browser session issue in jmeter - session

Iam testing an application which has the following behaviour
User1 loged into machine A using IE Then User2 cannot login into
Machine A using IE. So User2 should login from Machine B.
I have recorded the script using IE and when trying to test with 10 user load say U1 to U10, only U1 is able to login and rest all are failing....how do i simulatd the load in this case.
I checked with developers and they are not using IP address for this but using browser session for making single user logs in from a single browser.
Could you please help how do i overcome the issue and simulate the load

Try adding HTTP Cookie Manager, it can automatically handle cookies and define and maintain separate session for each thread.
If it doesn't help - inspect requests more closely with a sniffer tool like Wireshark to compare which request bits are different for different users. The possible options are:
Cookies - can be handled by aforementioned HTTP Cookie Manager
Headers - can be handled by HTTP Header Manager
Request parameters - it may be the case when server sends some parameter in the response and expects it to be present in the next request. In that case you need to extract it from the first response with i.e. Regular Expression Extractor, store it into a JMeter Variable and send with the next request.

Related

how to load test nexcloud server with jmeter or smashbox

We are installing a nextcloud server in my organization and i would like to load test it before we deploy more broadly.
I have managed to do some testing with jmeter...(see answer below)
Now i would like to load test other features of nextcloud. I have found this repo but it seems it is not updated anymore : https://github.com/owncloud/smashbox
Anyone know if it is still working? (i dont have yet access to the nexcloud server os).
Apparently smashbox is designed for owncloud and not nextcloud...any hint on tools for nextcloud?
Thank you
If you "dont have yet access to the nexcloud server" then how do you know that "doesnt log in with http authorization manager"?
Whatever. Given Nextcloud doesn't ask your credentials most probably it's configured for Single-Sign-On and most probably it's Kerberos
If this is the case you will need to not only to add the HTTP Authorization Manager but also perform the relevant configuration in krb5.conf and jaas.conf files (live in "bin" folder of your JMeter installation).
You can check out Windows Authentication with Apache JMeter article for example setup and more comprehensive explanations.
So here is the answer :
You have to create two sampler http request.
the first request is a get request on the login page.
the second request is a post request on the login page.
You have to create a regular expression extractor to extract data-requesttoken:
data-requesttoken="(.+)"
You can reuse it in the post request (name : requesttoken) with the variable set in the extractor.
You also need to add a http cookie manager to the thread group and leave it blank so it handles the cookies set in the get request and in the post request.
Then the login works properly and you can tune in the loop, number of threads and ramp up
There is only one problem on my machine: the request randomly succeed or fail because the cookie manager sometimes set the proper cookies in the redirect after post request and sometimes not... (see here : JMeter randomly setting proper cookies so my request succeed )

Jmeter login script

I am using Jmeter for testng load balance of website.I written a script to test the scenario like to make the user to login into the website and able navigate the user to the dashboard where he can see the recent data by consuming the protected calls.Here i am able to pass the user login scenario but the jmeter showing fail errors regarding the protected calls.When i am searching the url thing whcih is given by jmeter i able to understand that teh protected calls need user credentials to consume data but it fails due to absence of user login things.
Here i am able to pass the user login scenario
are you sure? If JMeter reports the HTTP Request sampler as successful it doesn't necessarily mean that the login will be successful, it might be the case your application responds with status code 200 and some error message explaining why the login has failed and JMeter automatically treats HTTP Status Codes below 400 as successful.
Try inspecting request and response details using View Results Tree listener which has HTML and Browser modes and double check that you're able to login.
If yes - you might need to add HTTP Cookie Manager or perform the correlation of the authorization header in the HTTP Header Manager for the "protected calls" or something like this
If no - you will need to amend your script so login will be successful. In order to avoid such situations in future you might want to add Assertions to your test plan to ensure that JMeter is doing what it's supposed to be doing

