{"id":8604,"date":"2013-08-22T13:38:17","date_gmt":"2013-08-22T18:38:17","guid":{"rendered":"http:\/\/jianmingli.com\/wp\/?p=8604"},"modified":"2013-08-22T16:34:37","modified_gmt":"2013-08-22T21:34:37","slug":"setup-sopaui-4-5-2-on-windows-client-for-kerberos-authentication","status":"publish","type":"post","link":"https:\/\/jianmingli.com\/wp\/?p=8604","title":{"rendered":"Setup sopaUI 4.5.2 on Windows Client for Kerberos Authentication"},"content":{"rendered":"
\n

Contents<\/h2>\n
    \n\t
  1. \n\t\tDownload and Install<\/a>\n\t<\/li>\n\t
  2. \n\t\tConfigure soapUI for Kerberos Authentication<\/a>\n\t\t
      \n\t\t\t
    1. \n\t\t\t\tSet JAVA_HOME Env Var<\/a>\n\t\t\t<\/li>\n\t\t\t
    2. \n\t\t\t\tSetup login.conf File<\/a>\n\t\t\t<\/li>\n\t\t\t
    3. \n\t\t\t\tSetup krb5.conf File<\/a>\n\t\t\t<\/li>\n\t\t\t
    4. \n\t\t\t\tSetup soapui.bat Script<\/a>\n\t\t\t<\/li>\n\t\t<\/ol>\n\t
    5. \n\t\tUse to Consume a Test Web Service<\/a>\n\t\t
        \n\t\t\t
      1. \n\t\t\t\tPrerequisites<\/a>\n\t\t\t<\/li>\n\t\t\t
      2. \n\t\t\t\tUse soapUI<\/a>\n\t\t\t<\/li>\n\t\t<\/ol>\n\t
      3. \n\t\tReferences<\/a>\n\t<\/li>\n<\/ol>\n<\/ol>\n<\/div>\n
         <\/div>\n

        Download and Install<\/h2><\/span>\n

        * Download the nightly built from here<\/a>. The official release does not seem to work. I downloaded Windows binary zip (no JRE).
        \n* Unzip into a local directory.<\/p>\n

        Configure soapUI for Kerberos Authentication<\/h2><\/span>\n

        Set JAVA_HOME Env Var<\/h3><\/span>\n

        * Set JAVA_HOME<\/strong> env var and point to your java home directory.
        \nFor example, JAVA_HOME=C:\\Program Files\\Java\\jdk1.6.0_45<\/em>
        \n* Alternatively, you can set JAVA in soapui.bat<\/em> script .
        \n– Make sure the value is not quoted since the script will quote it later:<\/p>\n

