25,178 questions
Jmeter Performance Test-Azure AD SAML/OAuth B2B/B2C
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(105.60000000000001, 71%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EI%3C/text%3E%3C/svg%3E)
iakj
0
Reputation points
Hi,
Our site uses MS Azure AD SAML/OAuth B2B/B2C to authenticate all users. In order to automate the performance tests using JMeter, we need to simulate the login into the Azure AD initially. We captured all the requests in the browser to simulate the same in Jmeter.
So far, we are following these steps:
GET to the custom B2C generic SAML login page with the entity id passed as a query parameter.
From this point we get the following parameters that are used in the next step: csrftoken, transid, nonce
This step is working as expected and we get all expected parameters.
POST to selfAsserted endpoint with the params : tx (transid), p (policy) etc. This step is working as expected and we get {status: "200"} as response.
GET to selfAsserted/confirmed with the params : p, tx, csrf_token and diags. This step is working as expected and we get 302 to authorize URL as response.
GET to authorize URL : login.microsoftonline.com/clientID/oauth2/v2.0/authorize with params : client_id, redirect_uri, response_type, scope, response_mode, nonce, state, sso_reload(true).
From this point we get the following parameters that are used in the next step: esctx, canary, ApiCanary, flowToken, originalRequest, hpgact, hpgid, hpgrequestid, x-ms-request-id, buid, ctx
This step is working as expected and we get all the expected parameters.
POST to login.microsoftonline.com/clientID/login
We made a POST using Content-Type application/x-www-form-urlencoded and the body consisting of flowToken, login, password, canary, hpgrequestid and ctx.
This step is working as expected and we get the code, state and session_state as part of the response body.
POST to redirect_uri with the code, state and session_state in its body : We get back SAMLResponse, but its invalid when we decode.
(Message: An invalid OAuth response was received)
We have added the correlation between the steps and verified that we are passing all the cookies and headers to every step (HTTP Request) in the Test Plan and so far we get the same responses and cookies as if we were in the browser.
Please let us know if we are missing anything or what can be done to get the correct SAMLResponse.
Thanks a lot in advance.
Best regards,
Microsoft Security | Microsoft Entra | Microsoft Entra ID
{count} votes
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(281.6, 17%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGM%3C/text%3E%3C/svg%3E)
Givary-MSFT 35,626 Reputation points Microsoft Employee Moderator2023-06-28T07:16:21.3166667+00:00 @iakj Thank you for reaching out to us, As I understand you are trying to perform Jmeter Performance Test-Azure AD SAML/OAuth B2B/B2C, during the process you are getting error at POST with message An invalid OAuth response.
This issue needs 1-1 troubleshooting, if you can share the Azure subscription ID I can enable free support option on the subscription so that you can work with our support team to troubleshoot the same.
Let me know if you have any further questions, feel free to post back.
-
iakj 0 Reputation points
2023-07-05T04:34:24.78+00:00 Hi @Givary-MSFT , thanks for the response. We got a chance to look into the logs of B2B and B2C Apps, where the B2B transaction was showing the status "SUCCESS", whereas B2C was giving the below error:
"Key": "Exception", "Value": { "Kind": "Handled", "HResult": "80131500", "Message": "An invalid OAuth response was received: \"{0}\".", "Data": { "IsPolicySpecificError": false }, "Exception": { "Kind": "Handled", "HResult": "80070057", "Message": "The value must not be null or white space.\r\nParameter name: cookieName", "Data": {} }Any help is appreciated, thanks !
Sign in to comment
Sign in to answer