Share via

Simulating MS AD Login for Jmeter Performance Testing

dixitaro-MSFT 206 Reputation points Microsoft Employee Moderator
2020-02-18T03:32:42.377+00:00

Hi Team,

For my project, I need to write a Jmeter script to performance test the Login functionality. It is using Azure AD B2C API for login.

In the network tab of Chrome, it shows that Microsoft is calling 3 APIs internally before it comes back to the Redirect page of the website.

  1. GET oauth2/v2.0/authorize - We are able to simulate in Jmeter/Postman
  2. POST SelfAsserted - This has my username and password in the Form Data. Not able to simulate in Jmeter/Postman
  3. GET api/CombinedSigninAndSignup/confirmed - This is the last API from Microsoft which gets called.
  4. The redirect page of my Application is called, it has a token in id_token field in Form data.

Could you please tell us, how the simulation for SelfAsserted and Confirmed call will work ? Whether its possible to simulate the exact flow or not. I have got many posts online about how to simulate Authorize call, but not finding enough material on SelfAsserted API call.

Kindly assist.

Thanks,

Saheli

Microsoft Security | Microsoft Entra | Microsoft Entra External ID
Answer accepted by question author
  1. AmanpreetSingh-MSFT 56,956 Reputation points Moderator
    2020-02-18T15:55:59.19+00:00

    @dixitaro-MSFT We cannot simulate complete user flow in Jmeter because the CombinedSigninAndSignup API utilizes SelfAsserted API so that a consumer can provide required information in the Form to perform sign-up or signin. These APIs are called on the fly when a B2C user flow is initiated which is why we cannot pre-populate the information. For sign-in, we can pass username via Oauth parameters username_hint but password cannot be pre-populated. Similarly for signup, there may be a number of attributes required to be provided in the self asserted form which cannot be pre-populated.

    -----------------------------------------------------------------------------------------------------------

    Please "Accept as answer" wherever the information provided helps you to help others in the community.

    1 person found this answer helpful.

6 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Chris Spanellis 36 Reputation points
    2024-02-07T14:09:34.09+00:00

    I was able to achieve this with the attached JMeter script. I parsed the variables from the header the body to get what's necessary. The only hard coded variables you will need are the initial URL info, and the email and password to login. The rest will be dynamically parsed through the lifecycle. Hope this helps! (just need to rename the file to .jmx) AzureB2C.xml

    1 person found this answer helpful.
  2. Anjaneya Dandu 6 Reputation points
    2021-02-01T23:03:59.44+00:00

    Hi Team,

    I am able to automate B2C flow in my current project and able to do a load testing with JMeter. but, before it took 3 weeks efforts to do manual flows in Browser to capture right csrf_token token and pass it to CombinedSigninAndSignup API. once its done, JMeter is able to handle 3 internal redirect calls for CombinedSigninAndSignup and moving to next page. I am now able to do E2E Journey in JMeter and be able to do POC assessment for azure-ad-b2c..

    1 person found this answer helpful.
  3. Akshay Vyas 0 Reputation points
    2023-02-28T11:07:33.2533333+00:00

    Hi Could you share the Jmeter script for the AD authentication? if anybody got this script please send this on email :-******@gmail.com

    0 comments
  4. Kukreti, Kanika 1 Reputation point
    2022-04-25T11:02:23.94+00:00

    Hello Anjaneya,

    Could you please share the solution with me as well. My email id is kanika.kukreti@DNVGL .com.

    Appreciate your help. Thanks in advance

    Kanika

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.