        \r\nset JAVA=C:\\Program Files\\Java\\jdk1.6.0_45\\jre\\bin\\java\r\n<\/pre>\n
        Setup login.conf File<\/h3><\/span>\n
        * Navigate to soapUI bin directory.
        \n* Create a new file named login.conf<\/strong> with following content:<\/p>\n
        \r\ncom.sun.security.jgss.krb5.initiate {\r\n  com.sun.security.auth.module.Krb5LoginModule required \r\n  doNotPrompt=false\r\n  storePass=true\r\n  debug=false\r\n  useTicketCache=true;\r\n};\r\n<\/pre>\n
        Setup krb5.conf File<\/h3><\/span>\n
        * Navigate to soapUI bin directory.
        \n* Create a new file named krb5.conf<\/strong> with following content for Windows 2008 KDC:<\/p>\n
        \r\n[libdefaults]\r\n    default_realm = MYTEST.LOCAL\r\n    default_tkt_enctypes = rc4-hmac \r\n    default_tgt_enctypes = rc4-hmac \r\n    permitted_enctypes = rc4-hmac\r\n \r\n[realms]\r\n\tMYTEST.LOCAL  = {\r\n\t\tkdc = mytest.local \r\n\t\tdefault_domain = mytest \r\n}\r\n \r\n[domain_realm]\r\n\t.mytest = MYTEST.LOCAL \r\n<\/pre>\n
        Setup soapui.bat Script<\/h3><\/span>\n
        * Navigate to soapUI bin directory.
        \n* Open soapui.bat<\/em> file
        \n* Add to set JAVA_OPTS section:<\/p>\n
        \r\nset JAVA_OPTS=%JAVA_OPTS% -Dwsi.dir=\"%SOAPUI_HOME%..\\wsi-test-tools\"\r\n\r\nset JAVA_OPTS=%JAVA_OPTS% -Djavax.security.auth.useSubjectCredsOnly=false\r\nset JAVA_OPTS=%JAVA_OPTS% -Djava.security.auth.login.config=login.conf\r\nset JAVA_OPTS=%JAVA_OPTS% -Djava.security.krb5.conf=krb5.conf\r\nrem set JAVA_OPTS=%JAVA_OPTS% -Djava.security.krb5.debug=true\r\n<\/pre>\n
        Use to Consume a Test Web Service<\/h2><\/span>\n
        Prerequisites<\/h3><\/span>\n
        * Log in Windows client machine as a regular domain user.
        \n– Make sure you are not<\/em> logged in as domain administrator.
        \n* Check registry key allowtgtsessionkey<\/em> is set to 1:<\/p>\n
        \r\nHKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Lsa\\Kerberos\\Parameters\r\nValue Name: allowtgtsessionkey\r\nValue Type: REG_DWORD\r\nValue: 0x01\r\n<\/pre>\n
        Use soapUI<\/h3><\/span>\n
        * Start soapUI by double clicking soapui.bat<\/em> or running it from command shell.
        \n* Create a regular soapUI project to hit the test web service.
        \n* Make sure Authenticate Preemptively is not checked in File > Preferences > HTTP Settings<\/em>:<\/p>\n
        \"\"<\/a><\/h6><\/span>\n
        * If you are consuming HTTPS web services, make sure you set the trust store from File > Preferences > SSL Settings<\/em>:<\/p>\n
        \"\"<\/a><\/h6><\/span>\n
        * Open soap request window, e.g. Request 1<\/em>
        \n* Click Aut<\/em> button located to the lower left corner of the request window. Select or enter:
        \n– Authorization Type: NTLM\/Kerberos
        \n– Username: <your user name here, e.g Jimmy.Li>
        \n– Password: <leave blank, since authentication will use Windows Kerberos ticket>
        \n– Domain: <leave blank, this could be used for cross domain Kerberos authentication><\/p>\n
        \"\"<\/a><\/h6><\/span>\n
        References<\/h2><\/span>\n
        * IIS Kerberos Only Authentication Example<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"
        Download and Install * Download the nightly built from here. The official release does not seem to work. I downloaded Windows binary zip (no JRE). * Unzip into a local directory. Configure soapUI for Kerberos Authentication Set JAVA_HOME Env Var … Continue reading →<\/span><\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_exactmetrics_skip_tracking":false,"_exactmetrics_sitenote_active":false,"_exactmetrics_sitenote_note":"","_exactmetrics_sitenote_category":0,"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[287],"tags":[628,429],"class_list":["post-8604","post","type-post","status-publish","format-standard","hentry","category-kerberos","tag-kerberos","tag-soapui"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p8cRUO-2eM","_links":{"self":[{"href":"https:\/\/jianmingli.com\/wp\/index.php?rest_route=\/wp\/v2\/posts\/8604","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/jianmingli.com\/wp\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/jianmingli.com\/wp\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/jianmingli.com\/wp\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/jianmingli.com\/wp\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=8604"}],"version-history":[{"count":7,"href":"https:\/\/jianmingli.com\/wp\/index.php?rest_route=\/wp\/v2\/posts\/8604\/revisions"}],"predecessor-version":[{"id":8611,"href":"https:\/\/jianmingli.com\/wp\/index.php?rest_route=\/wp\/v2\/posts\/8604\/revisions\/8611"}],"wp:attachment":[{"href":"https:\/\/jianmingli.com\/wp\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=8604"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/jianmingli.com\/wp\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=8604"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/jianmingli.com\/wp\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=8604"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}