So I am trying to automate a JMeter script that creates Keycloak users and then signs them in.
First It GETs the login page and stores the code, here is an example request:
GET http://Keycloak.com:8001//auth/realms/REALM/protocol/openid-connect/auth?response_type=code&client_id=CLIENT&scope=openid%20profile%20email&nonce=N5b3a2da23c04a&response_mode=form_post&resource=RESOURCE&state=2SJwtlVZrswlGkw&redirect_uri=REDIRECTURI
However, when I then GET the registration page, the code changes and the tab_id also changes. How can I keep keycloak from generating a new code token with every HTTP request in a thread?
In addition, why is each HTTP request with JMeter acting like a new session instead of the next request in a series?
EDIT:
I am using Regular Expression Extractors in order to track the code and execution variables, in addition to using a HTTP Cookie Manager and HTTP Cache Manager for the thread.
Looking at my POST request, both variables are the same as those from the previous HTTP request, and all of my cookies are being maintained, yet every time I try this automated login, I get a 400 error and the keycloak event log displays an invalid_code error.
Edit:
As requested here is a screenshot of all my sign in requests
Most probably your Regular Expression Extractor is not nested in the HTTP Request you are trying to extract data from.
If its scope is too wide, it applies to all HTTP Requests, so first time it succeeds extracting, but then for the next request that does not contain the token, the extractor runs and overwrites the old value by an empty one.
See scoping rules in JMeter:
https://jmeter.apache.org/usermanual/test_plan.html#scoping_rules
You need to maintain the corelation between hits. Please go through below blog
https://www.blazemeter.com/blog/how-to-handle-correlation-in-jmeter
According to keycloak you must use https if you are using keycloak.com
Keycloak can run out of the box without SSL so long as you stick to private IP addresses like localhost, 127.0.0.1, 10.0.x.x, 192.168.x.x, and 172..16.x.x. If you don’t have SSL/HTTPS configured on the server or you try to access Keycloak over HTTP from a non-private IP adress you will get an error.
So you have 3 options: use private IP address, use a reverse proxy or load balancer to handle HTTPS or enable HTTPS for the Keycloak server.
Related
We are installing a nextcloud server in my organization and i would like to load test it before we deploy more broadly.
I have managed to do some testing with jmeter...(see answer below)
Now i would like to load test other features of nextcloud. I have found this repo but it seems it is not updated anymore : https://github.com/owncloud/smashbox
Anyone know if it is still working? (i dont have yet access to the nexcloud server os).
Apparently smashbox is designed for owncloud and not nextcloud...any hint on tools for nextcloud?
Thank you
If you "dont have yet access to the nexcloud server" then how do you know that "doesnt log in with http authorization manager"?
Whatever. Given Nextcloud doesn't ask your credentials most probably it's configured for Single-Sign-On and most probably it's Kerberos
If this is the case you will need to not only to add the HTTP Authorization Manager but also perform the relevant configuration in krb5.conf and jaas.conf files (live in "bin" folder of your JMeter installation).
You can check out Windows Authentication with Apache JMeter article for example setup and more comprehensive explanations.
So here is the answer :
You have to create two sampler http request.
the first request is a get request on the login page.
the second request is a post request on the login page.
You have to create a regular expression extractor to extract data-requesttoken:
data-requesttoken="(.+)"
You can reuse it in the post request (name : requesttoken) with the variable set in the extractor.
You also need to add a http cookie manager to the thread group and leave it blank so it handles the cookies set in the get request and in the post request.
Then the login works properly and you can tune in the loop, number of threads and ramp up
There is only one problem on my machine: the request randomly succeed or fail because the cookie manager sometimes set the proper cookies in the redirect after post request and sometimes not... (see here : JMeter randomly setting proper cookies so my request succeed )
I'm new to JMeter.
My web app is using windows authentication. As soon as you access the page, it logs you in without the need to enter credentials (No way to log out either). I was able to use HTTP Authorization Manager + HTTP Request Sampler to access the page.
My next step is to cycle through 5 test accounts against the same HTTP Request. Unfortunately, it doesn't look like HTTP Authorization Manager supports multiple logins for the same url. Running the test, it only uses the first set of credentials.
