request:
I send a "get" http request, has no parameters;
path: http://192.168.22.139:8080/KSP
response:
<input id="username" type="text" name="username" required/>
<input id="password" type="password" name="password" required/>
<input type="hidden" name="lt" value="LT-697-vbNmm6NKOZ0cd7Wg1ywzbMKLa0DnOc" />
<input type="hidden" name="execution" value="e1s1" />
<input type="hidden" name="_eventId" value="submit" />
And I add two XPath Extractor to get lt and execution:
- reference name:
lt;
xPath query: //*[@id="login"]/input[3]
- reference name:
execution;
xPath query: //*[@id="login"]/input[4]
Then I send another request with username/password/service/It/execution/_eventId:
Error: ticket and execution I get is empty, I get the xpath by chrome, so what is the problem?
From the first response, can use Regular Expression Extractor to extract ticke and lt.
Then send the second request with parameter:
username/password/It/execution/_eventId/_eventId
By the way, you should add HTTP Cookie Manager,
I didnot see parameters of your first request. At least I didnot see the lt.
The second request should be a GET request, and the parameters are: service and ticket(This is not jsessionid, the value is generated by CAS, and it is the same with the parameter lt in the first request to the CAS login ).
There is a few things you need to change in the second request:
add execution parameter (extract it from the first request, eg. with XPath Extractor or Regular Expression Extractor),
- the XPath expression would be something like
.//*[@id='fm1']//*[@name='execution']/@value
add _eventId=submit parameter,
the lt parameter (the login ticket) should be extracted from the login form, too - it changes each time; see XPath Extractor or Regular Expression Extractor,
- XPath expression:
.//*[@id='fm1']//*[@name='lt']/@value,
- not required, but will look nicer - change GET to POST.
If you're testing CAS login itself I can suggest using JMeter HTTP Proxy server to record login process, catch all values which are being passed, detect those, which are dynamic and deal with them via Regular Expression Extractor, XPath, Beanshell, etc. Post Processors - what you're most comfortable with.
In case if your application is behind CAS I guess that CAS login simply adds a cookie and your application considers user authenticated basing on it. In this case you can simply store cookies somewhere in CSV file and use them via HTTP Cookie Manager to simulate authenticated users.
{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://i.stack.imgur.com/zKiCB.png', '推荐 放荡不羁爱自由 的文章《How to test CAS with jmeter?》','https://www.manongdao.com/article-1950182.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}