I wanna create a test in JMeter for an web app that use google auth as a login.
So basically user sees the app login button on login page, clicks it --> navigates to google login page where he should set an email, a password, and click Sign In button.
I have stucked on "Sign In" step that is the following post request:
https://accounts.google.com/ServiceLoginAuth
all parameters are easy to extract except for "bgresponse".
when user navigates to google sign in page, bgresponse value = js_disabled that is not default and cannot be used for the post request.
it is set with a real value when user hits Sign in button.
thus, I can't extract the correct bgresponse value value as a post processor of the request that leads to google sign in page.
Any ideas how can I sign in to google via JMeter?
Please help.
TIA
Anna
Google supports oauth 2.0
https://developers.google.com/accounts/
so I think you can expand your question to JMeter and oauth 2.0
Here are a few resources:
https://malalanayake.wordpress.com/tag/oauth-2-0/
how to config apache jmeter 2.6 oauth 2.0
I think than you can use WebDriver Sampler available via plugin (you'll need WebDriver Set). This extension allows Selenium tests to be executed from JMeter and you can launch a real browser to perform Google authentication and obtain permanent OAuth token from callback page.
You won't be able to do any performance testing with the WebDriver Sampler (don't attempt to use it with more than 1 thread), but it'll be quite enough for successful OAuth 3-step process.
Related
URL I am hitting for sign in is
https://accounts.google.com/signin/oauth/oauthchooseaccount?client_id=314687257509-dfk13dhtelq4o1ti0li7af1akie3ieqm.apps.googleusercontent.com&as=H_7I4EsREAQ2c6c8EejwOw&destination=http%3A%2F%2Fmetacampus-in.appspot.com&approval_state=!ChRUMEJ4bVhFcm5Sb0JxaHgwb1F3bBIfOC1uZGhOTGc1bmdSOEhuU1JuY2dubXJlQXdHdVRCWQ%E2%88%99ANKMe1QAAAAAW1gSB4OWT70lnDr525s7wW0mFo0q0uZ6&oauthgdpr=1&xsrfsig=AHgIfE_kc7fWgnNfGE6nCQu1hzZAma2qcQ&flowName=GeneralOAuthFlow
In order to be able to proceed you need to add a proper Authorization Bearer token via HTTP Header Manager.
There are several ways to obtain the token:
Perform login via real web browser using i.e. WebDriver Sampler and extract the token value from the browser
Obtain the token from the developer console
Use Google OAuth Client Library from JSR223 Sampler to perform programmatic OAuth login.
See How to Run Performance Tests on OAuth Secured Apps with JMeter article for more information on each of the approaches.
My project had implemented google sign in with company name as domain.
I need to sign in to get idtoken send by Google on successful authentication.
I tried all searching but still not able to get this done.
If you're talking about this Google Sign-In you basically need to obtain the Bearer token and add it to your requests using HTTP Header Manager
As JMeter cannot execute JavaScript you have the following options:
Use hard-coded token which you can get from the Google Developer Console
Obtain the token dynamically using a real browser with WebDriver Sampler
Obtain the token programmatically using Google API Client libraries from the JSR223 Sampler
I need to perform load test on one of my site , which has google sign In button , how do I logged in one time and then request for specific page 10 times .
Recording controller also does not did the work , is there something other way around.
Thanks
It looks like your site is using OAuth so record and replay and even correlation won't help as it is too specific.
OAuth authentication is all about obtaining a token (see User Authentication with OAuth 2.0) and passing it along with your credentials via HTTP Header Manager.
There are several ways of obatining an OAuth token, see How to Run Performance Tests on OAuth Secured Apps with JMeter to learn more.
Can login page (where we need to enter the credentials) be tested?
And URL of that website after login page can be tested without login?
JMeter is able to simulate login event and represent authenticated user. See i.e. ASP.NET Login Testing with JMeter guide for example configuration and associated correlations.
If you need to simulate N authenticated users and X unauthenticated ones you could use Throughput Controller for scenario distribution.
Answer is Yes and To a Large extent Yes.
Yes, Because it can be done for Web Page Logins and as Dmitiri said ASP.Net logins also.
Why i am Saying "to a Large Extent" is NTLM and Kerberos Authentication for Logins can be a bit troublesome. Where you need to be sure about the Domain names, the exact details.
Now, it depends where you are being asked for the User's Credentials . Normally for a Simple Web Page login - You Would get the URL from the address bar and you need to pass that.
For NTLM and Kerberos ones, you need to do some research so as to where you are getting authenticated and grab hold of that page.
We did for NTLM one and the login and authentication pages were different.
Could anyone please help to test the login / authentication with the following scenario?
User access the site "sitaA.com" home page. In that page, there is a button "login with oauth".
Upon clicking the "login with oauth" button, "siteA.com" redirects to "siteB.com" in which the user is able to key in username and passowrd and sign in. It authenticates (oauth) the user and returns back to "siteA.com".
siteA.com will send the client id and call back url when redirects to siteB.com.
How to achieve this using JMeter?
Thanks in advance
OAuth is a basically a way of getting a token. If you're load-testing OAuth-enabled application you need to do the following:
Request temporary access token
Authorize access token
Change temporary access token to something permanent
You can do steps above manually, capture permanent access token via sniffer and add it to your requests as a separate HTTP Request parameter. If you have limited number of user logins to reuse in test it may do the trick for you.
However if you need to test end-to-end flow which assumes obtaining token process via JMeter you need to consider OAuth Sampler Plugin
So basically you need to do one of the following:
Manual 3-stepped OAuth login and capture token process followed by adding token as a parameter of HTTP Requests for each virtual user
Automated OAuth login process by means of JMeter OAuth sampler
If you have limited number of logins/users option 1 may be better
P.S. There is also an option for advanced JMeter users and/or Java developers to add OAuth java client libraries to JMeter lib/ext folder and use Beanshell Samplers to authenticate with OAuth. It's also likely that you'll have to use Selenium with JMeterto navigate to OAuth callback page and confirm authorized login from there.