JMeter – HTTP Authorization Manager

HTTP Authorization Manager is used to handle browser authentication pop-up in JMeter script. Many times you have seen while downloading a file from an FTP server, a ‘gatekeeper’ pop-up appears which is shown below:

JMeter - HTTP Authorization Manager
Figure 01: Browser Authorization Pop-up

This pop-up window is generated by a browser when the server requires a username/password. The frame will vary from browser to browser (e.g. Mozilla Firefox, Apple Safari, or Microsoft Internet Explorer), but regardless, a username/password is required to access what are often some basic resources. That’s where the term ‘HTTP Authorization’ comes from and you have to handle this using ‘HTTP Authorization Manager’.

The Authorization Manager lets you specify one or more user logins for web pages that are restricted using server authentication.

Note: HTTP Authorization headers are not shown in the View Results Tree Listener so we won’t be able to check their values from the test script.

How to add ‘HTTP Authorization Manager’ in JMeter script?

You can follow below steps:

  1. Select “Test Plan” node
  2. Right-click on the “Test Plan” node
  3. Hover the mouse on “Add”
  4. Hover the mouse on Config Element
  5. Click ‘HTTP Authorization Manager’

What are the input fields of ‘HTTP Authorization Manager’?

  1. Name: To provide element name
  2. Comments: To provide arbitrary comments (if any)
  3. Clear auth on each iteration?: This option is used by Kerberos authentication. If checked, authentication will be done on each iteration of the main Thread Group loop even if it has already been done in a previous one. This is usually useful if each main thread group iteration represents the behaviour of one Virtual User.
  4. Use Thread Group configuration to control clearing: This option provides the ability to configure whether a new iteration is with a new user or with the same user. It is mapped with the option ‘Same user on each iteration’ in the Thread group.
  5. Username: The username to provide for authorization. 
  6. PasswordThe password to provide for authorization. 
  7. Domain: The domain to use for NTLM.
  8. Realm: The Realm to use for NTLM. The Realm only applies to the HttpClient sampler.
  9. Mechanism: The Type of authentication to perform. JMeter can perform different types of authentications based on used Http Samplers:
    1. Java
      1. BASIC
    2. HttpClient 3.1
      1. BASIC
      2. DIGEST
    3. HttpClient 4
      1. BASIC
      2. DIGEST
      3. KERBEROS

You may be interested:

Leave a Comment