JMeter Basic Authentication

Question

I am trying to imply the basic authentication process for a web service using JMeter. But everytime it throws out an error 401:Unauthorized. I tried using the HTTP Header manager to add a header Authorization and value to it. Still it does not work. I have also tried using the HTTP Authorization manager. Still no luck. Can someone help.

As of JMeter 4.0, you can use either Http Authorization Manager or JSR223 PreProcessor like explained here: https://octoperf.com/blog/2018/04/24/jmeter-basic-authentication/ — Jerome L, Apr 25 '18 at 07:08

score 62 · Answer 1 · answered Mar 21 '13 at 21:24

62

I've found through debugging requests coming in from JMeter that the HTTP Authorization Manager module doesn't encode the username and password correctly. It puts a newline character after the username.

To run a JMeter test against a Basic Auth protected endpoint, include the HTTP Header Manager and add the Basic Auth header yourself:

Manually Encoding Credentials

From MacOS or Linux:

echo -n "username:password" | base64
From Windows:

Go here and encode your "username:password" string

Adding the Authorization Header

In the HTTP Header Manager, add an entry with the name "Authorization" and the value "Basic [encoded credentials from above]"

answered Mar 21 '13 at 21:24

holy crap, thx for your answer. It worked for me, although, my only complaint is you need to dumb down your answer for guys like myself ;) I didn't initially understand what you were telling us to do but luckily thru trial and error and re-reading your answer, somehow stumbled to the correct commands. – Classified Jul 28 '14 at 22:32
1

I use Postman for my initial testing. I just copied their Authorization header & the encoded value and put that into a HTTP Header Manager. It's nice to know there's a website out there that will do the encoding for you though! – Amber Dec 04 '15 at 18:49
1

Works for me too. @Depy, pls mark this answer as solution. – zypro Mar 15 '16 at 14:39

score 49 · Answer 2 · edited Aug 19 '17 at 20:25

Edit 19 august 2017 for JMeter 3.2:

Use answer https://stackoverflow.com/a/12563623/460802

Basically to bypass a Basic Authorization you need to add the Authorization header with the value Basic base64(username:password). The problem is that JMeter has no base64 function embedded.

The solution is :

Step1 Add BeanShell PreProcessor (PreProcessor --> BeanShell Preprocessor)

Step2 Add the following script to the PreProcessor

import org.apache.commons.codec.binary.Base64;
byte[] encodedUsernamePassword = Base64.encodeBase64("neo4j:1234".getBytes());
vars.put("base64HeaderValue",new String(encodedUsernamePassword));

Step3 Add HTTP Header Manager

Step4 Add Authorization header with correct value

header name Authorization
header value Basic ${base64HeaderValue} (base64HeaderValue variable is initialized by the BeanShell Preprocessor)

So in the end when you create a http request Authorization header will be passed to the server with base64 encoded string

It works for me and its a great answer with many pictures :-). Thank you! — Bruno Bieri, Nov 18 '16 at 14:04
Not needed anymore since JMeter 3.2, see https://stackoverflow.com/a/12563623/460802 — UBIK LOAD PACK, Aug 19 '17 at 20:28

UBIK LOAD PACK · Answer 3 · 2020-04-01T20:13:30.510

Do the following:

1/ Configure HTTP Authorization Manager correctly with all required fields
2/ Option 1 : Using HTTP 4 : (default)
it is possible since JMeter 3.2 without any further configuration using Authorization Manager

Option 2 : Using HTTP 3.1 : (deprecated)

in jmeter.properties , uncomment:

httpclient.parameters.file=httpclient.parameters

in httpclient.parameters, uncomment:

http.authentication.preemptive$Boolean=true

If you're looking to learn JMeter, this book by 3 developers of the project will help you

score 3 · Answer 4 · answered Jun 11 '15 at 11:32

3

Make sure to provide a protocol for the base URL, i.e.: "http://localhost" instead of "localhost"

answered Jun 11 '15 at 11:32

esteewhy

1,300
13
23

That was why it was not working for me. I copied the base URL from my HTTP request where it also works without giving the protocol. – Dirk Aug 28 '15 at 15:11

score 1 · Answer 5 · edited Aug 29 '14 at 14:17

1

Like Ryan T said, in the HTTP Header Manager, add an entry with the name "Authorization" and the value "Basic [encoded credentials from above]" but without [].

