Simulating MS AD Login for Jmeter Performance Testing

dixitaro-MSFT 196 Reputation points Microsoft Employee
2020-02-18T03:32:42.377+00:00

Hi Team,

For my project, I need to write a Jmeter script to performance test the Login functionality. It is using Azure AD B2C API for login.

In the network tab of Chrome, it shows that Microsoft is calling 3 APIs internally before it comes back to the Redirect page of the website.

  1. GET oauth2/v2.0/authorize - We are able to simulate in Jmeter/Postman
  2. POST SelfAsserted - This has my username and password in the Form Data. Not able to simulate in Jmeter/Postman
  3. GET api/CombinedSigninAndSignup/confirmed - This is the last API from Microsoft which gets called.
  4. The redirect page of my Application is called, it has a token in id_token field in Form data.

Could you please tell us, how the simulation for SelfAsserted and Confirmed call will work ? Whether its possible to simulate the exact flow or not. I have got many posts online about how to simulate Authorize call, but not finding enough material on SelfAsserted API call.

Kindly assist.

Thanks,

Saheli

Azure Active Directory External Identities
0 comments
Accepted answer
  1. AmanpreetSingh-MSFT 56,001 Reputation points
    2020-02-18T15:55:59.19+00:00

    @dixitaro-MSFT We cannot simulate complete user flow in Jmeter because the CombinedSigninAndSignup API utilizes SelfAsserted API so that a consumer can provide required information in the Form to perform sign-up or signin. These APIs are called on the fly when a B2C user flow is initiated which is why we cannot pre-populate the information. For sign-in, we can pass username via Oauth parameters username_hint but password cannot be pre-populated. Similarly for signup, there may be a number of attributes required to be provided in the self asserted form which cannot be pre-populated.

    -----------------------------------------------------------------------------------------------------------

    Please "Accept as answer" wherever the information provided helps you to help others in the community.

    1 person found this answer helpful.

4 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Anjaneya Dandu 1 Reputation point
    2021-02-01T23:03:59.44+00:00

    Hi Team,

    I am able to automate B2C flow in my current project and able to do a load testing with JMeter. but, before it took 3 weeks efforts to do manual flows in Browser to capture right csrf_token token and pass it to CombinedSigninAndSignup API. once its done, JMeter is able to handle 3 internal redirect calls for CombinedSigninAndSignup and moving to next page. I am now able to do E2E Journey in JMeter and be able to do POC assessment for azure-ad-b2c..

  2. Kukreti, Kanika 1 Reputation point
    2022-04-25T11:02:23.94+00:00

    Hello Anjaneya,

    Could you please share the solution with me as well. My email id is kanika.kukreti@DNVGL .com.

    Appreciate your help. Thanks in advance

    Kanika

    0 comments
  3. Akshay Vyas 0 Reputation points
    2023-02-28T11:07:33.2533333+00:00

    Hi Could you share the Jmeter script for the AD authentication? if anybody got this script please send this on email :-akshayvyas098@gmail.com

    0 comments
  4. Gergely Gaál 0 Reputation points
    2023-08-06T23:10:09.02+00:00

    Hi Could you share the Jmeter script for the AD authentication? if anybody got this script please send this: gaal.gery90@gmail.com

    0 comments