question

dixitaro-MSFT avatar image
0 Votes"
dixitaro-MSFT asked NagurMeeravali-6682 commented

Simulating MS AD Login for Jmeter Performance Testing

Hi Team,

For my project, I need to write a Jmeter script to performance test the Login functionality. It is using Azure AD B2C API for login.

In the network tab of Chrome, it shows that Microsoft is calling 3 APIs internally before it comes back to the Redirect page of the website.

  1. GET oauth2/v2.0/authorize - We are able to simulate in Jmeter/Postman

  2. POST SelfAsserted - This has my username and password in the Form Data. Not able to simulate in Jmeter/Postman

  3. GET api/CombinedSigninAndSignup/confirmed - This is the last API from Microsoft which gets called.

  4. The redirect page of my Application is called, it has a token in id_token field in Form data.

Could you please tell us, how the simulation for SelfAsserted and Confirmed call will work ? Whether its possible to simulate the exact flow or not. I have got many posts online about how to simulate Authorize call, but not finding enough material on SelfAsserted API call.

Kindly assist.

Thanks,

Saheli

azure-ad-b2c
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

amanpreetsingh-msft avatar image
1 Vote"
amanpreetsingh-msft answered ChrisMcAvoy-5948 published

@dixitaro-MSFT We cannot simulate complete user flow in Jmeter because the CombinedSigninAndSignup API utilizes SelfAsserted API so that a consumer can provide required information in the Form to perform sign-up or signin. These APIs are called on the fly when a B2C user flow is initiated which is why we cannot pre-populate the information. For sign-in, we can pass username via Oauth parameters username_hint but password cannot be pre-populated. Similarly for signup, there may be a number of attributes required to be provided in the self asserted form which cannot be pre-populated.


Please "Accept as answer" wherever the information provided helps you to help others in the community.

· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Thank you so much for the explanation, this is really helpful.

0 Votes 0 ·

This is very helpful to know. Is there a load tester that you know of that would work with Azure AD B2C?

0 Votes 0 ·
AnjaneyaDandu-1866 avatar image
0 Votes"
AnjaneyaDandu-1866 answered NagurMeeravali-6682 commented

Hi Team,

I am able to automate B2C flow in my current project and able to do a load testing with JMeter. but, before it took 3 weeks efforts to do manual flows in Browser to capture right csrf_token token and pass it to CombinedSigninAndSignup API. once its done, JMeter is able to handle 3 internal redirect calls for CombinedSigninAndSignup and moving to next page. I am now able to do E2E Journey in JMeter and be able to do POC assessment for azure-ad-b2c..

· 5
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@AnjaneyaDandu-1866 Request you to provide share the Jmeter script. Thanks in advance Kishore

0 Votes 0 ·

Please can you share the steps and scripts to achieve it

0 Votes 0 ·

Hi Could you share the Jmeter script for the AD authentication?

0 Votes 0 ·

Hi Anjaneya, could you share the JMeter scripts and steps to simulate AD authentication in JMeter?

0 Votes 0 ·

Kindly requesting you. Could you please provide the script to achieve it or else atleast steps or screenshot. Please

0 Votes 0 ·