I'm new to JMeter.
My web app is using windows authentication. As soon as you access the page, it logs you in without the need to enter credentials (No way to log out either). I was able to use HTTP Authorization Manager + HTTP Request Sampler to access the page.
My next step is to cycle through 5 test accounts against the same HTTP Request. Unfortunately, it doesn't look like HTTP Authorization Manager supports multiple logins for the same url. Running the test, it only uses the first set of credentials.
I tried using CVS DataSet Config, but the url does not support Post or Get method for login.
Any suggestions on how I would be able to create multiple logins for a HTTP Request Sampler? If it cannot be done with the HTTP Request Sampler, any alternative samplers I should use instead?
Thanks
Figured out I was able to include variables within the HTTP Authorization Manager.
Combined it with the CSV Data Set Config and it works as expected!
Related
We are installing a nextcloud server in my organization and i would like to load test it before we deploy more broadly.
I have managed to do some testing with jmeter...(see answer below)
Now i would like to load test other features of nextcloud. I have found this repo but it seems it is not updated anymore : https://github.com/owncloud/smashbox
Anyone know if it is still working? (i dont have yet access to the nexcloud server os).
Apparently smashbox is designed for owncloud and not nextcloud...any hint on tools for nextcloud?
Thank you
If you "dont have yet access to the nexcloud server" then how do you know that "doesnt log in with http authorization manager"?
Whatever. Given Nextcloud doesn't ask your credentials most probably it's configured for Single-Sign-On and most probably it's Kerberos
If this is the case you will need to not only to add the HTTP Authorization Manager but also perform the relevant configuration in krb5.conf and jaas.conf files (live in "bin" folder of your JMeter installation).
You can check out Windows Authentication with Apache JMeter article for example setup and more comprehensive explanations.
So here is the answer :
You have to create two sampler http request.
the first request is a get request on the login page.
the second request is a post request on the login page.
You have to create a regular expression extractor to extract data-requesttoken:
data-requesttoken="(.+)"
You can reuse it in the post request (name : requesttoken) with the variable set in the extractor.
You also need to add a http cookie manager to the thread group and leave it blank so it handles the cookies set in the get request and in the post request.
Then the login works properly and you can tune in the loop, number of threads and ramp up
There is only one problem on my machine: the request randomly succeed or fail because the cookie manager sometimes set the proper cookies in the redirect after post request and sometimes not... (see here : JMeter randomly setting proper cookies so my request succeed )
Im using Jmeter to write some load tests on an API secured by oAuth.
I want to be able to reuse the header manager once the bearer token has been produced from the access token call.
However when I try to move the header manager out side of the http request the call is no longer authorised. I think its because it can no longer get the bearer token.
For Post Request, when i put the header manager outside it no longer works, it only works when I put it under the request as I have done for User get request, Delete request and Put request.
How do I make the header manager reusable and therefore only manage one header manager?
Thank you.
{"fault":{"faultstring":"Invalid access token","detail":{"errorcode":"oauth.v2.InvalidAccessToken"}}}
My expectation is that this is due to clash with the HTTP Authorization Manager
Both are Configuration Elements and both obey JMeter Scoping rules
When you move HTTP Header Manager outside the HTTP Request sampler it might be the case that Authorization Header comes from the HTTP Authorization Manager
You can check which exact header value is being sent using Request -> Request Headers tab of the View Results Tree listener
Given you manually create Authorization header for your request I believe if you disable or delete the HTTP Authorization Manager your test should start working as expected as you basically don't need it.
So I am trying to automate a JMeter script that creates Keycloak users and then signs them in.
First It GETs the login page and stores the code, here is an example request:
GET http://Keycloak.com:8001//auth/realms/REALM/protocol/openid-connect/auth?response_type=code&client_id=CLIENT&scope=openid%20profile%20email&nonce=N5b3a2da23c04a&response_mode=form_post&resource=RESOURCE&state=2SJwtlVZrswlGkw&redirect_uri=REDIRECTURI
However, when I then GET the registration page, the code changes and the tab_id also changes. How can I keep keycloak from generating a new code token with every HTTP request in a thread?
In addition, why is each HTTP request with JMeter acting like a new session instead of the next request in a series?
EDIT:
I am using Regular Expression Extractors in order to track the code and execution variables, in addition to using a HTTP Cookie Manager and HTTP Cache Manager for the thread.
Looking at my POST request, both variables are the same as those from the previous HTTP request, and all of my cookies are being maintained, yet every time I try this automated login, I get a 400 error and the keycloak event log displays an invalid_code error.
Edit:
As requested here is a screenshot of all my sign in requests
Most probably your Regular Expression Extractor is not nested in the HTTP Request you are trying to extract data from.
If its scope is too wide, it applies to all HTTP Requests, so first time it succeeds extracting, but then for the next request that does not contain the token, the extractor runs and overwrites the old value by an empty one.
See scoping rules in JMeter:
https://jmeter.apache.org/usermanual/test_plan.html#scoping_rules
You need to maintain the corelation between hits. Please go through below blog
https://www.blazemeter.com/blog/how-to-handle-correlation-in-jmeter
According to keycloak you must use https if you are using keycloak.com
Keycloak can run out of the box without SSL so long as you stick to private IP addresses like localhost, 127.0.0.1, 10.0.x.x, 192.168.x.x, and 172..16.x.x. If you don’t have SSL/HTTPS configured on the server or you try to access Keycloak over HTTP from a non-private IP adress you will get an error.
So you have 3 options: use private IP address, use a reverse proxy or load balancer to handle HTTPS or enable HTTPS for the Keycloak server.
I have a http request that auto generates '_token' value with the request(this value generated under http request only, not in the response of this request) and this '_token' value needs to be passed to the next http request header as 'authorization'. I know we can use JSON/RegEx post processor if it is in Response of the first http request. However how it be be correlated if the dynamic value is in http request.
Please suggest how can we achieve this in jmeter.
Most likely you are trying to load test an application which uses OAuth and depending on OAuth version and your application setup there could be different options. If the token is permanent - you can just put it into HTTP Header Manager, however if the token expires more or less frequently - you will need to implement OAuth flow using JMeter (in some cases you will need some extras like scripting, kick off browser to open a redirect URL or use OAuth client libraries). Check out How to Run Performance Tests on OAuth Secured Apps with JMeter article for details.
I would suggest contacting your application developers to learn about OAuth version, settings, required client id/secret, etc.
I am trying to make a script to test REST services using Jmeter.
Till now I was using Chrome’s Advanced REST Client.
My authentication request was GET and it was something like this in Advanced REST:
https://username:password#URL:portnumber
its a GET request
Now when I am using Jmeter. I tried following ways:
I added HTTP Authorization Manager and mentioned Base URL and Username/password inside it.
When I am trying to do a request then its showing me “Unauthorized”
I also tried to login using normal https request but no success.
When accessed manually, a authorization popup window appears and username and password is submitted inside this window.
Please suggest me a way for how to login using Jmeter.
Few suggestions:
Most likely you have mismatch in URL you're trying hit and the one, specified in HTTP Authorization Manager, double check it.
Add View Results Tree listener and make sure that the header like:
Authorization: Basic xxxxxxxxxxxx=
is being sent along with the request and compare it with the one, sent by the real browser.
Try switching "Implementation" of your HTTP Request samplers to HttpClient3.1, the easiest way of doing this is using HTTP Request Defaults
And finally, you can use HTTP Header Manager to send the relevant header, it's name should be Authorization and value Basic and username:password encoded in Base64. There is base64Encode function available via JMeter Plugins.