I am implementing load testing in Jmeter for my web application which uses google oauth.
I have generated access token and refresh token and passed it to my HTTP request, but the request fails with an Invalid state parameter.
I checked various posts on passing a random string of 30 characters but the value is not being recognised.
I am not sure how to use the google API library for python to generate one as there is only snippet available in the official site and am quite unsure if that value will be recognised.
Any suggestions on how to achieve my usecase?
We are not telepathic enough to guess how exactly you "generated" the tokens and how they're "passed to your HTTP request"
My expectation is that you need to pass only one token: the "access" one "to your HTTP Request", refresh token can be exchanged for the new access token when the previous one expires. Passing 2 tokens doesn't make sense and may cause the problem you're facing.
As per the main page of JMeter project
The Apache JMeter™ application is open source software, a 100% pure Java application designed to load test functional behavior and measure performance. It was originally designed for testing Web Applications but has since expanded to other test functions.
hence you cannot use Python libraries directly in JMeter, either look for a Java library, I think this one is a good choice and use it from JSR223 Test Elements
If you still want (or have to) use Python - you can run Python scripts from JMeter using OS Process Sampler
Related
I have a JMeter test script that performs logon to a website. I can see the POST request with the appropriate information, but it seems the session is lost after that point, as the next step goes to the homepage expecting to be authenticated but isn't. Any ideas? I can post the code if necessary. I do have a cookie manager configured.
Most probably it's due to missing or improperly implemented correlation, cookies might be not the only one dynamic parameter which you need to take care of, modern web applications widely use others for i.e. client-side state tracking or security purposes.
So inspect your test script and check for parameters which are dynamic, the easiest way is recording the same scenario once again and comparing resulting .jmx scripts. Everything which differs is a subject to correlation.
More information: How to Handle Correlation in JMeter
I am currently using JMeter to perform a basic performance test on a web-application.
For the construction of such, I have used the BlazeMeter recorder as an easy and complete way of building my test plan, in which recorded the static token used at that particular moment of the recording.
But, considering that tokens are generated by each login, this requires me to find a way to successfully store the token from each session (done) and then properly call it out to each individual HTTP Request (this is the obstacle).
Below in my screenshot, is how I have my test plan set, and also how am I calling the already stored token towards the 2nd HTTP POST Request that requires the real-time token, otherwise it will deliver a 401 error. Despite such, when attempting to call and apply the stored token, it now returns a 400 error for reasons that are unknown to me...
I believe the solution is by slightly changing the way I am calling the stored token?
You're getting response as JSON so it makes more sense to use JSON Extractor instead of the Regular Expression Extractor, the relevant configuration would be something like:
Also there is no need to do any scripting, if you add a HTTP Header Manager as a child of the request which requires authentication and configure it like:
I am trying to run performance test using Jmeter for my client application which uses Signicat, a third part identity verification site for SSO login. I cannot get through with jmeter execution for login. There is a dynamic token appended in one of the http requests related to login but I cannot find it in any of the previous responses to correlate.
Has anybody tried Performance tests with Signicat or any other SSO login ? I appreciate any suggestions or leads. Thank you.
PS: I tried to monitor the traffic in fiddler while accessing the site . I don't see the token source there as well.
Unfortunately your question doesn't contain sufficient level of details.
If you're seeing the dynamic token there are following possible options:
It needs to be correlated (extracted from the previous response), the possible sources are:
URL (as a part of a redirect)
response headers
response body
It needs to be generated, if the dynamic value is being generated by client-side JavaScript JMeter won't be able to execute the JavaScript, you will have to replicate the code using JSR223 PreProcessor and preferably Groovy as the language in order to generate the same value as the real browser does
Looking into Connecting your application chapter there are several possible protocols/options and it will require rather a story than a chapter to provide comprehensive instructions on each of them:
for some of them like "Other third party software" it is not even possible doing this remotely without knowing the infrastructure and the authentication/authorization processes.
I'm trying to do a load test of e commerce site with complete flow from product search, login to add to cart and submit. Product search and anonymous order is working fine but when I'm trying to run script for registered user it's not working. How can I fix this?Click here to download script
Your "download" link is broken or expired or whatever.
Most probably your request doesn't work for authorised users due to missing or improperly working correlation. Modern web applications cannot be just recorded and replayed as they widely use dynamic request parameters mostly for security reasons. So if this is the case your test needs to look as follows:
Open Login Page (usually GET request)
Extract dynamic parameters using one of matching JMeter Post-Processors and store them into JMeter Variables
Perform Login (usually POST Request) providing not only credentials, but also dynamic parameters values from the first request
Also make sure you add HTTP Cookie Manager to your Test Plan - it represents browser cookies and automatically deals with cookie-based authentication
You might want to try an alternative way of recording a JMeter test - using cloud-based proxy which is capable of exporting recorded tests in "SmartJMX" mode with automatic correlation of any dynamic parameters detected. Check out How to Cut Your JMeter Scripting Time by 80% article for more information.
I have a login function in website. I have tried 2 things to create load testing plan :
Record login scenario using jmeter and complete load test
Use login API, configure in Jmeter and complete load test
I realize that 2nd option from above is faster than 1st when running load test? Can anyone help me to understand why?
Well-behaved test should simulate end-user behaviour as close as possible, so basically you have at least 2 requests:
Open login page
Perform login
In addition when mimicking real browser you have to deal with a lot more data, i.e. complete HTML response, JavaScript, CSS, images, etc.
In case of API you have only one request consisting of username and password and one small response indicating whether login attempt successful or not.
I believe load test should be as close to reality as possible so I would recommend 1st option. Make sure that you add the next test elements to your Test Plan:
HTTP Cookie Manager
HTTP Cache Manager
HTTP Header Manager
and follow recommendations from How To Make JMeter Behave More Like A Real Browser guide for detailed instructions.