You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@jmeter.apache.org by Daniel Corredor <da...@gmail.com> on 2012/11/02 15:32:29 UTC
Jmeter, SAMLResponse and subrequest question
Hi Everyone,
I am trying to develop an script in which I am unable to authenticate. The
analysis I have done for the script is the following:
1- Browse some initial pages, to get country, and language.
2- I get to the main sign in. At that point I extract 3 variables from that
page:
goto=....
SunQueryParamsString-......
and
SAMLRequest=......
3- I get into the login page
http://xxxxxx.com/sso/UI/Login
In this step I post
goto=....
SunQueryParamsString-......
plus the userid and password.
However, the authentication fails. When I analyze the transactions using
Badboy I see that on the login step (3) there are 3 subrequest one of them
gets a new SAMLRequest which is a bigger size and also a new URL with a new
parameter. Please refer below
http://xxxxxx/SSORedirect/metaAlias/serion/idp?ReqID=a41jgig0630g57de3igeh6h
The questions:
I am not sure how to extract the variables SAMLRequest and the ReqID= from
the http://xxxxxx.com/sso/UI/Login because it fails in Jmeter. So I am not
sure how I can handle that.
Any ideas?
Thanks in advance.
Dan
Re: Jmeter, SAMLResponse and subrequest question
Posted by Deepak Shetty <sh...@gmail.com>.
My knowledge of SAML is dated - but it used to have an Auto Submit Form
Post with dynamic data - not just the redirect so have you extracted and
posted the data?
regards
deepak
On Fri, Nov 2, 2012 at 12:15 PM, Mark Miller <ma...@gmail.com>wrote:
> Though I have not run through a federated authentication with JMeter, I
> have had some success with complex authN redirection scenarios. In those
> cases, I found the best approach was to tackle it with a sequence of 'as
> raw and simple as possible' http samplers.
>
> I would capture a full header trace of a successful authentication using
> LiveHTTPHeaders in Firefox, then set about manually recreating those
> requests, one at a time, respecting every detail. Don't let JMeter do
> anything automagically for you. When you get all the details right, it will
> work. Wrap it all up in a test fragment and you can reuse your login
> fragment.
>
> Pay close attention to cookie management. In some cases I have found reason
> to add or remove cookies explicitly via BeanShell pre or post processors.
> log.info is your friend.
>
> Hang in there and you will figure it out.
>
> Mark
>
>
> On Fri, Nov 2, 2012 at 1:00 PM, Daniel Corredor <da...@gmail.com> wrote:
>
> > Yes, I did not luck either. The whole problem is that in the login step
> > there are 2 redirections with dynamic values and my script fails there.
> > 1) It is a URL that gets a dynamic value as I explained before
> > 2) using that URL I get a new SAMLResponse value
> >
> > Has anybody experience something like this?
> >
> > Thanks.
> > Dan
> >
> >
> >
> > On Fri, Nov 2, 2012 at 2:41 PM, sebb <se...@gmail.com> wrote:
> >
> > > On 2 November 2012 14:32, Daniel Corredor <da...@gmail.com> wrote:
> > > > Hi Everyone,
> > > >
> > > > I am trying to develop an script in which I am unable to
> authenticate.
> > > The
> > > > analysis I have done for the script is the following:
> > > >
> > > > 1- Browse some initial pages, to get country, and language.
> > > >
> > > > 2- I get to the main sign in. At that point I extract 3 variables
> from
> > > that
> > > > page:
> > > > goto=....
> > > > SunQueryParamsString-......
> > > > and
> > > > SAMLRequest=......
> > > >
> > > > 3- I get into the login page
> > > > http://xxxxxx.com/sso/UI/Login
> > > > In this step I post
> > > > goto=....
> > > > SunQueryParamsString-......
> > > > plus the userid and password.
> > > >
> > > >
> > > > However, the authentication fails. When I analyze the transactions
> > using
> > > > Badboy I see that on the login step (3) there are 3 subrequest one of
> > > them
> > > > gets a new SAMLRequest which is a bigger size and also a new URL
> with a
> > > new
> > > > parameter. Please refer below
> > > >
> > > >
> > >
> >
> http://xxxxxx/SSORedirect/metaAlias/serion/idp?ReqID=a41jgig0630g57de3igeh6h
> > > >
> > > > The questions:
> > > >
> > > > I am not sure how to extract the variables SAMLRequest and the ReqID=
> > > from
> > > > the http://xxxxxx.com/sso/UI/Login because it fails in Jmeter. So I
> am
> > > not
> > > > sure how I can handle that.
