Authentication is a key step in the user journey of any application. Going about designing the authentication flow can be confusing and not straightforward. When load testing an application, this generally is the first step in the user journey. Supplying client credentials through a UI is not possible when load testing an application, so is evaluating how to implement specific authentication flows available on Azure, as they can be tedious and time consuming as well.
Within this series, we will cover the authentication flows and scenarios that are possible with Azure Active Directory (Azure AD) as the identity provider.
At the end of the blog, you will be able to
Prerequisites
Authenticating to your web app with a shared secret
When you are using a shared secret to authenticate to an application on, you essentially pose yourself as a trusted principal with a valid token that can be used to authenticate you to the application which is registered with azure active directory. The token helps establish a trust, that you can access and make modifications to the resource (application).
For more information you can see authentication using shared secret
The best practice is to store the above parameters into Azure Key Vault and then fetch them directly at runtime instead of hard coding them into the script.
Configuring the JMeter test plan
The JMeter test plan needs to be configured to make a request to the app’s authentication endpoint to acquire the token. The endpoint can be found by visiting Azure Portal and navigating to Azure Active Directory > App registrations > <YOUR-APPLICATION> > Endpoints
It would look something as below:
https://login.microsoftonline.com/<issuer>/oauth2/token
For the allowed values of <issuer> you may refer to issuer values. In our case, it would be the tenant id.
Once we have the token, we can pass it to the subsequent requests in the authorization header to authenticate to the application.
Now that we know what needs to be done, let’s start implementing it.
Creating the test plan in the JMeter GUI
Creating and Running the Load Test
Once we have setup our JMeter test plan, now we can move ahead and run the same using the azure load testing service by creating a test, supplying the above created JMeter script as the test plan and configuring the environment variables.
Try this out and let us know if it works for you. Please use the comments section to help us with any feedback around this scenario and anything you would like to see next time.
If you have any feedback on Azure Load Testing, let us know using our feedback forum.
Happy Load Testing!!!
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.