Bad Request : 400, when generating bearer token for OAuth2.0 - api

I have setup an api in jmeter which will generate the bearer token for OAuth 2.0. When checking the request body in view result tree listener, seems like jmeter is not parsing the -Client Secret key.
request making
View Result tree - Request body
Response - 400

Please try the below,
Tried it on postman, (working fine)
Now from JMeter, (working fine)
I guess you missed the checkboxes (URL Encode?) in the request parameters in the Jmeter section

HTTP Status 400 means "bad request", one of your request parameters is not correct, like URL or request data or request headers, cross check them with browser/postman
If you're able to successfully execute the request using Postman you can just record the request from Postman using JMeter's HTTP(S) Test Script Recorder
Start JMeter proxy server
Configure Postman to use JMeter as the proxy
Run your request in Postman
JMeter will capture the request and generate appropriate HTTP Request sampler and HTTP Header Manager
More information: How to Convert Your Postman API Tests to JMeter for Scaling

Related

REST API - SAML Authentication with Azure AD as IDP

Having application with SAML authentication along with Azure AD as IDP. When I hit Login SSO button the following happens:
Hits SAML Redirect URL (/Saml/SAMLLoginRedirect)
Redirects automatically to Ping Federator. Redirected URL is received with the response header of the first request. URL consist some SAMLRequest Token and RelayState value. Final response has Submit Form along with new SAMLRequest token and RelayState.
Hitting IDP (login.microsoftonline.com//saml2 with the SAMLRequest and RelayState from the final response not works as expected.
I have resolved this issue in jmeter. I have just enabled Follow Redirect so jmeter provides the response and cookie. I am extracting the Header value of first the request from URL. It is just because Jmeter has the feature of accumulating redirect sample into the original request.
So I am again hitting Ping Federator with the Token and RelayState received using URL extractor along with final response Cookie.
Further I am able to complete the IDP process successfully.
I am not able to achieve the same using RestAssured. When I disable redirect I am able to get the url from header. Processing the URL from the header value throws 500 error code though I have added the cookie information.
If I enabled redirect I am getting 200 response code along with expected response body and cookie.
But I am unable to proceed to the Ping Federator with the token and relay state received from the response. So I have to hit again the Ping Federator with the previous SAML Token again as I did with jMeter to achieve the proper response.
Problem: Unable to get the header value if I enable the redirect and further processing fails. If I disable the redirect then I am not getting Cookie and expected response when processing the URL from header value. Here all are GET request until the IDP (login.microsoftonline.com)
JMeter's HTTP Cookie Manager automatically extracts cookies from the Set-Cookie response header and sends them with the next request via Cookie request header if domain and path match and the cookie isn't expired.
RestAssured doesn't do this automatically so you will need to extract the cookies from the response and add them to the next request manually.
References:
REST Assured Tutorial 49 – How To Retrieve Single and MultiValue Headers From Response Using Rest Assured
Headers, Cookies and Parameters with REST-assured
Going forward you can just use a sniffer tool like Fiddler or Wireshark to compare requests coming from JMeter and RestAssured, given you send the same request (apart from dynamic parameteres which need to be correlated) you will get the same response

Jmeter showing response code as 300 in response

I am working in a desktop application which contains API as well.
So when I try to hit the API using Jmeter with the local server name as localhost. I am getting the response as below
Response code:300
Response message:MULTIPLE CHOICES
Response data:
{"succeed": false, "error_message": "No data JSON received!"}
Even I tried with the Content-Type as application/json and multipart/form-data, but not worked.
Note: When I try to hit the same API using Postman, I got the 200 status.
If you're able to successfully execute the request using Postman you should be able to do this using JMeter as well. We cannot state what's wrong without seeing your Postman and JMeter configurations, just make sure that everything is the same:
request URL
request bosy
request headers
etc.
If you will send the same request - you will get the same response.
Be aware that you can just record the request from Postman using JMeter
Start JMeter's HTTP(S) Test Script Recorder
If you're using HTTPS protocol - import JMeter's certificate into Postman
Configure Postman to use JMeter as the proxy
Run your request in Postman
JMeter will capture the request and generate relevant HTTP Request sampler and HTTP Header Manager
More information: How to Convert Your Postman API Tests to JMeter for Scaling

