Simulating MS AD Login for Jmeter Performance Testing

dixitaro-MSFT 196 Reputation points Microsoft Employee

Hi Team,

For my project, I need to write a Jmeter script to performance test the Login functionality. It is using Azure AD B2C API for login.

In the network tab of Chrome, it shows that Microsoft is calling 3 APIs internally before it comes back to the Redirect page of the website.

  1. GET oauth2/v2.0/authorize - We are able to simulate in Jmeter/Postman
  2. POST SelfAsserted - This has my username and password in the Form Data. Not able to simulate in Jmeter/Postman
  3. GET api/CombinedSigninAndSignup/confirmed - This is the last API from Microsoft which gets called.
  4. The redirect page of my Application is called, it has a token in id_token field in Form data.

Could you please tell us, how the simulation for SelfAsserted and Confirmed call will work ? Whether its possible to simulate the exact flow or not. I have got many posts online about how to simulate Authorize call, but not finding enough material on SelfAsserted API call.

Kindly assist.



Azure Active Directory External Identities
0 comments No comments
{count} votes

Accepted answer
  1. AmanpreetSingh-MSFT 56,001 Reputation points

    @dixitaro-MSFT We cannot simulate complete user flow in Jmeter because the CombinedSigninAndSignup API utilizes SelfAsserted API so that a consumer can provide required information in the Form to perform sign-up or signin. These APIs are called on the fly when a B2C user flow is initiated which is why we cannot pre-populate the information. For sign-in, we can pass username via Oauth parameters username_hint but password cannot be pre-populated. Similarly for signup, there may be a number of attributes required to be provided in the self asserted form which cannot be pre-populated.


    Please "Accept as answer" wherever the information provided helps you to help others in the community.

    1 person found this answer helpful.

4 additional answers

Sort by: Most helpful
  1. Anjaneya Dandu 1 Reputation point

    Hi Team,

    I am able to automate B2C flow in my current project and able to do a load testing with JMeter. but, before it took 3 weeks efforts to do manual flows in Browser to capture right csrf_token token and pass it to CombinedSigninAndSignup API. once its done, JMeter is able to handle 3 internal redirect calls for CombinedSigninAndSignup and moving to next page. I am now able to do E2E Journey in JMeter and be able to do POC assessment for azure-ad-b2c..

  2. Kukreti, Kanika 1 Reputation point

    Hello Anjaneya,

    Could you please share the solution with me as well. My email id is kanika.kukreti@DNVGL .com.

    Appreciate your help. Thanks in advance


    0 comments No comments

  3. Akshay Vyas 0 Reputation points

    Hi Could you share the Jmeter script for the AD authentication? if anybody got this script please send this on email

    0 comments No comments

  4. Gergely Gaál 0 Reputation points

    Hi Could you share the Jmeter script for the AD authentication? if anybody got this script please send this:

    0 comments No comments