I'm doing Jmeter scripting for Login flow which is having SSO authentication.
I have correlated almost all the token values like SAML request, SAML response,Request verification token & client id request ,but I'm not getting proper response in the login call.The SSO calls is failing with 401 response code.
When we try to decode the SAML response(using online SAML decoder) which i'm getting it from the previous request call response in Jmeter, the Status is showing as Responder. but the same is showing as Success when we decode the SAML response which we are getting it from the LoadRunner or Developer Console
Note : The same script is working fine in Load Runner
Can Someone help me
enter image description here
If "the same script is working fine in Load Runner" and doesn't work in JMeter - this is not the same script. You need to figure out what are the differences and amend your JMeter configuration so JMeter will send the same requests as Load Runner (or even better a real browser)
I have correlated almost all the token values
"almost all" is not sufficient, you need to correlate all the dynamic parameters.
Use a 3rd-party sniffer tool like Fiddler or Wireshark to capture the requests originating from JMeter and Load Runner (or real browser).
The requests must be exactly the same (apart from dynamic values which need to be correlated). Once you send the same request you will get the same response. Pay attention to literally everything: not only request body matters, take a look at URL query strings, request headers and so on.
Related
I'm trying to record a script in JMeter. I'm getting a 401 error in the login request. I see that the login request is sending a token to the server and I have to correlate this token however I'm not able to find any token in the response body or response header of any previous request. What should I do?
There are 4 sources where the "token" could come from:
Response body
Response headers (including cookies)
URL (as a result of a redirection), if this is the case you might need to play with Redirect Automatically and Follow Redirects checkboxes in the HTTP Request sampler (or HTTP Request Defaults)
The token can be generated by JavaScript. As per JMeter project main page:
JMeter is not a browser, it works at protocol level. As far as web-services and remote services are concerned, JMeter looks like a browser (or rather, multiple browsers); however JMeter does not perform all the actions supported by browsers. In particular, JMeter does not execute the Javascript found in HTML pages. Nor does it render the HTML pages as a browser does (it's possible to view the response as HTML etc., but the timings are not included in any samples, and only one sample in one thread is ever displayed at a time).
so if this is the case - you will have to replicate the logic of the associated JavaScript function(s) using JSR223 PreProcessor
I am testing an API endpoint for which there is a form based authentication(for additional security). Can someone suggest how to handle form based authentication in Jmeter. I tried with HTTP Authorization Manage, still my request is failing.
You basically need to submit a HTML Form by sending a HTTP POST request using JMeter's HTTP Request sampler.
Given you provide correct credentials you should be authorized for further actions.
In some cases you will need to perform correlation as you might have to provide a dynamic parameter (or several) along with the credentials as your application can use these parameters for i.e. CSRF protection or for other reasons so make sure to carefully inspect the request sent by the real browser (you can capture the original request using browser developer tools) and if there are any dynamic parameters - you should extract them from the previous response using a suitable JMeter Post-Processor
Once you successfully log in it should be enough to add HTTP Cookie Manager to maintain the user session.
I am trying to do the load testing of salesforce.com. I am logging via test.salesforce.com which is redirecting me to the console url. Now, subsequent post request accepts following post parameters.
ViewStateCSRF
ViewStateMAC
visualforce.ViewState
But this post request is failing with "invalid session" error message.
I am guessing this is because of CSRF token. I am trying to extract(post processor in Jmeter) CSRF token, but I am unable to find this token anywhere in the response/cookie of previous requests. In one of the HTML response, I can find few CSRF tokens(e.g: runApexCsrfToken, consoleAjaxCsrfToken etc). I have tried all of them but no result.
To summarize my problem: I need to pass csrf token in post login request but I am unable to find this token in previous responses.
Could you please help me with this.
PS: I have tried get request on "https://c.salesforce.com/libs/granite/csrf/token.json" after login but did not find any token in response.
Make sure to add HTTP Cookie Manager to your Test Plan
Make sure to check all response fields as the token can be a part of URL or come as a HTTP Header
You need to correlate not only ViewStateCSRF but all other dynamic parameters as well
If you have problems with identifying the source for the dynamic parameters values you can try recording your scenario using cloud-based proxy service, it is capable of exporting recorded scripts in "SmartJMX" mode with automatic detection and correlation of dynamic parameters. See How to Cut Your JMeter Scripting Time by 80% article for more details
I have a http request that auto generates '_token' value with the request(this value generated under http request only, not in the response of this request) and this '_token' value needs to be passed to the next http request header as 'authorization'. I know we can use JSON/RegEx post processor if it is in Response of the first http request. However how it be be correlated if the dynamic value is in http request.
Please suggest how can we achieve this in jmeter.
Most likely you are trying to load test an application which uses OAuth and depending on OAuth version and your application setup there could be different options. If the token is permanent - you can just put it into HTTP Header Manager, however if the token expires more or less frequently - you will need to implement OAuth flow using JMeter (in some cases you will need some extras like scripting, kick off browser to open a redirect URL or use OAuth client libraries). Check out How to Run Performance Tests on OAuth Secured Apps with JMeter article for details.
I would suggest contacting your application developers to learn about OAuth version, settings, required client id/secret, etc.
I am trying to make a script to test REST services using Jmeter.
Till now I was using Chrome’s Advanced REST Client.
My authentication request was GET and it was something like this in Advanced REST:
https://username:password#URL:portnumber
its a GET request
Now when I am using Jmeter. I tried following ways:
I added HTTP Authorization Manager and mentioned Base URL and Username/password inside it.
When I am trying to do a request then its showing me “Unauthorized”
I also tried to login using normal https request but no success.
When accessed manually, a authorization popup window appears and username and password is submitted inside this window.
Please suggest me a way for how to login using Jmeter.
Few suggestions:
Most likely you have mismatch in URL you're trying hit and the one, specified in HTTP Authorization Manager, double check it.
Add View Results Tree listener and make sure that the header like:
Authorization: Basic xxxxxxxxxxxx=
is being sent along with the request and compare it with the one, sent by the real browser.
Try switching "Implementation" of your HTTP Request samplers to HttpClient3.1, the easiest way of doing this is using HTTP Request Defaults
And finally, you can use HTTP Header Manager to send the relevant header, it's name should be Authorization and value Basic and username:password encoded in Base64. There is base64Encode function available via JMeter Plugins.