Setup sopaUI 4.5.2 on Windows Client for Kerberos Authentication

Posted on August 22, 2013 by Jianming Li

Contents

  1. Download and Install
  2. Configure soapUI for Kerberos Authentication
    1. Set JAVA_HOME Env Var
    2. Setup login.conf File
    3. Setup krb5.conf File
    4. Setup soapui.bat Script
  3. Use to Consume a Test Web Service
    1. Prerequisites
    2. Use soapUI
  4. References
 

Download and Install

* Download the nightly built from here. The official release does not seem to work. I downloaded Windows binary zip (no JRE).
* Unzip into a local directory.

Configure soapUI for Kerberos Authentication

Set JAVA_HOME Env Var

* Set JAVA_HOME env var and point to your java home directory.
For example, JAVA_HOME=C:\Program Files\Java\jdk1.6.0_45
* Alternatively, you can set JAVA in soapui.bat script .
– Make sure the value is not quoted since the script will quote it later:

set JAVA=C:\Program Files\Java\jdk1.6.0_45\jre\bin\java

Setup login.conf File

* Navigate to soapUI bin directory.
* Create a new file named login.conf with following content:

com.sun.security.jgss.krb5.initiate {
  com.sun.security.auth.module.Krb5LoginModule required 
  doNotPrompt=false
  storePass=true
  debug=false
  useTicketCache=true;
};

Setup krb5.conf File

* Navigate to soapUI bin directory.
* Create a new file named krb5.conf with following content for Windows 2008 KDC:

[libdefaults]
    default_realm = MYTEST.LOCAL
    default_tkt_enctypes = rc4-hmac 
    default_tgt_enctypes = rc4-hmac 
    permitted_enctypes = rc4-hmac
 
[realms]
	MYTEST.LOCAL  = {
		kdc = mytest.local 
		default_domain = mytest 
}
 
[domain_realm]
	.mytest = MYTEST.LOCAL

Setup soapui.bat Script

* Navigate to soapUI bin directory.
* Open soapui.bat file
* Add to set JAVA_OPTS section:

set JAVA_OPTS=%JAVA_OPTS% -Dwsi.dir="%SOAPUI_HOME%..\wsi-test-tools"
 
set JAVA_OPTS=%JAVA_OPTS% -Djavax.security.auth.useSubjectCredsOnly=false
set JAVA_OPTS=%JAVA_OPTS% -Djava.security.auth.login.config=login.conf
set JAVA_OPTS=%JAVA_OPTS% -Djava.security.krb5.conf=krb5.conf
rem set JAVA_OPTS=%JAVA_OPTS% -Djava.security.krb5.debug=true

Use to Consume a Test Web Service

Prerequisites

* Log in Windows client machine as a regular domain user.
– Make sure you are not logged in as domain administrator.
* Check registry key allowtgtsessionkey is set to 1:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\Kerberos\Parameters
Value Name: allowtgtsessionkey
Value Type: REG_DWORD
Value: 0x01

Use soapUI

* Start soapUI by double clicking soapui.bat or running it from command shell.
* Create a regular soapUI project to hit the test web service.
* Make sure Authenticate Preemptively is not checked in File > Preferences > HTTP Settings:

* If you are consuming HTTPS web services, make sure you set the trust store from File > Preferences > SSL Settings:

* Open soap request window, e.g. Request 1
* Click Aut button located to the lower left corner of the request window. Select or enter:
– Authorization Type: NTLM/Kerberos
– Username: <your user name here, e.g Jimmy.Li>
– Password: <leave blank, since authentication will use Windows Kerberos ticket>
– Domain: <leave blank, this could be used for cross domain Kerberos authentication>

References

* IIS Kerberos Only Authentication Example

This entry was posted in kerberos and tagged , . Bookmark the permalink.

One Response to Setup sopaUI 4.5.2 on Windows Client for Kerberos Authentication

Leave a Reply

Your email address will not be published. Required fields are marked *

CAPTCHA

*

This site uses Akismet to reduce spam. Learn how your comment data is processed.