We have an application and it's having okta authentication . So after we enter our credentials, an OTP is being sent to our gmail address and we have to give that OTP to login. How to record these steps in JMeter, or how to do the performance test of these kind of applications?
You can get the email sent to Gmail account via JMeter's Mail Reader Sampler, the setup would be something like:
Once done you can fetch the OTP from the email body using a suitable Post-Processor like Regular Expression Extractor or Boundary Extractor
More information: Load Testing Your Email Server: How to Send and Receive E-mails with JMeter
You may also need to enable access of less secure apps to your google mail account
Actually, when I debugged the application and checked the console, I found that the OTP UI is just a wrapper above a token service. So what I did was to replace the okta authentication samplers from the recording by that token service. I kept all the remaining samplers intact. And extracted that token from token service and passed it on to the header manager of the remaining samplers. This was accepted by our team too. But if we really have to do a performance test on the okta authentication, still we can ask the dev to create an OTP that wouldn't expire in another 24 hours or so, so that we can use that and load test the authentication samplers too.
Related
URL I am hitting for sign in is
https://accounts.google.com/signin/oauth/oauthchooseaccount?client_id=314687257509-dfk13dhtelq4o1ti0li7af1akie3ieqm.apps.googleusercontent.com&as=H_7I4EsREAQ2c6c8EejwOw&destination=http%3A%2F%2Fmetacampus-in.appspot.com&approval_state=!ChRUMEJ4bVhFcm5Sb0JxaHgwb1F3bBIfOC1uZGhOTGc1bmdSOEhuU1JuY2dubXJlQXdHdVRCWQ%E2%88%99ANKMe1QAAAAAW1gSB4OWT70lnDr525s7wW0mFo0q0uZ6&oauthgdpr=1&xsrfsig=AHgIfE_kc7fWgnNfGE6nCQu1hzZAma2qcQ&flowName=GeneralOAuthFlow
In order to be able to proceed you need to add a proper Authorization Bearer token via HTTP Header Manager.
There are several ways to obtain the token:
Perform login via real web browser using i.e. WebDriver Sampler and extract the token value from the browser
Obtain the token from the developer console
Use Google OAuth Client Library from JSR223 Sampler to perform programmatic OAuth login.
See How to Run Performance Tests on OAuth Secured Apps with JMeter article for more information on each of the approaches.
My project had implemented google sign in with company name as domain.
I need to sign in to get idtoken send by Google on successful authentication.
I tried all searching but still not able to get this done.
If you're talking about this Google Sign-In you basically need to obtain the Bearer token and add it to your requests using HTTP Header Manager
As JMeter cannot execute JavaScript you have the following options:
Use hard-coded token which you can get from the Google Developer Console
Obtain the token dynamically using a real browser with WebDriver Sampler
Obtain the token programmatically using Google API Client libraries from the JSR223 Sampler
I need to perform load test on one of my site , which has google sign In button , how do I logged in one time and then request for specific page 10 times .
Recording controller also does not did the work , is there something other way around.
Thanks
It looks like your site is using OAuth so record and replay and even correlation won't help as it is too specific.
OAuth authentication is all about obtaining a token (see User Authentication with OAuth 2.0) and passing it along with your credentials via HTTP Header Manager.
There are several ways of obatining an OAuth token, see How to Run Performance Tests on OAuth Secured Apps with JMeter to learn more.
I am testing some api for our product using jmeter. To test the api to verify the user's email address I need to login to the mail account. I have the email and password of a test user. How can I login using an api or any other way in jmeter?
Is it possible at all?
Yes that is possible. You'll have to create a test plan with multiple steps but these depend on the concrete implementation of the login.
First you must identify the following two locations:
The GET request that gets the initial login form (if this is required).
The POST request that posts the login credentials.
If your service has a stateless login form you can even skip the first step.
Otherwise the response of the GET request will contain stuff which needs to be extracted (e.g. the JSESSIONID if you are using JSF) and sent as a parameters in the POST request. You can use the Regular Expression Extractor of JMeter to extract these values and provide them as variables for use in the subsequent requests.
Here is an example screenshot of a HTTP Request element configured to POST login data to the url /common/j_security_check
You might also need to intercept an authentication token from the server response and then pass that into following requests.
Here is a blog entry with a couple of video tutorials on logins with JMeter:
http://community.blazemeter.com/knowledgebase/articles/80479-how-to-use-jmeter-for-login-authentication
You can use jmeter to login,
two ways:
parameterization using csv file(for more users)/user defined variables(UDV)
Login config elements(for single user)
Now that I understand you want to automatically click on a confirmation link from an email using JMeter, here is a blog entry that explains exactly how to do that:
http://blazemeter.com/blog/how-create-jmeter-script-check-email-during-registration-and-grab-confirmation-url
Ophir
Could anyone please help to test the login / authentication with the following scenario?
User access the site "sitaA.com" home page. In that page, there is a button "login with oauth".
Upon clicking the "login with oauth" button, "siteA.com" redirects to "siteB.com" in which the user is able to key in username and passowrd and sign in. It authenticates (oauth) the user and returns back to "siteA.com".
siteA.com will send the client id and call back url when redirects to siteB.com.
How to achieve this using JMeter?
Thanks in advance
OAuth is a basically a way of getting a token. If you're load-testing OAuth-enabled application you need to do the following:
Request temporary access token
Authorize access token
Change temporary access token to something permanent
You can do steps above manually, capture permanent access token via sniffer and add it to your requests as a separate HTTP Request parameter. If you have limited number of user logins to reuse in test it may do the trick for you.
However if you need to test end-to-end flow which assumes obtaining token process via JMeter you need to consider OAuth Sampler Plugin
So basically you need to do one of the following:
Manual 3-stepped OAuth login and capture token process followed by adding token as a parameter of HTTP Requests for each virtual user
Automated OAuth login process by means of JMeter OAuth sampler
If you have limited number of logins/users option 1 may be better
P.S. There is also an option for advanced JMeter users and/or Java developers to add OAuth java client libraries to JMeter lib/ext folder and use Beanshell Samplers to authenticate with OAuth. It's also likely that you'll have to use Selenium with JMeterto navigate to OAuth callback page and confirm authorized login from there.