Same HTTPS request works in Postman but gives 400 Bad Request in JMeter

I think I tried all the possible combinations of headers and body for my POST request in JMeter but is giving me 400 Bad Request saying that the languagePairID parameter from the body is invalid even tho it is exactly same as in Postman.
My headers:
And the request:
Meanwhile in Postman in works perfectly fine:
I tried checking and unchecking the multipart/form-data and browser-compatible headers, but nothing seems to help. I read that using Wireshark might be useful in such cases but I think for this one is not possible as it is HTTPS. I will be very grateful for any advice.
Uncheck "Use mutipart/form-data"
Remove everything from the "Body Data" tab
Switch to "Parameters" tab and put your parameters there:
Going forward be informed that you can easily convert your Postman script into JMeter:
Start JMeter's HTTP(S) Test Script Recorder
Import JMeter's certificate to Postman
Configure Postman to use JMeter as the proxy
Run your request in Postman
JMeter will capture the request and generate relevant HTTP Request sampler and HTTP Header Manager
More information: How to Convert Your Postman API Tests to JMeter for Scaling

When i POST a URL with Headers with Body data it is working fine in J METER -HTTP API request i get the following Error

In POSTMAN when i POST a URL with Headers with Body data it is working fine and getting Response as 200,but when i POST the same in J meter HTTP API request i am receiving the following Error.
Headers size in bytes: 124
Body size in bytes: 54
Sample Count: 1
Error Count: 1
Data type ("text"|"bin"|""): text
Response code: 404
Response message: Resource Not Found
If you're sending the same requests you should be getting the same responses. HTTP Status Code 404 means that URL path is not correct so you need to check the path of your URL as most probably there is a difference there. Even non-printable characters which you cannot see in JMeter GUI are encoded into their equivalents so whitespace becomes %20 so pay attention to literally everything.
In any case given you can successfully execute the request in Postman it means that you can record it using JMeter's HTTP(S) Test Script Recorder
Prepare JMeter for recording, the easiest way is using JMeter Templates Feature
once JMeter creates a Test Plan for your - expand and start the HTTP(S) Test Script Recorder
Prepare Postman for recording, configure it to use JMeter as the proxy:
Run your request in Postman
That's it, JMeter should capture the request and save it under the Recording Controller along with the HTTP Header Manager containing corresponding request headers

How to use JMeter for Login Authentication through Identity server 5.2 for ASP.Net MVC Web Application

I am trying to do the performance test for the ASP.Net MVC Web Application,
the Application is working with the Identity Server 5.2 to Login authentication.
I'm facing problem with login through the identity server.
Jmeter Version: 5.1.1
Description of the case:
Open URL of the website.
It will redirect you to the Identity website
Fill username and password
Log in to the application
Final URL will be the same as in point 1.
I was following the instruction below,
https://www.youtube.com/watch?time_continue=10&v=hGkrSFKcj10
base on this I created a Jmeter test plan
Test Plan
Thread Group
First HTTP Req - GET the "https://CorrectURL.com/
Assertion
View result three
Second HTTP Req - Post the username and Password on the https://identity.com/core/identityTokenUniqueForEverySingleLogin
Assertion
View result three
First HTTP request was successful:
I received Sampler Results:
HTTP Request - GET the Identity-0 Response code: 301
HTTP Request - GET the Identity-1 Response code: 302
HTTP Request - GET the Identity-2 Response code: 302
HTTP Request - GET the Identity-3 Response code: 302
HTTP Request - GET the Identity-4 Response code: 200
Second response:
Because every time Identity token is different, I don't know how can I take the token and use it during login.
Also what kind of information do I need to do the HTTP POST?
Can I Find then somewhere in Development tool?
I used also BlazeMeter to record the login process but when I'm running it again I'm receiving:
Response code: 405 Method Not Allowed
Response code: 500 Internal Server Error
Any advice will be appreciated
Looking into Identity Server documentation it appears to be using a cookie therefore my expectation is that adding a HTTP Cookie Manager should solve the problem (at least partially).
Not knowing the details of your Identity Server configuration details and seeing request/response sequence it is hard to come up with the comprehensive instructions, however my expectation is that it is the matter of simple correlation to wit:
Open your application login page (make sure that HTTP Cookie Manager is there)
Open identity server
Extract the token from the response if needed using a suitable JMeter PostProcessor and save the value into a JMeter Variable
Use the JMeter Variable from the step 3 instead of recorded hard-coded token