Authentication

Supported authentication mechanisms

NeoLoad supports the following authentication mechanisms: Basic, Digest, NTLM and Negotiate.

For more information, click the image below to see the Neotys video about authentication:

Negotiate scheme With SPNEGO and Kerberos

SPNEGO is at the heart of the HTTP Negotiate authentication mechanism. When using SPNEGO, the browser and server negotiate as to which underlying mechanism to use, Kerberos or NTLM. If Kerberos -the default protocol- fails, Negotiate will try NTLM.

Note that Integrated Windows Authentication on Microsoft IIS uses both Kerberos v5 and NTLM authentication.

For performance reasons however, NeoLoad uses NTLM in place of SPNEGO as the default underlying mechanism for Negotiate, since SPNEGO+Kerberos has a major impact on Load Generator performance. When SPNEGO+Kerberos is used, a Load Generator cannot generate as many Virtual Users.

Enabling SPNEGO therefore, is not recommended. However, if it is absolutely required, please follow this procedure:

• To enable SPNEGO

1. Open the <install-dir>/conf/controller.properties file in a text editor.
2. In the [Authentication]scheme.negotiate.subprotocol= key, change the value to spnego (default value is ntlm).
3. Open the <install-dir>/conf/krb5.conf file in a text editor.
4. Set the Key Distribution Center (KDC) for each Realm and Domain.

In some specific Kerberos configurations, like for example using Windows Constrained Delegation, it may be necessary to add the following key to the [libdefaults] category: forwardable = true.

Scheme priority order

Some servers support multiple schemes for authenticating users. NeoLoad prioritizes them in the order Negotiate, NTLM, Digest, Basic to reflect the order used by regular browsers.

In certain cases, we may wish to change this default order:

• To modify the scheme priority

1. Make the following change to the <install-dir>/conf/controller.properties file:
   • Edit the value of the [Authentication]scheme.priority key.

Home