Maintain State Between HTTP Requests to Keycloak in JMeter

6
votes

So I am trying to automate a JMeter script that creates Keycloak users and then signs them in.

First It GETs the login page and stores the code, here is an example request:

GET http://Keycloak.com:8001//auth/realms/REALM/protocol/openid-connect/auth?response_type=code&client_id=CLIENT&scope=openid%20profile%20email&nonce=N5b3a2da23c04a&response_mode=form_post&resource=RESOURCE&state=2SJwtlVZrswlGkw&redirect_uri=REDIRECTURI

However, when I then GET the registration page, the code changes and the tab_id also changes. How can I keep keycloak from generating a new code token with every HTTP request in a thread?

In addition, why is each HTTP request with JMeter acting like a new session instead of the next request in a series?

EDIT:

I am using Regular Expression Extractors in order to track the code and execution variables, in addition to using a HTTP Cookie Manager and HTTP Cache Manager for the thread.

Looking at my POST request, both variables are the same as those from the previous HTTP request, and all of my cookies are being maintained, yet every time I try this automated login, I get a 400 error and the keycloak event log displays an invalid_code error.

Edit: As requested here is a screenshot of all my sign in requests enter image description here

3
jmeterkeycloak
Can you show the structureof your test plan ? ThanksUBIK LOAD PACK
@UBIKLOADPACK as In what Order My HTTP Request scome in?Flotolk
somewhat, we need to know the structure of your plan to understandUBIK LOAD PACK
@UBIKLOADPACK I need to load the moodle page to get my moodle session key, then from there load my keycloak login to get my keycloak code and state, then push the username and password to the keycloak login. This requires the session and code, but using the ones I get from my pull results in the error invalid_code in my logFlotolk
thanks, but can you click on + button and put the screenshot here. thanksUBIK LOAD PACK

3 Answers

4
votes

Most probably your Regular Expression Extractor is not nested in the HTTP Request you are trying to extract data from.

If its scope is too wide, it applies to all HTTP Requests, so first time it succeeds extracting, but then for the next request that does not contain the token, the extractor runs and overwrites the old value by an empty one.

See scoping rules in JMeter:

2
votes

You need to maintain the corelation between hits. Please go through below blog

https://www.blazemeter.com/blog/how-to-handle-correlation-in-jmeter

0
votes

According to keycloak you must use https if you are using keycloak.com

Keycloak can run out of the box without SSL so long as you stick to private IP addresses like localhost, 127.0.0.1, 10.0.x.x, 192.168.x.x, and 172..16.x.x. If you don’t have SSL/HTTPS configured on the server or you try to access Keycloak over HTTP from a non-private IP adress you will get an error.

So you have 3 options: use private IP address, use a reverse proxy or load balancer to handle HTTPS or enable HTTPS for the Keycloak server.