How to setup a load-test with JMeter for performing SP initiated SSO's with SAML

Question

I want to setup a load-test with JMeter for performing SP initiated SSO's using SAMLv2 with a variety of users. This includes posting the required AuthNRequest message to the login URL of the Identity Provider (IDP) but also the credentials (username, password) of the current user.

The AuthNRequest must be signed and encrypted so I want to leave that to the service provider (SP) and grab that somehow so I can reuse that (but I don't know if I need to do that in the first place - maybe a follow redirect is sufficient enough).

I find it hard to get my head around which steps to take for getting this done. I don't need exact guidance on where to click in JMeter but more a general overview of the involved HTTP request samplers (including order), pre and post processors and assertions.

We have service providers that support both the SAML HTTP-POST and SAML HTTP-Redirect binding to transport the AuthNRequest to the IDP.

Any help would be great! Thanks in advance.

Answer 1

I've created a blog post with all the necessary steps and can be found here

http://www.martijnburgers.net/post/2013/11/12/Setting-up-a-load-test-with-JMeter-for-performing-SP-initiated-SSOs-with-SAML-20.aspx