使用 JMeter 的性能测试 Web 应用程序(WS-Federation)

Performance testing Web Application (WS-Federation) using JMeter

我正在尝试对实施了 ADFS(RequestSecurityTokenResponse)

的网站进行负载测试

问题是每次我录制网络测试时,它都在前几分钟起作用。但是这个相同的 Web 测试将在大约一个小时后失败,而当我们需要它进行负载测试时,测试失败了,因为它无法再登录网站。看起来它失败了,因为安全令牌不再相同。我虽然传递了所有动态参数。我也可以在录制的脚本中看到令牌,但是当我实际 运行 测试时我没有看到令牌。

根据 Understanding WS-Federation — Passive Requestor Profile 文章:

  1. The requester accesses the resource.

  2. If no session tracking token (or cookie, that identifies the request as belonging to an authenticated session) is provided in the request, the resource redirects the requestor to the resource’s IdP/STS.

  3. If the resource’s IdP/STS has not cached data indicating that the requestor has already been authenticated (another cookie most like), a second redirection to the requestor’s IdP/STS will be performed to authenticate the user.

  4. If information about the user’s IdP/STS or home realm is not provided in the request, the IdP/STS may have to prompt the user for realm information or utilize some type of Home Realm Discovery Service. Afterwards, the user is redirected to the authentication workflow.

  5. The user is prompted for credentials, the credentials are submitted to the requestor’s IdP/STS and the those credentials are validated.

  6. The requestor’s IdP/STS generates a security token for use by the federated party.

  7. The requestor IdP/STS-generated token is passed back to the resource’s IdP/STS to exchange for a token scoped to the resource.

  8. The resource’s IdP/STS passes the new token to the resource via HTTP redirect.

  9. The resource consumes the token and builds a security context.

  10. The requester is redirected to the resource URL.

因此,获取令牌是实施来自 Post-处理器的 correlation of the token after you provided the credentials to the ADFS gateway, the token can be fetched using a suitable JMeter's Post-Processor and you should replace recorded hard-coded token which has limited time to live with the JMeter Variable 的问题。