.1 r1855137]
    at org.apache.jmeter.threads.JMeterThread.doSampling(JMeterThread.java:622) [ApacheJMeter_core.jar:5.1.1 r1855137]
    at org.apache.jmeter.threads.JMeterThread.executeSamplePackage(JMeterThread.java:546) [ApacheJMeter_core.jar:5.1.1 r1855137]
    at org.apache.jmeter.threads.JMeterThread.processSampler(JMeterThread.java:486) [ApacheJMeter_core.jar:5.1.1 r1855137]
    at org.apache.jmeter.threads.JMeterThread.run(JMeterThread.java:253) [ApacheJMeter_core.jar:5.1.1 r1855137]
    at java.lang.Thread.run(Unknown Source) [?:1.8.0_171]

thank you
jmeter smartcard knox-gateway
Original Q&A
1

There are 1 answers

0
Dmitri T On

Looking into No LoginModules configured for JMeter part of the log it appears that you're trying to test the application which uses Kerberos

So my expectation is that you should perform proper configuration in the jaas.conf and krb5.conf files (both located in "bin" folder of your JMeter installation), the configuration must match your application Kerberos details.

Check out Windows Authentication with Apache JMeter article to learn about setting up JMeter for bypassing Kerberos login challenges.

Related Questions in JMETER

Related Questions in SMARTCARD

Related Questions in KNOX-GATEWAY

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions