diff --git bin/jmeter.properties bin/jmeter.properties
index 4b58e11..862882e 100644
--- bin/jmeter.properties
+++ bin/jmeter.properties
@@ -339,6 +339,10 @@ log_level.jorphan=INFO
# Name of application module used in jaas.conf
#kerberos_jaas_application=JMeter
+# Should ports be stripped from urls before constructing SPNs
+# for spnego authentication
+#spnego.strip_port=true
+
# Sample logging levels for Commons HttpClient
#
# Commons HttpClient Logging information can be found at:
diff --git src/protocol/http/org/apache/jmeter/protocol/http/control/AuthManager.java src/protocol/http/org/apache/jmeter/protocol/http/control/AuthManager.java
index 625ce23..3775b08 100644
--- src/protocol/http/org/apache/jmeter/protocol/http/control/AuthManager.java
+++ src/protocol/http/org/apache/jmeter/protocol/http/control/AuthManager.java
@@ -96,6 +96,9 @@ public class AuthManager extends ConfigTestElement implements TestStateListener,
private static final boolean DEFAULT_CLEAR_VALUE = false;
+ /** Decides whether port should be omitted from SPN for kerberos spnego authentication */
+ private static final boolean STRIP_PORT = JMeterUtils.getPropDefault("spnego.strip_port", true);
+
public enum Mechanism {
BASIC_DIGEST, KERBEROS;
}
@@ -392,8 +395,7 @@ public class AuthManager extends ConfigTestElement implements TestStateListener,
log.debug(username + " > D="+domain+" R="+realm + " M="+auth.getMechanism());
}
if (Mechanism.KERBEROS.equals(auth.getMechanism())) {
- boolean stripPort = (url.getPort() == HTTPConstants.DEFAULT_HTTP_PORT || url.getPort() == HTTPConstants.DEFAULT_HTTPS_PORT);
- ((AbstractHttpClient) client).getAuthSchemes().register(AuthPolicy.SPNEGO, new SPNegoSchemeFactory(stripPort));
+ ((AbstractHttpClient) client).getAuthSchemes().register(AuthPolicy.SPNEGO, new SPNegoSchemeFactory(isStripPort(url)));
credentialsProvider.setCredentials(new AuthScope(null, -1, null), USE_JAAS_CREDENTIALS);
} else {
credentialsProvider.setCredentials(
@@ -403,6 +405,24 @@ public class AuthManager extends ConfigTestElement implements TestStateListener,
}
}
+ /**
+ * IE and Firefox will always strip port from the url before constructing
+ * the SPN. Chrome has an option (--enable-auth-negotiate-port
)
+ * to include the port if it differs from 80
or
+ * 443
. That behavior can be changed by setting the jmeter
+ * property spnego.stripPort
.
+ *
+ * @param url
+ * to be checked
+ * @return true
when port should omitted in SPN
+ */
+ private boolean isStripPort(URL url) {
+ if (STRIP_PORT)
+ return true;
+ return url.getPort() == HTTPConstants.DEFAULT_HTTP_PORT
+ || url.getPort() == HTTPConstants.DEFAULT_HTTPS_PORT;
+ }
+
/** {@inheritDoc} */
@Override
public void testStarted() {
diff --git xdocs/usermanual/component_reference.xml xdocs/usermanual/component_reference.xml
index fca72e5..72a7327 100644
--- xdocs/usermanual/component_reference.xml
+++ xdocs/usermanual/component_reference.xml
@@ -3537,6 +3537,17 @@ Look at the two sample configuration files (krb5.conf and jaas.conf) located in
your Kerberos configuration.
+When generating a SPN for Kerberos SPNEGO authentication IE and Firefox will omit the port number
+from the url. Chrome has an option (--enable-auth-negotiate-port
) to include the port
+number if it differs from the standard ones (80
and 443
). That behavior
+can be emulated by setting the following jmeter property as below.
+
+jmeter.properties: +spnego.strip_port=false ++ +