Maintain State Between HTTP Requests to Keycloak in JMeter

So I am trying to automate a JMeter script that creates Keycloak users and then signs them in.
First It GETs the login page and stores the code, here is an example request:
GET http://Keycloak.com:8001//auth/realms/REALM/protocol/openid-connect/auth?response_type=code&client_id=CLIENT&scope=openid%20profile%20email&nonce=N5b3a2da23c04a&response_mode=form_post&resource=RESOURCE&state=2SJwtlVZrswlGkw&redirect_uri=REDIRECTURI
However, when I then GET the registration page, the code changes and the tab_id also changes. How can I keep keycloak from generating a new code token with every HTTP request in a thread?
In addition, why is each HTTP request with JMeter acting like a new session instead of the next request in a series?
EDIT:
I am using Regular Expression Extractors in order to track the code and execution variables, in addition to using a HTTP Cookie Manager and HTTP Cache Manager for the thread.
Looking at my POST request, both variables are the same as those from the previous HTTP request, and all of my cookies are being maintained, yet every time I try this automated login, I get a 400 error and the keycloak event log displays an invalid_code error.
Edit:
As requested here is a screenshot of all my sign in requests
Most probably your Regular Expression Extractor is not nested in the HTTP Request you are trying to extract data from.
If its scope is too wide, it applies to all HTTP Requests, so first time it succeeds extracting, but then for the next request that does not contain the token, the extractor runs and overwrites the old value by an empty one.
See scoping rules in JMeter:
https://jmeter.apache.org/usermanual/test_plan.html#scoping_rules
You need to maintain the corelation between hits. Please go through below blog
https://www.blazemeter.com/blog/how-to-handle-correlation-in-jmeter
According to keycloak you must use https if you are using keycloak.com
Keycloak can run out of the box without SSL so long as you stick to private IP addresses like localhost, 127.0.0.1, 10.0.x.x, 192.168.x.x, and 172..16.x.x. If you don’t have SSL/HTTPS configured on the server or you try to access Keycloak over HTTP from a non-private IP adress you will get an error.
So you have 3 options: use private IP address, use a reverse proxy or load balancer to handle HTTPS or enable HTTPS for the Keycloak server.

Session Expired Response in JMeter

I am testing particular application using JMeter 2.9.There My test plan is Thread group--> Transaction Controller.Inside that various recorded requests are there.I am using HTTP request defaults,HTTP Cookie manager and HTTP header manager,and a view result tree for validation.I found one token i.e. CSRF token to be correlated and I did correlation.But for a particular request I am finding "Session expired..Login again" response much before the logout request.My transaction flow is to Login--> Search a content-->Logout.
Please help me finding a solution.
Try put the element: HTTP Cookie Manager in Thread Group, first item.
the problem can be in the following areas:
-you were redirected automatically instead of following redirects
-login hasn't succeeded
-the session id has not been successfully passed on to the request after login
The JMeter documentation states this:
I've set up JMeter to sample the same URLs as my browser, why is JMeter not seeing the same responses?
There are various different reasons for this:
Cookies - make sure you added a Cookie Manager. Browsers process cookies unless you set them up otherwise, but JMeter does not process cookies unless you add a Cookie Manager.
User-Agent - the User-Agent is a header that is sent by browsers; it identifies the browser type. Some servers are sensitive to this setting and generate different results for what they think are different browsers. The Header Manager is used to add headers such as User-Agent.
Hidden fields - if you did not use the JMeter Proxy (or other application) to record the test plan, then it is easy to miss hidden fields from forms.
Dynamic field names/content - some servers use varying names for fields. So although the test plan may be correct at the time of creation, it does not work when replayed.
URL rewriting - TBA
from http://wiki.apache.org/jakarta-jmeter/DifferentBehaviour

Jmeter. Login stress-testing

I am testing login flow on web site using jmeter
scenario was captured by jmeter http proxy server
during scenario execution parameters specific to authentication (session id in GET requests and cookies) are taken from previously captured http-request.
How should i change test plan configuration to capture session id reсeived from server?
Cookies should work fine if you add a an HTTP cookie mananger.
You need to use a regular expression to capture the authentication tokens if you want to pass them as a variable to the next request.
If this is an ASP.NET application here's a great tutorial:
http://www.markschabacker.com/blog/2013/05/10/jmeter_with_webforms_authentication/
If not, here a video on youtube that also covers the general scenario of extracting parameters to use for future requests:
http://www.youtube.com/watch?v=SVxB3Tk4O4A

Resources