JMeter logout POST request doesn't actually log out - http-headers

I'm fairly new with JMeter and am trying to create a log in/log out script for my application with JMeter (2.13). Log in works fine but the log out request isn't logging out. If I look at the response body, it still has the page for the logged in user.
When I log out in Chrome, the request header has one cookie and the response header has set_cookie and a new cookie. In JMeter both request and response header have the same cookie.
Am I missing a step somewhere?
Some notes:
- I am using the an HTTP Cookie Manager
- The initial log out request redirects due to a 302 response.
- In both the log in and log out post requests I'm using the CSRF token that I extracted from the original GET request to go to the sign in page.
- I built the script with the recording tool (HTTP(S) Test Script Recorder)

Related

REST API - SAML Authentication with Azure AD as IDP

Having application with SAML authentication along with Azure AD as IDP. When I hit Login SSO button the following happens:
Hits SAML Redirect URL (/Saml/SAMLLoginRedirect)
Redirects automatically to Ping Federator. Redirected URL is received with the response header of the first request. URL consist some SAMLRequest Token and RelayState value. Final response has Submit Form along with new SAMLRequest token and RelayState.
Hitting IDP (login.microsoftonline.com//saml2 with the SAMLRequest and RelayState from the final response not works as expected.
I have resolved this issue in jmeter. I have just enabled Follow Redirect so jmeter provides the response and cookie. I am extracting the Header value of first the request from URL. It is just because Jmeter has the feature of accumulating redirect sample into the original request.
So I am again hitting Ping Federator with the Token and RelayState received using URL extractor along with final response Cookie.
Further I am able to complete the IDP process successfully.
I am not able to achieve the same using RestAssured. When I disable redirect I am able to get the url from header. Processing the URL from the header value throws 500 error code though I have added the cookie information.
If I enabled redirect I am getting 200 response code along with expected response body and cookie.
But I am unable to proceed to the Ping Federator with the token and relay state received from the response. So I have to hit again the Ping Federator with the previous SAML Token again as I did with jMeter to achieve the proper response.
Problem: Unable to get the header value if I enable the redirect and further processing fails. If I disable the redirect then I am not getting Cookie and expected response when processing the URL from header value. Here all are GET request until the IDP (login.microsoftonline.com)
JMeter's HTTP Cookie Manager automatically extracts cookies from the Set-Cookie response header and sends them with the next request via Cookie request header if domain and path match and the cookie isn't expired.
RestAssured doesn't do this automatically so you will need to extract the cookies from the response and add them to the next request manually.
References:
REST Assured Tutorial 49 – How To Retrieve Single and MultiValue Headers From Response Using Rest Assured
Headers, Cookies and Parameters with REST-assured
Going forward you can just use a sniffer tool like Fiddler or Wireshark to compare requests coming from JMeter and RestAssured, given you send the same request (apart from dynamic parameteres which need to be correlated) you will get the same response

can't make successful request to the API from the browser except from postman

I was given an API and I can log in to it and make successful requests with it on Postman but on the browser, the requests are failing with the content saying that `This site can't provide a secure connection

How to use JMeter for Login Authentication through Identity server 5.2 for ASP.Net MVC Web Application

I am trying to do the performance test for the ASP.Net MVC Web Application,
the Application is working with the Identity Server 5.2 to Login authentication.
I'm facing problem with login through the identity server.
Jmeter Version: 5.1.1
Description of the case:
Open URL of the website.
It will redirect you to the Identity website
Fill username and password
Log in to the application
Final URL will be the same as in point 1.
I was following the instruction below,
https://www.youtube.com/watch?time_continue=10&v=hGkrSFKcj10
base on this I created a Jmeter test plan
Test Plan
Thread Group
First HTTP Req - GET the "https://CorrectURL.com/
Assertion
View result three
Second HTTP Req - Post the username and Password on the https://identity.com/core/identityTokenUniqueForEverySingleLogin
Assertion
View result three
First HTTP request was successful:
I received Sampler Results:
HTTP Request - GET the Identity-0 Response code: 301
HTTP Request - GET the Identity-1 Response code: 302
HTTP Request - GET the Identity-2 Response code: 302
HTTP Request - GET the Identity-3 Response code: 302
HTTP Request - GET the Identity-4 Response code: 200
Second response:
Because every time Identity token is different, I don't know how can I take the token and use it during login.
Also what kind of information do I need to do the HTTP POST?
Can I Find then somewhere in Development tool?
I used also BlazeMeter to record the login process but when I'm running it again I'm receiving:
Response code: 405 Method Not Allowed
Response code: 500 Internal Server Error
Any advice will be appreciated
Looking into Identity Server documentation it appears to be using a cookie therefore my expectation is that adding a HTTP Cookie Manager should solve the problem (at least partially).
Not knowing the details of your Identity Server configuration details and seeing request/response sequence it is hard to come up with the comprehensive instructions, however my expectation is that it is the matter of simple correlation to wit:
Open your application login page (make sure that HTTP Cookie Manager is there)
Open identity server
Extract the token from the response if needed using a suitable JMeter PostProcessor and save the value into a JMeter Variable
Use the JMeter Variable from the step 3 instead of recorded hard-coded token

Handling cookies in HTTP request in Jmeter

I have a Jmeter load project the requires retrieving 2 values of cookies and resend them in the other requests.
Here is my project test plan:
-Test Plan
-Thread Group
-Login request
-Payment page
-Payment history page
-HTTP Cookie Manager
-HTTP Header Manager
-View Results Tree
Cookie Data:
JSESSIONID=0000SZb55xyLAaqLlDzumq_PpIw:-1; XSRF-TOKEN=a684e233-648e-4219-ae21-25fb362e232d
The cookie data is received successfully from the login request by cookie manager and sent in the second request (Payment page) but in the third request (Payment history page) only JSESSIONID is sent and I don't know why the second cookie is not sent in the third request.
Most probably you are not getting this cookie in Set-Cookie response header for second request therefore it doesn't get picked up by the cookie manager. If your application expects the cookie in 3rd request it might be your application issue.
As a workaround you can store the cookie value into a JMeter Variable for later re-use.
Add the next line to user.properties file (lives in the "bin" folder of your JMeter installation
CookieManager.save.cookies=true
Restart JMeter to pick the property up
That's it, now you should be able to refer cookie value as ${COOKIE_XSRF-TOKEN} where required, for example add another HTTP Cookie Manager as a child of the 3rd request (according to Scoping Rules "local" cookie manager will override the "global" one) and define XSRF_TOKEN and other cookies if needed there)
See Using the HTTP Cookie Manager in JMeter article for more information on handling cookies in JMeter tests.

JMeter Cookie Manager

I am using JMeter to make a simple login test on my website. I have a Thread Group which contains a Cookie Manager, an HTTP request to the root page, then an HTTP Post which posts a username and password, and then a Results view. When I run the test and view the response, the results show that the first HTTP request correctly calls set-cookie with the JSessionID, but the second HTTP request that POSTS credentials has no cookies - shouldn't this cookie be posted from the Cookie Manager? Thanks.
In most apps that I've tested, I don't see the actual cookie information after the initial request.
If your session isn't being maintained, there are a few quick things to check:
1. there are no hard coded JSessionID values in the HTTP Requests;
2. try different cookie manager types - different applications expect different settings.