By Chris Witte
The following article looks into an authentication problem that may appears when working with JMeter to create a HTTP script. JMeter is an Apache Software project mainly used for load testing (although it can also be used for other types of testing such as API tests).
Microsoft published that Visual Studio Load Tests will be deprecated. VS2019 is the last version that has this feature. They have also mentioned JMeter has one of the preferred alternatives to cover this area (more on this here). JMeter is arguably the most popular load testing tool in the market and it's a free, open source and extensible, check our previous post on this here. You should check out if you are interested in migrating or starting a load test project.
Now back to the problem:
Problem:
As you may know, authentication is almost always the most difficult part of performance scripting. The application in question here had an API gateway (Layer7) and in the process of migrating a Visual Studio Load Test to a JMeter Test Plan, we ran into issues providing a Client Certificate for authenticating with the API Gateway.
The flow is:
- Client sends a request with the certificate,
- A SAML token is returned,
- Client sends credentials along with the SAML token, and receives a L7 Session ID.
After retrieving that L7 Session ID, the user can make requests to the API. JMeter is good at maintaining those session cookies, however providing the initial client certificate was an issue.
In JMeter you can specify a certificate store, so if you have a pk12 cert, this flow will not be an issue. In this case, the cert was in the Windows personal cert store, and the private key was marked as not exportable. Creating a Java cert store was out of the question.
So, how do we get JMeter to load and use the Windows certificate store?
It’s quite simple, however there were no resources online that I could find to show this solution. We are providing it here to hopefully save everyone else time.
Answer:
To get the windows certificate store available in JMeter launch with this command.
The important values here are keyStore = NONE and keyStoreType = Windows-MY.
jmeter -Djavax.net.ssl.keyStore=NONE -Djavax.net.ssl.keyStorePassword="" -Djavax.net.ssl.keyStoreType="Windows-MY" --username "" --password “”
Then in JMeter you need to specify which cert to use:
- Add a Keystore Configuration Element
- Add a variable that will store the alias to the keystore configuration
- Add the variable to the test. You can use a csv, or Redis data source. In our case we are using User Defined Variables. My cert’s alias is “chriswitte”
- Now when you run your scripts it will add the client cert to your requests
I hope this does save time for someone else that may have this problem. If you have any comments or feedback feel free to leave it below. Thanks and until next time!