> > > >
> > > > Any ideas?
> > > >
> > >
> > > Have you tried using the JMeter proxy to record the session?
> > >
> > > > Thanks in advance.
> > > >
> > > > Dan
> > >
> > > ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: user-unsubscribe@jmeter.apache.org
> > > For additional commands, e-mail: user-help@jmeter.apache.org
> > >
> > >
> >
>
Re: Jmeter, SAMLResponse and subrequest question
Posted by sebb <se...@gmail.com>.
On 2 November 2012 19:15, Mark Miller <ma...@gmail.com> wrote:
> Though I have not run through a federated authentication with JMeter, I
> have had some success with complex authN redirection scenarios. In those
> cases, I found the best approach was to tackle it with a sequence of 'as
> raw and simple as possible' http samplers.
>
> I would capture a full header trace of a successful authentication using
> LiveHTTPHeaders in Firefox, then set about manually recreating those
> requests, one at a time, respecting every detail. Don't let JMeter do
> anything automagically for you. When you get all the details right, it will
> work. Wrap it all up in a test fragment and you can reuse your login
> fragment.
>
> Pay close attention to cookie management. In some cases I have found reason
> to add or remove cookies explicitly via BeanShell pre or post processors.
> log.info is your friend.
>
> Hang in there and you will figure it out.
Good advice.
The JMeter Proxy should be able to do much the same as using
LiveHTTPHeaders and it will additionally create the samplers for you.
If there are some sequences it cannot handle, please raise a Bugzilla
so it can be fixed if possible - or the restrictions documented.
> Mark
>
>
> On Fri, Nov 2, 2012 at 1:00 PM, Daniel Corredor <da...@gmail.com> wrote:
>
>> Yes, I did not luck either. The whole problem is that in the login step
>> there are 2 redirections with dynamic values and my script fails there.
>> 1) It is a URL that gets a dynamic value as I explained before
>> 2) using that URL I get a new SAMLResponse value
>>
>> Has anybody experience something like this?
>>
>> Thanks.
>> Dan
>>
>>
>>
>> On Fri, Nov 2, 2012 at 2:41 PM, sebb <se...@gmail.com> wrote:
>>
>> > On 2 November 2012 14:32, Daniel Corredor <da...@gmail.com> wrote:
>> > > Hi Everyone,
>> > >
>> > > I am trying to develop an script in which I am unable to authenticate.
>> > The
>> > > analysis I have done for the script is the following:
>> > >
>> > > 1- Browse some initial pages, to get country, and language.
>> > >
>> > > 2- I get to the main sign in. At that point I extract 3 variables from
>> > that
>> > > page:
>> > > goto=....
>> > > SunQueryParamsString-......
>> > > and
>> > > SAMLRequest=......
>> > >
>> > > 3- I get into the login page
>> > > http://xxxxxx.com/sso/UI/Login
>> > > In this step I post
>> > > goto=....
>> > > SunQueryParamsString-......
>> > > plus the userid and password.
>> > >
>> > >
>> > > However, the authentication fails. When I analyze the transactions
>> using
>> > > Badboy I see that on the login step (3) there are 3 subrequest one of
>> > them
>> > > gets a new SAMLRequest which is a bigger size and also a new URL with a
>> > new
>> > > parameter. Please refer below
>> > >
>> > >
>> >
>> http://xxxxxx/SSORedirect/metaAlias/serion/idp?ReqID=a41jgig0630g57de3igeh6h
>> > >
>> > > The questions:
>> > >
>> > > I am not sure how to extract the variables SAMLRequest and the ReqID=
>> > from
>> > > the http://xxxxxx.com/sso/UI/Login because it fails in Jmeter. So I am
>> > not
>> > > sure how I can handle that.
>> > >
>> > > Any ideas?
>> > >
>> >
>> > Have you tried using the JMeter proxy to record the session?
>> >
>> > > Thanks in advance.
>> > >
>> > > Dan
>> >
>> > ---------------------------------------------------------------------
>> > To unsubscribe, e-mail: user-unsubscribe@jmeter.apache.org
>> > For additional commands, e-mail: user-help@jmeter.apache.org
>> >
>> >
>>
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@jmeter.apache.org
For additional commands, e-mail: user-help@jmeter.apache.org
Re: Jmeter, SAMLResponse and subrequest question
Posted by Mark Miller <ma...@gmail.com>.
Though I have not run through a federated authentication with JMeter, I
have had some success with complex authN redirection scenarios. In those
cases, I found the best approach was to tackle it with a sequence of 'as
raw and simple as possible' http samplers.
