At: https://github.com/apache/jmeter/blob/c616f4f84d11812febbf442806b90b02c306fe0c/src/protocol/http/org/apache/jmeter/protocol/http/control/AuthManager.java#L474 SPNegoSchemeFactory is created like: new SPNegoSchemeFactory(isStripPort(url))); the scheme factory has an alternate constructor (https://github.com/apache/httpclient/blob/4.5.x/httpclient/src/main/java/org/apache/http/impl/auth/SPNegoSchemeFactory.java#L53) that allows to pick canonicalization behavior for the host name: /** * @since 4.4 */ public SPNegoSchemeFactory(final boolean stripPort, final boolean useCanonicalHostname) { Unfortunately for certain use cases where we have a load balancer serving multiple names mapped to the same IP address the canonicalization breaks authentication for us by generating a incorrect SPN. It would be helpful to be able to control this behavior in JMeter either via UI or config.
For what it is worth, see my tickets for HttpClient in JIRA. This code is severely broken.
Maybe apache HTTP client instead of defaulting to useCanonicalHostname = true should default to whatever is configured in krb5.conf [libdefaults] canonicalize = ? http://web.mit.edu/kerberos/krb5-devel/doc/admin/conf_files/krb5_conf.html
(In reply to Michael Osipov from comment #1) > For what it is worth, see my tickets for HttpClient in JIRA. This code is > severely broken. Hi, Which one ? Thanks
(In reply to Philippe Mouawad from comment #3) > (In reply to Michael Osipov from comment #1) > > For what it is worth, see my tickets for HttpClient in JIRA. This code is > > severely broken. > > Hi, > Which one ? > Thanks I suppose those are the tickets: https://issues.apache.org/jira/browse/HTTPCLIENT-1625 https://issues.apache.org/jira/browse/HTTPCLIENT-1570