I need to perform load test on one of my site , which has google sign In button , how do I logged in one time and then request for specific page 10 times .
Recording controller also does not did the work , is there something other way around.
Thanks
It looks like your site is using OAuth so record and replay and even correlation won't help as it is too specific.
OAuth authentication is all about obtaining a token (see User Authentication with OAuth 2.0) and passing it along with your credentials via HTTP Header Manager.
There are several ways of obatining an OAuth token, see How to Run Performance Tests on OAuth Secured Apps with JMeter to learn more.
Related
We have an application and it's having okta authentication . So after we enter our credentials, an OTP is being sent to our gmail address and we have to give that OTP to login. How to record these steps in JMeter, or how to do the performance test of these kind of applications?
You can get the email sent to Gmail account via JMeter's Mail Reader Sampler, the setup would be something like:
Once done you can fetch the OTP from the email body using a suitable Post-Processor like Regular Expression Extractor or Boundary Extractor
More information: Load Testing Your Email Server: How to Send and Receive E-mails with JMeter
You may also need to enable access of less secure apps to your google mail account
Actually, when I debugged the application and checked the console, I found that the OTP UI is just a wrapper above a token service. So what I did was to replace the okta authentication samplers from the recording by that token service. I kept all the remaining samplers intact. And extracted that token from token service and passed it on to the header manager of the remaining samplers. This was accepted by our team too. But if we really have to do a performance test on the okta authentication, still we can ask the dev to create an OTP that wouldn't expire in another 24 hours or so, so that we can use that and load test the authentication samplers too.
URL I am hitting for sign in is
https://accounts.google.com/signin/oauth/oauthchooseaccount?client_id=314687257509-dfk13dhtelq4o1ti0li7af1akie3ieqm.apps.googleusercontent.com&as=H_7I4EsREAQ2c6c8EejwOw&destination=http%3A%2F%2Fmetacampus-in.appspot.com&approval_state=!ChRUMEJ4bVhFcm5Sb0JxaHgwb1F3bBIfOC1uZGhOTGc1bmdSOEhuU1JuY2dubXJlQXdHdVRCWQ%E2%88%99ANKMe1QAAAAAW1gSB4OWT70lnDr525s7wW0mFo0q0uZ6&oauthgdpr=1&xsrfsig=AHgIfE_kc7fWgnNfGE6nCQu1hzZAma2qcQ&flowName=GeneralOAuthFlow
In order to be able to proceed you need to add a proper Authorization Bearer token via HTTP Header Manager.
There are several ways to obtain the token:
Perform login via real web browser using i.e. WebDriver Sampler and extract the token value from the browser
Obtain the token from the developer console
Use Google OAuth Client Library from JSR223 Sampler to perform programmatic OAuth login.
See How to Run Performance Tests on OAuth Secured Apps with JMeter article for more information on each of the approaches.
I wanna create a test in JMeter for an web app that use google auth as a login.
So basically user sees the app login button on login page, clicks it --> navigates to google login page where he should set an email, a password, and click Sign In button.
I have stucked on "Sign In" step that is the following post request:
https://accounts.google.com/ServiceLoginAuth
all parameters are easy to extract except for "bgresponse".
when user navigates to google sign in page, bgresponse value = js_disabled that is not default and cannot be used for the post request.
it is set with a real value when user hits Sign in button.
thus, I can't extract the correct bgresponse value value as a post processor of the request that leads to google sign in page.
Any ideas how can I sign in to google via JMeter?
Please help.
TIA
Anna
Google supports oauth 2.0
https://developers.google.com/accounts/
so I think you can expand your question to JMeter and oauth 2.0
Here are a few resources:
https://malalanayake.wordpress.com/tag/oauth-2-0/
how to config apache jmeter 2.6 oauth 2.0
I think than you can use WebDriver Sampler available via plugin (you'll need WebDriver Set). This extension allows Selenium tests to be executed from JMeter and you can launch a real browser to perform Google authentication and obtain permanent OAuth token from callback page.
You won't be able to do any performance testing with the WebDriver Sampler (don't attempt to use it with more than 1 thread), but it'll be quite enough for successful OAuth 3-step process.
Could anyone please help to test the login / authentication with the following scenario?
User access the site "sitaA.com" home page. In that page, there is a button "login with oauth".
Upon clicking the "login with oauth" button, "siteA.com" redirects to "siteB.com" in which the user is able to key in username and passowrd and sign in. It authenticates (oauth) the user and returns back to "siteA.com".
siteA.com will send the client id and call back url when redirects to siteB.com.
How to achieve this using JMeter?
Thanks in advance
OAuth is a basically a way of getting a token. If you're load-testing OAuth-enabled application you need to do the following:
Request temporary access token
Authorize access token
Change temporary access token to something permanent
You can do steps above manually, capture permanent access token via sniffer and add it to your requests as a separate HTTP Request parameter. If you have limited number of user logins to reuse in test it may do the trick for you.
However if you need to test end-to-end flow which assumes obtaining token process via JMeter you need to consider OAuth Sampler Plugin
So basically you need to do one of the following:
Manual 3-stepped OAuth login and capture token process followed by adding token as a parameter of HTTP Requests for each virtual user
Automated OAuth login process by means of JMeter OAuth sampler
If you have limited number of logins/users option 1 may be better
P.S. There is also an option for advanced JMeter users and/or Java developers to add OAuth java client libraries to JMeter lib/ext folder and use Beanshell Samplers to authenticate with OAuth. It's also likely that you'll have to use Selenium with JMeterto navigate to OAuth callback page and confirm authorized login from there.
I am developing a Sinatra web app to which I plan to add a Google sign in capability.
While I am able to understand the Oauth2 authentication mechanism with Google and everything seems to work fine, I have a basic question on maintaining sessions.
I am using the Server side web application flow of Oauth2.
Before I ask my question here is my understanding of the Oauth2 authentication mechanism.
Once the user clicks on the "Sign in with Google" button, the sequence of events are:
The user is redirected to the Google oauth authorization server.
The Google oauth2 authorization server checks if the user has a active
session.
If yes it prompts the user to grant access to my application for the requested data from Google.
If the user grants access then the process of sending back an auth_code and getting access tokens commences.
Based on what I have encountered on the web, the code for all of the above would have to be put in a before filter.
My questions are below:
If I add this code to a before filter, then there would be a round trip to the Google Authentication server for each request that comes to my application from the user.
Am I thinking right in the statement 1 above?
Is this necessary?
Is there some other way of validating session without reaching out to the Google server for each request to my server?
Will this not cause an overhead?
How do web-apps using oauth2 typically handle checking session validity across multiple requests?
Sorry about the longish question and thanks for your patience.
When the user clicks on the Login link and returns with a valid response i.e request.env["omniauth.auth"], you need to store the "uid" in the session and then check for the session in the next requests. Like this
before do
unless ['/login', '/auth/google_oauth2/callback'].include?(action)
unless session[:uid]
redirect "/login"
end
end
end
get "/auth/google_oauth2/callback" do
session[:uid] = request.env["omniauth.auth"]["uid"]
redirect "/"
end
Let me know if it works.