edited Aug 29 '14 at 14:17

hennes

9,147
4
43
63

answered Aug 29 '14 at 13:10

user2910552

215
3
4

score 1 · Answer 6 · answered Mar 04 '19 at 12:53

1

If you get Response code as 401, then add "HTTP Authorization manager" Config Element

answered Mar 04 '19 at 12:53

S Krishna

1,255
13
9

score 1 · Answer 7 · answered Nov 20 '19 at 19:01

1

I am using Jmeter 3.3

GO to Jmeter on User choose add then HTTP Authorization Manager

Then add ur url , userid,password

If response type is json then add HTTP Header manager

answered Nov 20 '19 at 19:01

vaquar khan

10,864
5
72
96

score 1 · Answer 8 · answered Dec 03 '21 at 05:08

You can easily use JSON Extractor for authentication inside the auth request to store the token in a variable, then you will just need to use it whenever the token is needed, in order to use that you will need an HTTP header manager using that variable you can follow the screenshots for clear instructions.

JSON Extractor configuration: HTTP header manager configuration:

Marcel Wilson · Answer 9 · 2017-08-21T16:04:31.410

0

Adding a slight variation of @yurko which uses the username & password from User defined variables. (for Jmeter prior to 3.2)

import org.apache.commons.codec.binary.Base64;
String username = vars.get("USERNAME");
String password = vars.get("PASSWORD");
String combineduserpass = username + ":" + password;
byte[] encodedUsernamePassword = Base64.encodeBase64(combineduserpass.getBytes());
vars.put("base64HeaderValue",new String(encodedUsernamePassword));

edited Aug 21 '17 at 16:04

answered Oct 04 '16 at 17:41

Marcel Wilson

3,842
1
26
55

1

Not needed anymore since JMeter 3.2, see https://stackoverflow.com/a/12563623/460802 – UBIK LOAD PACK Aug 19 '17 at 20:27
Thanks for that! I haven't updated mine in several months. I'm so glad they made this easier. – Marcel Wilson Aug 21 '17 at 16:06

score 0 · Answer 10 · answered Feb 11 '17 at 16:08

0

In reference to the first answer above, the incorrect encoding problem you mention must be now fixed, as Apache 3.1 does appear to encode the username:password correctly in HTTP Auth Manager

answered Feb 11 '17 at 16:08

Scott Stingel

19
4

Yes, I am using _JMeter 3.2_ and I only added the clear username and password in the 'HTTP Basic Authentication' which **converts automatically** to the standard _'Authorization Basic [base64 encoded username:password]'_ in the HTTP header. – Marius Vorster Jul 07 '17 at 07:17
Not needed anymore since JMeter 3.2, see https://stackoverflow.com/a/12563623/460802 – UBIK LOAD PACK Aug 19 '17 at 20:28

score -1 · Answer 11 · edited Jan 08 '16 at 21:45

-1

Updating good findings from your 2013 answers:

The HTTP4 option also works under current Jmeter version 2.13 after adding HTTP Header Manager row containing:

name="Authorization", value="Basic [base64-encoded user/password string]"

Verified on current host amazon linux having reverse proxy from apache 2.4 to tomcat8; tomcat8 recognized the user credentials instead of throwing 401 status.

edited Jan 08 '16 at 21:45

David Medenjak

33,993
14
106
134

answered Jan 08 '16 at 20:25

Tom Pyle

1

JMeter Basic Authentication

11 Answers11

Manually Encoding Credentials

Adding the Authorization Header

Linked

Related