Testing a web application using JMeter with keycloak authentication

3
votes

I am trying to test my web application using JMeter which is protected by keycloak IDP. But when I try to login using the credentials the login fails saying "Please login from the client" and keycloak logs on the server says:

2021-04-16 11:10:05,316 WARN [org.keycloak.events] (default task-400) type=LOGIN_ERROR, realmId=my-realm, clientId=null, userId=null, ipAddress=10.x.x.x, error=invalid_code

attaching the screenshot of the request I recorded using Blazemeter chrome plugin, some parameters are being sent, any idea how could we configure this?

Jmeter Screenshot

login URL :

https://Server_Address/auth/realms/my-realm/login-actions/authenticate?session_code=iXAkZuEnl25URJPfaSd8kaTdnwCqz5CY-pZoZUb33ns&execution=0e502d98-b482-4abc-a7a5-c31d06b1f9c2&client_id=my_client&tab_id=Fa8Ggyqw3tk
1
oauthjmeterkeycloakperformance-testingopenid-connect

1 Answers

3
votes

Unfortunately you won't be able to just record and successfully replay your scenario without prior correlation of the dynamic parameters.

These execution and tab_id and session_code guys are something you're getting as generated when you're being redirected to Keycloak instance which authenticates the user so you need to extract these values from the previous response and replace recorded hard-coded bullshit you get with the dynamic parameters

enter image description here

The easiest way to extract the values is using Boundary Extractor

Also these parameters should go in query string, not in the request body

Demo:

enter image description here