jmeterperformance-testingadfs2.0

Performance testing Web Application (WS-Federation) using JMeter


I am trying to load test a web site that has an implementation of ADFS(RequestSecurityTokenResponse)

The problem is that every time I record a web test, it works in the first few minutes. But this same web test will fail after about an hour and by the time we need it for load test, the test is failing because it could no longer login to the web site. It looks like it is failing because the security token is not the same anymore. I am though passing all the dynamic parameters. Also i can see the token in the recorded script but i dont see the token when i actually run the test.


Solution

  • As per Understanding WS-Federation — Passive Requestor Profile article:

    1. The requester accesses the resource.

    2. If no session tracking token (or cookie, that identifies the request as belonging to an authenticated session) is provided in the request, the resource redirects the requestor to the resource’s IdP/STS.

    3. If the resource’s IdP/STS has not cached data indicating that the requestor has already been authenticated (another cookie most like), a second redirection to the requestor’s IdP/STS will be performed to authenticate the user.

    4. If information about the user’s IdP/STS or home realm is not provided in the request, the IdP/STS may have to prompt the user for realm information or utilize some type of Home Realm Discovery Service. Afterwards, the user is redirected to the authentication workflow.

    5. The user is prompted for credentials, the credentials are submitted to the requestor’s IdP/STS and the those credentials are validated.

    6. The requestor’s IdP/STS generates a security token for use by the federated party.

    7. The requestor IdP/STS-generated token is passed back to the resource’s IdP/STS to exchange for a token scoped to the resource.

    8. The resource’s IdP/STS passes the new token to the resource via HTTP redirect.

    9. The resource consumes the token and builds a security context.

    10. The requester is redirected to the resource URL.

    Therefore getting the token is a matter of implementing correlation of the token after you provided the credentials to the ADFS gateway, the token can be fetched using a suitable JMeter's Post-Processor and you should replace recorded hard-coded token which has limited time to live with the JMeter Variable coming from the Post-Processor.