Question 282090 in Azure Question posted in
The official documentation to get you started can be found here.

Azure authentication not working in JMeter after apparently correct correlation – Login API problems

Referring to the same question raised before in this post : Azure authentication not working in JMeter

the API: https://login.microsoftonline.com/login/{Tenant_ID}/login, is not responding with expected response after applying the needed correlation

REQUEST PARAMS :

PPSX : empty ,

IsFidoSupported : 1 ,

ps : 2 ,

hisScaleUnit : empty ,

hpgrequestid : ${sessionId} ,

Value Coming from API GET : https://login.microsoftonline.com/{TENANT_ID}/saml2?SAMLRequest=${SAMLToken}&RelayState=${RelayStateToken}&SigAlg=${SigAlgToken}&Signature=${SignatureToken}&sso_reload=true

i13 : 0 ,

login : ${username} ,

type : 11 ,

LoginOptions : 3,

flowToken : :${sFT}

Value Coming from API GET : https://login.microsoftonline.com/{TENANT_ID}/saml2?SAMLRequest=${SAMLToken}&RelayState=${RelayStateToken}&SigAlg=${SigAlgToken}&Signature=${SignatureToken}&sso_reload=true

i19 : 24803 ,

psRNGCEntropy : empty ,

loginfmt : ${username} ,

isSignupPost : 0 ,

NewUser: 1 ,

canary: ${Canary} ,

Value Coming from API GET : https://login.microsoftonline.com/{TENANT_ID}/saml2?SAMLRequest=${SAMLToken}&RelayState=${RelayStateToken}&SigAlg=${SigAlgToken}&Signature=${SignatureToken}&sso_reload=true

hisRegion : empty ,

ctx : ${sCtxToken} ,

Value Coming from API GET : https://login.microsoftonline.com/{TENANT_ID}/saml2?SAMLRequest=${SAMLToken}&RelayState=${RelayStateToken}&SigAlg=${SigAlgToken}&Signature=${SignatureToken}&sso_reload=true

psRNGCDefaultType : empty,

CookieDisclosure : 0,

lrtPartition : empty ,

i21 : 0,

lrt : empty,

psRNGCSLK : empty,

passwd : ${password},

FoundMSAs : empty,

fspost : 0

RESPONSE :

<!DOCTYPE html>
<html>
<head>
    <title>Redirecting</title>
    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
    <meta http-equiv="X-UA-Compatible" content="IE=edge">
    <meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=2.0, user-scalable=yes">
    <meta http-equiv="Pragma" content="no-cache">
    <meta http-equiv="Expires" content="-1">
    <meta name="PageID" content="BssoInterrupt" />
    <meta name="SiteID" content="" />
    <meta name="ReqLC" content="1033" />
    <meta name="LocLC" content="en-US" />

EXPECTED RESPONSE:

Cookies for the above API should return values for params : CCState , ESTSAUTH , ESTSAUTHLIGHT , ESTSAUTHPERSISTENT , SignInStateCookie , buid which has not been returned in JMeter

Body for the above API should return values for params : SAMLResponse , RelayState and then after the value of these 2 params will be passed to the next API : POST: https://${URL}/samlauthn/

Content : <title>Working...</title> instead of <title>Redirecting</title>

Resolution steps:
I’ve tried to apply the fixes suggested in the related post "mentioned on top" by adding a post API request coming as a value from the response of the above login request under the "urlPost" key and then passed all the params already passed to the login request API without the i19 parameteras a urlPost_login_followup but still getting the response

<html>
<head>
<noscript>JavaScript required to sign in</noscript>
<title>Continue</title>
<script type="text/javascript">function OnBack(){}function DoSubmit(){var subt=false;if(!subt){subt=true;document.fmHF.submit();}}</script>
</head>
<body onload="javascript:DoSubmit();">
<form name="fmHF" id="fmHF" action="https://portal.microsoftonline.com?wa=wsignin1.0" method="post" target="_self">
<input type="hidden" name="t" id="t" value="${value}">
</form>
</body>
</html>

So, I’m not sure Exactly what else need to be done in order to bypass the required authentication for the following API: https://{URL}/samlauthn/ and all the proceeding ones.

Tags:

2

Answers


  1. 0

    If you’re getting unexpected response it means that you are not sending the same request as the real browser does.

    1. Make sure that JMeter is configured to behave like a real browser
    2. Use a 3rd-party sniffer tool like Fiddler or Wireshark to capture the requests which originate from JMeter and from the real browser
    3. Execute your login using JMeter and the real browser
    4. Compare resulting requests. Given you will send the same request as the real browser does (apart from dynamic parameters which need to be correlated) you will get the same response.
    5. Amend your JMeter configuration accordingly.

    If you need further assistance you will need to share network dumps in form of i.e. .har files for both successful and failing scenarios.

    You may find How to Load Test SAML SSO Secured Websites with JMeter useful up to certain extent.

    Login or Signup to reply.
  2. 0

    I was getting the same issue , then I noticed that I had User-Agent field missing from HTTP Header manager in Jmeter for https://login.microsoftonline.com/%7Btenant_id%7D/login

    Just add User-Agent and it will work.

    User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:108.0) Gecko/20100101 Firefox/108.0

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search