User authentication
This topic describes the user authentication methods used with DevWeb scripts.
Working with user authentication
The following types of user authentication are supported:
-
Basic
-
NTLM
-
Digest
- Kerberos - see Kerberos authentication, below
When a web server requests authentication, the appropriate load.setUserCredentials step should be specified in the script.
For Basic and Digest authentication, username, password, and hostname are required:
load.setUserCredentials({ username: "<username>", password: "<password>", host: "<host>:<port> " });
For NTLM authentication, domain is also required:
load.setUserCredentials({ username: "<username>", password: "<password>", domain: "<domain>", host: "<host>:<port> " });
Note: You can hide password values in the script using load.unmask or load.decrypt APIs. For more information, see Encode sensitive data.
Kerberos authentication
Kerberos-based authentication is supported for replaying your scripts.
Note: When Kerberos authentication is enabled, the script tries to use it during replay. If the Kerberos authentication is unsuccessful, the replay will fail.
To enable Kerberos authentication:
- Create a krb5.ini Kerberos configuration file, and put it in an available folder. The krb5.ini file should contain detailed information about each domain (KDS and AS addresses) and trust chains.
- Save the full path name of the krb5.ini into the KRB5_CONFIG environment variable.
- Specify the appropriate load.setUserCredentials API parameters in the script.
-
In the runtime settings file for the script (rts.yml), set the value for replay > enableIntegratedAuthentication to true.
When the web server requests Kerberos authentication type, the Kerberos configuration file is used to obtain tickets and complete the flow.
See also: