Forum Discussion

mihaialbert's avatar
mihaialbert
10 years ago

Kerberos Authentication

Hi. I'm trying to use SoapUI 5.0.0 to execute a request against a web service using SPNEGO/Kerberos authentication. The machine running it is an Active Directory joined Windows 7 client. However I always get back an HTTP 401 Unauthorized. Switching to NTLM using the same set of credentials works just fine. I've come across this link http://www.soapui.org/soap-and-wsdl/spn ... ation.html which describes how to make this work for version 4.6.0, however I'm not finding the soapUI-pro-<version>.vmoptions file (maybe because I'm not using the Pro version). Do you know if there's an alternate procedure to be used ?
  • nmrao's avatar
    nmrao
    Champion Level 3
    10 years ago

    If you are using free edition, try adding the mentioned system property(i mean, the link you pointed in your post) in JAVA_OPTS of SOAPUI_HOME/bin/soapui.sh /bat

    • mchong's avatar
      mchong
      New Contributor
      10 years ago

      Hi,

      I am trying to test the "SPNEGO/kerberos" authorization from soapUI 5.1.3 with "Authenticate Preemptively" being set in the global HTTP settings.

       

      soapui capture.JPG 

       

      Upon testing, however, no authorization header seemed to be sent to the server according to the http log below. 

       

      Sun Jun 21 23:52:14 SGT 2015:DEBUG:>> "POST /IHIS HTTP/1.1[\r][\n]"
      Sun Jun 21 23:52:14 SGT 2015:DEBUG:>> "Accept-Encoding: gzip,deflate[\r][\n]"
      Sun Jun 21 23:52:14 SGT 2015:DEBUG:>> "Content-Type: text/xml;charset=UTF-8[\r][\n]"
      Sun Jun 21 23:52:14 SGT 2015:DEBUG:>> "SOAPAction: "http://warehouse.acme.com/ws/listProducts"[\r][\n]"
      Sun Jun 21 23:52:14 SGT 2015:DEBUG:>> "Content-Length: 282[\r][\n]"
      Sun Jun 21 23:52:14 SGT 2015:DEBUG:>> "Host: explore.apim.ca:8080[\r][\n]"
      Sun Jun 21 23:52:14 SGT 2015:DEBUG:>> "Connection: Keep-Alive[\r][\n]"
      Sun Jun 21 23:52:14 SGT 2015:DEBUG:>> "User-Agent: Apache-HttpClient/4.1.1 (java 1.5)[\r][\n]"
      Sun Jun 21 23:52:14 SGT 2015:DEBUG:>> "[\r][\n]"
      Sun Jun 21 23:52:14 SGT 2015:DEBUG:>> "<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ws="http://warehouse.acme.com/ws">[\r][\n]"
      Sun Jun 21 23:52:14 SGT 2015:DEBUG:>> " <soapenv:Header/>[\r][\n]"
      Sun Jun 21 23:52:14 SGT 2015:DEBUG:>> " <soapenv:Body>[\r][\n]"
      Sun Jun 21 23:52:14 SGT 2015:DEBUG:>> " <ws:listProducts>[\r][\n]"
      Sun Jun 21 23:52:14 SGT 2015:DEBUG:>> " <ws:delay>1</ws:delay>[\r][\n]"
      Sun Jun 21 23:52:14 SGT 2015:DEBUG:>> " </ws:listProducts>[\r][\n]"
      Sun Jun 21 23:52:14 SGT 2015:DEBUG:>> " </soapenv:Body>[\r][\n]"
      Sun Jun 21 23:52:14 SGT 2015:DEBUG:>> "</soapenv:Envelope>"
      Sun Jun 21 23:52:14 SGT 2015:DEBUG:<< "HTTP/1.1 401 Unauthorized[\r][\n]"
      Sun Jun 21 23:52:14 SGT 2015:DEBUG:<< "Server: Apache-Coyote/1.1[\r][\n]"
      Sun Jun 21 23:52:14 SGT 2015:DEBUG:<< "WWW-Authenticate: Negotiate[\r][\n]"
      Sun Jun 21 23:52:14 SGT 2015:DEBUG:<< "L7-Policy-URL: http://explore.apim.ca:8080/ssg/policy/disco?serviceoid=4c0fe71b6a3370793a6a38b0f454ae9b[\r][\n]"
      Sun Jun 21 23:52:14 SGT 2015:DEBUG:<< "Content-Length: 23[\r][\n]"
      Sun Jun 21 23:52:14 SGT 2015:DEBUG:<< "Date: Sun, 21 Jun 2015 15:52:17 GMT[\r][\n]"
      Sun Jun 21 23:52:14 SGT 2015:DEBUG:<< "[\r][\n]"
      Sun Jun 21 23:52:14 SGT 2015:DEBUG:<< "Authentication Required"
      Sun Jun 21 23:52:14 SGT 2015:DEBUG:>> "POST /IHIS HTTP/1.1[\r][\n]"
      Sun Jun 21 23:52:14 SGT 2015:DEBUG:>> "Accept-Encoding: gzip,deflate[\r][\n]"
      Sun Jun 21 23:52:14 SGT 2015:DEBUG:>> "Content-Type: text/xml;charset=UTF-8[\r][\n]"
      Sun Jun 21 23:52:14 SGT 2015:DEBUG:>> "SOAPAction: "http://warehouse.acme.com/ws/listProducts"[\r][\n]"
      Sun Jun 21 23:52:14 SGT 2015:DEBUG:>> "Content-Length: 282[\r][\n]"
      Sun Jun 21 23:52:14 SGT 2015:DEBUG:>> "Host: explore.apim.ca:8080[\r][\n]"
      Sun Jun 21 23:52:14 SGT 2015:DEBUG:>> "Connection: Keep-Alive[\r][\n]"
      Sun Jun 21 23:52:14 SGT 2015:DEBUG:>> "User-Agent: Apache-HttpClient/4.1.1 (java 1.5)[\r][\n]"
      Sun Jun 21 23:52:14 SGT 2015:DEBUG:>> "[\r][\n]"
      Sun Jun 21 23:52:14 SGT 2015:DEBUG:>> "<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ws="http://warehouse.acme.com/ws">[\r][\n]"
      Sun Jun 21 23:52:14 SGT 2015:DEBUG:>> " <soapenv:Header/>[\r][\n]"
      Sun Jun 21 23:52:14 SGT 2015:DEBUG:>> " <soapenv:Body>[\r][\n]"
      Sun Jun 21 23:52:14 SGT 2015:DEBUG:>> " <ws:listProducts>[\r][\n]"
      Sun Jun 21 23:52:14 SGT 2015:DEBUG:>> " <ws:delay>1</ws:delay>[\r][\n]"
      Sun Jun 21 23:52:14 SGT 2015:DEBUG:>> " </ws:listProducts>[\r][\n]"
      Sun Jun 21 23:52:14 SGT 2015:DEBUG:>> " </soapenv:Body>[\r][\n]"
      Sun Jun 21 23:52:14 SGT 2015:DEBUG:>> "</soapenv:Envelope>"
      Sun Jun 21 23:52:14 SGT 2015:DEBUG:<< "HTTP/1.1 401 Unauthorized[\r][\n]"
      Sun Jun 21 23:52:14 SGT 2015:DEBUG:<< "Server: Apache-Coyote/1.1[\r][\n]"
      Sun Jun 21 23:52:14 SGT 2015:DEBUG:<< "WWW-Authenticate: Negotiate[\r][\n]"
      Sun Jun 21 23:52:14 SGT 2015:DEBUG:<< "L7-Policy-URL: http://explore.apim.ca:8080/ssg/policy/disco?serviceoid=4c0fe71b6a3370793a6a38b0f454ae9b[\r][\n]"
      Sun Jun 21 23:52:14 SGT 2015:DEBUG:<< "Content-Length: 23[\r][\n]"
      Sun Jun 21 23:52:14 SGT 2015:DEBUG:<< "Date: Sun, 21 Jun 2015 15:52:17 GMT[\r][\n]"
      Sun Jun 21 23:52:14 SGT 2015:DEBUG:<< "[\r][\n]"
      Sun Jun 21 23:52:14 SGT 2015:DEBUG:<< "Authentication Required"

       

      I've also done the recommendations as specified in http://www.soapui.org/soap-and-wsdl/spnego/kerberos-authentication.html to resolve this issue but these are not working also. Is this a known bug in soapUI 5.1.3?

       

      • mschwarz's avatar
        mschwarz
        New Contributor
        8 years ago

        Hi,

         

        it seems like I have exactly the same issue. Has this ever been resolved?

         

        Best regards,

        Matthias