SAML(Security Assertion Markup Language) is increasingly being used to perform single sign-on(SSO) operations. As WikiPedia puts it, SAML is an XML-based open standard data format for exchanging authentication and authorization data between parties, in particular, between an identity provider and a service provider. With the rise in use of SAML in web applications, we may need to handle this in JMeter. This step-by-step tutorial shows SAML JMeter scenario to perform login operation.
- First request from JMeter is a GET request to fetch Login page. We need to fetch two values ‘SAMLRequest’ and ‘RelayState’ from the Login page response data. We can do this by using Regular Expression Extractor. These two values need to be sent in POST request to service provider. Refer below image to see how to do this.
Regular Expression Extractor – SAMLRequest
- We will get an HTML login page as a response to the request sent in 1st step. We need to fetch values of some hidden elements to pass it in the next request. We can do this by using Regular Expression Extractor.
- This request is the actual login transaction. We need to pass parameters such as username, password and step 2 hidden values in POST request. The response of this request will have SAMLResponse parameter which we need to fetch and send it to the next step. We won’t be able to use Regular Expression Extractor here as it cannot process XML properly. We will use XPath Extractor element for that reason. Refer below image to see how we can use XPath Extractor.
XPath Extractor – SAMLResponse
- We need to pass SAMLResponse value to the next POST request which will be processed and user will be authenticated.
We hope the above steps explaining SAML JMeter scenario would be useful in implementing SSO in your web application. Let us know in comments if you have any queries or if you know a better way to handle SAML requests in JMeter.