Supported authentication mechanisms

NeoLoad supports the following authentication mechanisms: Basic, Digest, NTLM and Negotiate.

Negotiate scheme With SPNEGO and Kerberos

SPNEGO is at the heart of the HTTP Negotiate authentication mechanism. When using SPNEGO, the browser and server negotiate as to which underlying mechanism to use, Kerberos or NTLM. If Kerberos -the default protocol- fails, Negotiate will try NTLM.

Note that Integrated Windows Authentication on Microsoft IIS uses both Kerberos v5 and NTLM authentication.

For performance reasons however, NeoLoad uses NTLM in place of SPNEGO as the default underlying mechanism for Negotiate, since SPNEGO+Kerberos has a major impact on Load Generator performance. When SPNEGO+Kerberos is used, a Load Generator cannot generate as many Virtual Users.

Enabling SPNEGO therefore, is not recommended. However, if it is absolutely required, please follow this procedure:

  1. Open the <install-dir>/conf/ file in a text editor.
  2. In the [Authentication]scheme.negotiate.subprotocol= key, change the value to spnego (default value is ntlm).
  3. Open the <install-dir>/conf/krb5.conf file in a text editor.
  4. Set the Key Distribution Center (KDC) for each Realm and Domain.

Scheme priority order

Some servers support multiple schemes for authenticating users. NeoLoad prioritizes them in the order Negotiate, NTLM, Digest, Basic to reflect the order used by regular browsers.

In certain cases, you may wish to change this default order:

  1. Make the following change to the <install-dir>/conf/ file: