Simulating MS AD Login for Jmeter Performance Testing

dixitaro-MSFT 196 Reputation points Microsoft Employee
2020-02-18T03:32:42.377+00:00

Hi Team,

For my project, I need to write a Jmeter script to performance test the Login functionality. It is using Azure AD B2C API for login.

In the network tab of Chrome, it shows that Microsoft is calling 3 APIs internally before it comes back to the Redirect page of the website.

  1. GET oauth2/v2.0/authorize - We are able to simulate in Jmeter/Postman
  2. POST SelfAsserted - This has my username and password in the Form Data. Not able to simulate in Jmeter/Postman
  3. GET api/CombinedSigninAndSignup/confirmed - This is the last API from Microsoft which gets called.
  4. The redirect page of my Application is called, it has a token in id_token field in Form data.

Could you please tell us, how the simulation for SelfAsserted and Confirmed call will work ? Whether its possible to simulate the exact flow or not. I have got many posts online about how to simulate Authorize call, but not finding enough material on SelfAsserted API call.

Kindly assist.

Thanks,

Saheli

Microsoft Entra External ID
Microsoft Entra External ID
A modern identity solution for securing access to customer, citizen and partner-facing apps and services. It is the converged platform of Azure AD External Identities B2B and B2C. Replaces Azure Active Directory External Identities.
2,872 questions
{count} votes

Accepted answer
  1. AmanpreetSingh-MSFT 56,601 Reputation points
    2020-02-18T15:55:59.19+00:00

    @dixitaro-MSFT We cannot simulate complete user flow in Jmeter because the CombinedSigninAndSignup API utilizes SelfAsserted API so that a consumer can provide required information in the Form to perform sign-up or signin. These APIs are called on the fly when a B2C user flow is initiated which is why we cannot pre-populate the information. For sign-in, we can pass username via Oauth parameters username_hint but password cannot be pre-populated. Similarly for signup, there may be a number of attributes required to be provided in the self asserted form which cannot be pre-populated.

    -----------------------------------------------------------------------------------------------------------

    Please "Accept as answer" wherever the information provided helps you to help others in the community.

    1 person found this answer helpful.

6 additional answers

Sort by: Most helpful
  1. Anjaneya Dandu 1 Reputation point
    2021-02-01T23:03:59.44+00:00

    Hi Team,

    I am able to automate B2C flow in my current project and able to do a load testing with JMeter. but, before it took 3 weeks efforts to do manual flows in Browser to capture right csrf_token token and pass it to CombinedSigninAndSignup API. once its done, JMeter is able to handle 3 internal redirect calls for CombinedSigninAndSignup and moving to next page. I am now able to do E2E Journey in JMeter and be able to do POC assessment for azure-ad-b2c..


  2. Kukreti, Kanika 1 Reputation point
    2022-04-25T11:02:23.94+00:00

    Hello Anjaneya,

    Could you please share the solution with me as well. My email id is kanika.kukreti@DNVGL .com.

    Appreciate your help. Thanks in advance

    Kanika

    0 comments No comments

  3. Akshay Vyas 0 Reputation points
    2023-02-28T11:07:33.2533333+00:00

    Hi Could you share the Jmeter script for the AD authentication? if anybody got this script please send this on email :-akshayvyas098@gmail.com

    0 comments No comments

  4. Gergely Gaál 0 Reputation points
    2023-08-06T23:10:09.02+00:00

    Hi Could you share the Jmeter script for the AD authentication? if anybody got this script please send this: gaal.gery90@gmail.com

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.