I would capture a full header trace of a successful authentication using
LiveHTTPHeaders in Firefox, then set about manually recreating those
requests, one at a time, respecting every detail. Don't let JMeter do
anything automagically for you. When you get all the details right, it will
work. Wrap it all up in a test fragment and you can reuse your login
fragment.
Pay close attention to cookie management. In some cases I have found reason
to add or remove cookies explicitly via BeanShell pre or post processors.
log.info is your friend.
Hang in there and you will figure it out.
Mark
On Fri, Nov 2, 2012 at 1:00 PM, Daniel Corredor <da...@gmail.com> wrote:
> Yes, I did not luck either. The whole problem is that in the login step
> there are 2 redirections with dynamic values and my script fails there.
> 1) It is a URL that gets a dynamic value as I explained before
> 2) using that URL I get a new SAMLResponse value
>
> Has anybody experience something like this?
>
> Thanks.
> Dan
>
>
>
> On Fri, Nov 2, 2012 at 2:41 PM, sebb <se...@gmail.com> wrote:
>
> > On 2 November 2012 14:32, Daniel Corredor <da...@gmail.com> wrote:
> > > Hi Everyone,
> > >
> > > I am trying to develop an script in which I am unable to authenticate.
> > The
> > > analysis I have done for the script is the following:
> > >
> > > 1- Browse some initial pages, to get country, and language.
> > >
> > > 2- I get to the main sign in. At that point I extract 3 variables from
> > that
> > > page:
> > > goto=....
> > > SunQueryParamsString-......
> > > and
> > > SAMLRequest=......
> > >
> > > 3- I get into the login page
> > > http://xxxxxx.com/sso/UI/Login
> > > In this step I post
> > > goto=....
> > > SunQueryParamsString-......
> > > plus the userid and password.
> > >
> > >
> > > However, the authentication fails. When I analyze the transactions
> using
> > > Badboy I see that on the login step (3) there are 3 subrequest one of
> > them
> > > gets a new SAMLRequest which is a bigger size and also a new URL with a
> > new
> > > parameter. Please refer below
> > >
> > >
> >
> http://xxxxxx/SSORedirect/metaAlias/serion/idp?ReqID=a41jgig0630g57de3igeh6h
> > >
> > > The questions:
> > >
> > > I am not sure how to extract the variables SAMLRequest and the ReqID=
> > from
> > > the http://xxxxxx.com/sso/UI/Login because it fails in Jmeter. So I am
> > not
> > > sure how I can handle that.
> > >
> > > Any ideas?
> > >
> >
> > Have you tried using the JMeter proxy to record the session?
> >
> > > Thanks in advance.
> > >
> > > Dan
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: user-unsubscribe@jmeter.apache.org
> > For additional commands, e-mail: user-help@jmeter.apache.org
> >
> >
>
Re: Jmeter, SAMLResponse and subrequest question
Posted by sebb <se...@gmail.com>.
On 2 November 2012 19:00, Daniel Corredor <da...@gmail.com> wrote:
> Yes, I did not luck either.
What did not work?
> The whole problem is that in the login step
> there are 2 redirections with dynamic values and my script fails there.
Make sure you disable "redirect automatically"; you may also need to
disable "follow redirects" and handle them manually.
> 1) It is a URL that gets a dynamic value as I explained before
> 2) using that URL I get a new SAMLResponse value
>
> Has anybody experience something like this?
>
> Thanks.
> Dan
>
>
>
> On Fri, Nov 2, 2012 at 2:41 PM, sebb <se...@gmail.com> wrote:
>
>> On 2 November 2012 14:32, Daniel Corredor <da...@gmail.com> wrote:
>> > Hi Everyone,
>> >
>> > I am trying to develop an script in which I am unable to authenticate.
>> The
>> > analysis I have done for the script is the following:
>> >
>> > 1- Browse some initial pages, to get country, and language.
>> >
>> > 2- I get to the main sign in. At that point I extract 3 variables from
>> that
>> > page:
>> > goto=....
>> > SunQueryParamsString-......
>> > and
>> > SAMLRequest=......
>> >
>> > 3- I get into the login page
>> > http://xxxxxx.com/sso/UI/Login
>> > In this step I post
>> > goto=....
>> > SunQueryParamsString-......
>> > plus the userid and password.
