Search code examples
authenticationjmeterupgradehttp-status-code-401jmeter-5.0

Jmeter - Authorisation Failed after upgrading Jmeter version 5.4.2 to 5.6.2 (UPDATED: version 5.5 to version 5.6 not working)

I recently upgraded the Jmeter on my local machine (Windows 11/Java-21) from version 5.4.2 to 5.6.2. (Latest version 5.5 is the working one)

Prior to upgrade, I was able to hit all of the API endpoint for my organisations services. However, after the upgrade, only 1 of the API endpoint is giving "Authorisation has failed. Check hash and username".

Jmeter 5.4.2: HTTP/1.1 200 OK 
Jmeter 5.5: HTTP/1.1 200 OK 
Jmeter 5.6: HTTP/1.1 401 Unauthorized

I updated the https.default.protocol from SSL to TLSv1.3 in the jmeter.properties file to make is same in both version of the Jmeter.

Unfortunately, older version is working and the new version is failing to authorise.

One more point I noticed is, the User-Agent in old vs new are as follows:

Jmeter-v5.4.2 = User-Agent: Apache-HttpClient/4.5.12 (Java/21) - 200 OK
Jmeter-v5.5 = User-Agent: Apache-HttpClient/4.5.13 (Java/21) - 200 OK
Jmeter-v5.6.2 = User-Agent: Apache-HttpClient/4.5.14 (Java/21) - 401 Unauthorised

Could this be an issue?

I'm also using MD5 hashing algorithm in Pre-Processor.

I would appreciate if someone could direct me to the correct path for investigation and sorting it out.

Note: Due to the confidentiality, I cannot post the details about the endpoints etc. Hope the readers of this question appreciate my concern.

P.S. After painstakingly checking each version, I can confirm Jmeter-5.5 is the last working version. From version 5.6 onwards, its failing. Also, as I am not skilled enough to identify the change from the release notes that has caused this issue, I'm relying on the community.

Kind regards!

I tried changing https.default.protocol to TLSv1.3 (which is working in 5.4.2) from SSL.

Solution

  • I can only give you the following recommendations:

    1. Increase JMeter logging verbosity for Apache HttpComponents by adding the next line to log4j2.xml file

      <Logger name="org.apache.http" level="debug" />

    2. Enable Java-level logging for SSL/TLS connections by adding the next line to system.properties file

      javax.net.debug=all

    3. Run your tests on "working" and "not working" JMeter versions and compare jmeter.log files and the entries in STDOUT. Most probably you should find the reason there.

    I'm not able to find anything which might cause the described behaviour in JMeter Changelog.