I tried using CVS DataSet Config, but the url does not support Post or Get method for login.
Any suggestions on how I would be able to create multiple logins for a HTTP Request Sampler? If it cannot be done with the HTTP Request Sampler, any alternative samplers I should use instead?
Thanks
Figured out I was able to include variables within the HTTP Authorization Manager.
Combined it with the CSV Data Set Config and it works as expected!
I am trying to make a script to test REST services using Jmeter.
Till now I was using Chrome’s Advanced REST Client.
My authentication request was GET and it was something like this in Advanced REST:
https://username:password#URL:portnumber
its a GET request
Now when I am using Jmeter. I tried following ways:
I added HTTP Authorization Manager and mentioned Base URL and Username/password inside it.
When I am trying to do a request then its showing me “Unauthorized”
I also tried to login using normal https request but no success.
When accessed manually, a authorization popup window appears and username and password is submitted inside this window.
Please suggest me a way for how to login using Jmeter.
Few suggestions:
Most likely you have mismatch in URL you're trying hit and the one, specified in HTTP Authorization Manager, double check it.
Add View Results Tree listener and make sure that the header like:
Authorization: Basic xxxxxxxxxxxx=
is being sent along with the request and compare it with the one, sent by the real browser.
Try switching "Implementation" of your HTTP Request samplers to HttpClient3.1, the easiest way of doing this is using HTTP Request Defaults
And finally, you can use HTTP Header Manager to send the relevant header, it's name should be Authorization and value Basic and username:password encoded in Base64. There is base64Encode function available via JMeter Plugins.
Iam testing an application which has the following behaviour
User1 loged into machine A using IE Then User2 cannot login into
Machine A using IE. So User2 should login from Machine B.
I have recorded the script using IE and when trying to test with 10 user load say U1 to U10, only U1 is able to login and rest all are failing....how do i simulatd the load in this case.
I checked with developers and they are not using IP address for this but using browser session for making single user logs in from a single browser.
Could you please help how do i overcome the issue and simulate the load
Try adding HTTP Cookie Manager, it can automatically handle cookies and define and maintain separate session for each thread.
If it doesn't help - inspect requests more closely with a sniffer tool like Wireshark to compare which request bits are different for different users. The possible options are:
Cookies - can be handled by aforementioned HTTP Cookie Manager
Headers - can be handled by HTTP Header Manager
Request parameters - it may be the case when server sends some parameter in the response and expects it to be present in the next request. In that case you need to extract it from the first response with i.e. Regular Expression Extractor, store it into a JMeter Variable and send with the next request.
I am testing particular application using JMeter 2.9.There My test plan is Thread group--> Transaction Controller.Inside that various recorded requests are there.I am using HTTP request defaults,HTTP Cookie manager and HTTP header manager,and a view result tree for validation.I found one token i.e. CSRF token to be correlated and I did correlation.But for a particular request I am finding "Session expired..Login again" response much before the logout request.My transaction flow is to Login--> Search a content-->Logout.
Please help me finding a solution.
Try put the element: HTTP Cookie Manager in Thread Group, first item.
the problem can be in the following areas:
-you were redirected automatically instead of following redirects
-login hasn't succeeded
-the session id has not been successfully passed on to the request after login
The JMeter documentation states this:
I've set up JMeter to sample the same URLs as my browser, why is JMeter not seeing the same responses?
There are various different reasons for this:
Cookies - make sure you added a Cookie Manager. Browsers process cookies unless you set them up otherwise, but JMeter does not process cookies unless you add a Cookie Manager.
User-Agent - the User-Agent is a header that is sent by browsers; it identifies the browser type. Some servers are sensitive to this setting and generate different results for what they think are different browsers. The Header Manager is used to add headers such as User-Agent.
Hidden fields - if you did not use the JMeter Proxy (or other application) to record the test plan, then it is easy to miss hidden fields from forms.
Dynamic field names/content - some servers use varying names for fields. So although the test plan may be correct at the time of creation, it does not work when replayed.
URL rewriting - TBA
from http://wiki.apache.org/jakarta-jmeter/DifferentBehaviour