2 p.m.
Hello to All
I have a little problem crafting a JMeter to make a call to the authorization endpoint in
order to use the prompt=none option.
I have set up a Keycloak.
With one realm and one client.
Client is set as public, direct grants enabled, implicit flow on, standard flow enabled
In Keycloak I go into the client -> sessions and Logout everyone
0 sessions, 0 offlines
First JMeter scripts does a complete connection :
1. Call to /auth
2. Sends me a web page with form
3. I extract the "action" from the HTML form 4. I go a POST on the action URL +
insert login and password 5. Keycloak does the 302 Redirect with code in URL 6. I call the
token endpoint with the code and get the JWT Json Back
If I check in Keycloak, the session appears.
it is set to last 30 days.
Now comes my problem : I want to check if the user is connected, or not, using the
prompt=none option.
So I create a second JMX script that does a GET on
/auth/realms/${realm}/protocol/openid-connect/auth
(realm is replaced by the realm I use which is test ; my client is also called test)
I inject the following fields :
response_type = code
client_id = test
redirect_url = www.google.fr (I only care about what KC adds to the URL) scope = openid
state = ebd16dfa-dc7e-4524-a87c-fcb138d2af8b
prompt = none
id_token_hint = id token contents found in the JWT
The ebd16dfa-dc7e-4524-a87c-fcb138d2af8b is the value I found in the JWT token in the
field session_state I pasted into the id_token_hint the contents of the id_token from the
JWT in its URLEncoded form
If the user is not connected and if the user is connected I always get the same answer :
Response code: 302
Response message: Found
Location:
http://www.google.fr?error=login_required&state=ebd16dfa-dc7e-4524-a8...
I get the login_required all the time.
I have tried after doing a Logout all
And after connecting myself and checking I have an active session for the client in the
realm in the web console
Tried to search online
Tried various response_type codes I could see (with Keycloak saying they are invalid) I
tried token_id%20 for example, no change
I don’t know what I'm doing wrong.
I only work on the back part of it and I have to check what happens when the front people
use the prompt=none And I'm then doing JMeter scripts to emulate what they do But this
is the first time I'm trying to use prompt=none And I'm failing miserably at it ☹
--
Gilbert
----------------------------- Disclaimer ------------------------------ --- Ce message
ainsi que les éventuelles pièces jointes constituent une correspondance privée et
confidentielle à l'attention exclusive du destinataire désigné ci-dessus. Si vous
n'êtes pas le destinataire du présent message ou une personne susceptible de pouvoir
le lui délivrer, il vous est signifié que toute divulgation, distribution ou copie, totale
ou partielle, sur un quelconque support de cette transmission est strictement interdite.
Si vous avez recu ce message par erreur, nous vous remercions d'en informer
l'expéditeur par téléphone ou de lui retourner le présent message, puis d'effacer
immédiatement ce message de votre systeme. Tout message électronique est susceptible
d'altération. Le "groupement des Mousquetaires" décline toute responsabilité
au titre de ce message s'il a été altéré, déformé ou falsifié.--- --- This e-mail and
any attachments is a confidential correspondence intended only for use of the individual
or entity named above. If you are not the intended recipient or the agent responsible for
delivering the message to the intended recipient, you are hereby notified that any
disclosure, distribution or copying, either whole or partial, in any medium of this
communication is strictly prohibited. If you have received this communication by mistake,
please notify the sender by phone or by replying this message, and then delete this
message from your system. E-mails are susceptible of alteration. The
"Mousquetaires' group" shall not therefore be liable for the message if
altered, changed or falsified.---
-----------------------------------------------------------------------