>> >
>> >
>> > However, the authentication fails. When I analyze the transactions using
>> > Badboy I see that on the login step (3) there are 3 subrequest one of
>> them
>> > gets a new SAMLRequest which is a bigger size and also a new URL with a
>> new
>> > parameter. Please refer below
>> >
>> >
>> http://xxxxxx/SSORedirect/metaAlias/serion/idp?ReqID=a41jgig0630g57de3igeh6h
>> >
>> > The questions:
>> >
>> > I am not sure how to extract the variables SAMLRequest and the ReqID=
>> from
>> > the http://xxxxxx.com/sso/UI/Login because it fails in Jmeter. So I am
>> not
>> > sure how I can handle that.
>> >
>> > Any ideas?
>> >
>>
>> Have you tried using the JMeter proxy to record the session?
>>
>> > Thanks in advance.
>> >
>> > Dan
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: user-unsubscribe@jmeter.apache.org
>> For additional commands, e-mail: user-help@jmeter.apache.org
>>
>>
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@jmeter.apache.org
For additional commands, e-mail: user-help@jmeter.apache.org
Re: Jmeter, SAMLResponse and subrequest question
Posted by Daniel Corredor <da...@gmail.com>.
Yes, I did not luck either. The whole problem is that in the login step
there are 2 redirections with dynamic values and my script fails there.
1) It is a URL that gets a dynamic value as I explained before
2) using that URL I get a new SAMLResponse value
Has anybody experience something like this?
Thanks.
Dan
On Fri, Nov 2, 2012 at 2:41 PM, sebb <se...@gmail.com> wrote:
> On 2 November 2012 14:32, Daniel Corredor <da...@gmail.com> wrote:
> > Hi Everyone,
> >
> > I am trying to develop an script in which I am unable to authenticate.
> The
> > analysis I have done for the script is the following:
> >
> > 1- Browse some initial pages, to get country, and language.
> >
> > 2- I get to the main sign in. At that point I extract 3 variables from
> that
> > page:
> > goto=....
> > SunQueryParamsString-......
> > and
> > SAMLRequest=......
> >
> > 3- I get into the login page
> > http://xxxxxx.com/sso/UI/Login
> > In this step I post
> > goto=....
> > SunQueryParamsString-......
> > plus the userid and password.
> >
> >
> > However, the authentication fails. When I analyze the transactions using
> > Badboy I see that on the login step (3) there are 3 subrequest one of
> them
> > gets a new SAMLRequest which is a bigger size and also a new URL with a
> new
> > parameter. Please refer below
> >
> >
> http://xxxxxx/SSORedirect/metaAlias/serion/idp?ReqID=a41jgig0630g57de3igeh6h
> >
> > The questions:
> >
> > I am not sure how to extract the variables SAMLRequest and the ReqID=
> from
> > the http://xxxxxx.com/sso/UI/Login because it fails in Jmeter. So I am
> not
> > sure how I can handle that.
> >
> > Any ideas?
> >
>
> Have you tried using the JMeter proxy to record the session?
>
> > Thanks in advance.
> >
> > Dan
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscribe@jmeter.apache.org
> For additional commands, e-mail: user-help@jmeter.apache.org
>
>
Re: Jmeter, SAMLResponse and subrequest question
Posted by sebb <se...@gmail.com>.
On 2 November 2012 14:32, Daniel Corredor <da...@gmail.com> wrote:
> Hi Everyone,
>
> I am trying to develop an script in which I am unable to authenticate. The
> analysis I have done for the script is the following:
>
> 1- Browse some initial pages, to get country, and language.
>
> 2- I get to the main sign in. At that point I extract 3 variables from that
> page:
> goto=....
> SunQueryParamsString-......
> and
> SAMLRequest=......
>
> 3- I get into the login page
> http://xxxxxx.com/sso/UI/Login
> In this step I post
> goto=....
> SunQueryParamsString-......
> plus the userid and password.
>
>
> However, the authentication fails. When I analyze the transactions using
> Badboy I see that on the login step (3) there are 3 subrequest one of them
> gets a new SAMLRequest which is a bigger size and also a new URL with a new
> parameter. Please refer below
>
> http://xxxxxx/SSORedirect/metaAlias/serion/idp?ReqID=a41jgig0630g57de3igeh6h
>
> The questions:
>
> I am not sure how to extract the variables SAMLRequest and the ReqID= from
> the http://xxxxxx.com/sso/UI/Login because it fails in Jmeter. So I am not
> sure how I can handle that.
>
> Any ideas?
>
Have you tried using the JMeter proxy to record the session?
> Thanks in advance.
>
> Dan
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@jmeter.apache.org
For additional commands, e-mail: user-help@jmeter.apache.org