STS (Security Token Service) Load testing with WSO2IS 4.0.0

First of all we have to secure the "Security token service (STS)"
You can easily do it as follows

1. Go to IS->STS->Apply Security Policy





2. Then Download the STS Jmeter test here and open it from Jmeter



In the above script you have to change the following details
1. Server IP and port
2. In the request header you can see the "Time Stamp" you have to change it to valid date and time

WSO2IS with JConsole

What I'm going to explain is how to monitor the Memory and CPU usage etc.. with JConsole
This is very useful stuff when you are going to do the testing on remote server

First you have to add this parameter in to the wso2server.sh in $IS_HOME/bin
-Djava.rmi.server.hostname="192.168.4.26" (your server host name)



Then start the IS. You can see "JMX Service URL" in the console.



Now you have to go to another command line and type "jconsole"



Then give the above JMX Service URL with correct IP
service:jmx:rmi://192.168.4.26:11111/jndi/rmi://192.168.4.26:9999/jmxrmi
username - admin
password - admin



Now you connected with the given server you can monitor Memory, CPU usage etc..

SAML2 SSO Load testing with WSO2IS 4.0.0

Here I'm Going to explain how to do the SAML2 SSO load test with WSO2 Identity Server 4.0.0 - Jmeter Script act as a Service Provider
Download Jmeter script here

First you have to start the IS and register the Service Provider as follows
issuer - “saml2.demo”
Assertion Consumer Url - http://localhost:8080/saml2.demo/consumer
Actually here you don't need to host the application "saml2.demo"



Then open the jmeter script and change the parameters according to your environment
Here you have to only do the changes on following parameters under "identity-saml2-sso-test-plan"
Idp_host - Hosted Identity server IP ex/ 192.168.4.26
Idp_port - Hosted Identity server port ex/ 9443
Username - admin
Password - admin



Run the jmeter and see the results under "Summary Report" or "Results Tree". When your doing the load testing bettor to disable the Results tree because that would be effect to the load testing counts

OAuth 2.0 Load testing with Wso2IS 4.0.0

This is simple Jmeter sample to do the load testing on Oauth 2.0 with wso2 identity server
Download jmeter script here.

First you have to register any application on IS as follows (no need to host the application)





Take the client_ID and Client_Secret then encode to Base64 format. You can easily do it by using the following url - http://www.base64encode.org/
ex:/ Client_ID:Client_Secret



Thread Group - oauth_get_access_token_thread_group
Here we are request the access token buy using the generated base64 encoded value
We are sending 10 oauth request to take the "access token" so first you have to register the 10 applications in IS as follows



Generate the base64 encoded value for each application and place those in jmeter script under "authorization"



What the jmere is doing -

1. Sending the request with base64 encoded value and take the "access token"
2. Save those access token in variable
3. Send validation request with those saved access tokens

In the Jmeter script you have to configure following stuff as well under "wso2_oauth_load_test" Test plan

OAuth 2.0 Playground with Wso2IS 4.0.0

You can download the Oauth 2.0 Playground war then you have to deploy in the Apache tomcat
Download the playground source

Same as my previous post http://malalanayake.wordpress.com/2012/11/06/oauth-1-0-playground-with-wso2is/ you have to register the application in IS but this should be under OAuth 2.0

Oauth version – 2.0
Application Name – playground
Callback Url – http://localhost:8080/playground/oauth2client

For more information refer the following blog post written by Prabath Siriwardana

OAuth 1.0 Playground with Wso2IS 4.0.0

Following Playground 1.0 application is written for Oauth 1.0
First you have to download the Oauth Playground 1.0 war and deploy on the Apache tomcat server

Then you have to open the playground.war file and go to /WEB-INF/web.xml file
Find WSO2CARBON_URL parameter and replace the parameter value with your absolute path of wso2carbon.jks file.
ex/ You can easily find wso2carbon.jks form $IS_HOME/repository/resources/security/

[sourcecode language="xml"]
<init-param>
<description>Wso2Carbon.jks file location</description>
<param-name>WSO2CARBON_URL</param-name>
<param-value>$IS_HOME/repository/resources/security/wso2carbon.jks</param-value>
</init-param>
[/sourcecode]

Once you finish this save the web.xml file.
Now you can verify the application from http://localhost:8080/playground/
Download source code of Playground 1.0



Now you have to start the IS and register the Oauth application as follows go to "Manage -> OAuth"
Oauth version - 1.0
Application Name - playground
Callback Url - http://localhost:8080/playground/oauth/oauth_callback



Click on the registered application you can see the following window with all the details



Now go to application playground http://localhost:8080/playground/ and fill the details
Consumer key, Consumer Secret you can take those form the IS
Scope you can give as a String ex/ echoService



Once you send this you get the oauth_token  and oauth_token_secret



Now you have to send the oauth_token to Authorize



After Authorizing the Token IS will send you the Access_token



Now you can access the resource form the given token



This is a test application so what we are doing is just take the toke and if its is ok then the application will print the Authorized user and the scope in the back end. you can see the following out put in the tomcat server console once you click on the "Access Service"

Access OAuth 2.0 Endpoint in WSO2 IS with curl commands

This is useful for the testing of OAuth 2.0 in Wso2 Identity Server
Here what I'm going to explain is how to get the Access Token for "Resource owner credentials" and "Client credentials" types in OAuth 2.O

1. Start the IS in default port 9443
2. Go to Mange->OAuth->Register New Application
Register the new application in IS and take the Client_ID,Client_Secret





3. Go to command line and send the following curl commands and take the token

Type - "Resource owner credentials" (in the curl command represent as 'password')

[sourcecode language="bash"]
curl -u Client_id:Client_secret -k -d "grant_type=<strong>password</strong>&amp;username=admin&amp;password=admin" -H "Content-Type:application/x-www-form-urlencoded" https://localhost:9443/oauth2endpoints/token
[/sourcecode]

Here you have to give the above Client_id and Client_secret



Then you will receive following JSON message

[sourcecode language="bash"]
{"token_type":"bearer","expires_in":3600,"refresh_token":"39d814011ccf3a07a7d6721ae2fa14","access_token":"6d8427ec9faa60c350fffa5caf4b26ec"}
[/sourcecode]


This message contains the access_token

Type - "Client credentials"

[sourcecode language="bash"]
curl -u Client_Id:Client_Secret -k -d "grant_type=<strong>client_credentials</strong>&amp;username=admin&amp;password=admin" -H "Content-Type:application/x-www-form-urlencoded" https://localhost:9443/oauth2endpoints/token
[/sourcecode]




Then you will receive following JSON message

[sourcecode language="bash"]
{"token_type":"bearer","expires_in":3600,"access_token":"b3882e71aeb2ad9424c76b0f8ece03a"}
[/sourcecode]


In this scenario you doesn't receive the "refresh_token" according to the OAuth 2.0 spec

Above curl commands you have to specify the correct endpoint URL
ex/ if you need to access the remote IS in 10.100.3.54:9444 then you have to give https://10.100.3.54:9444/oauth2endpoints/token

4. Validate the token buy using the OAuth2TokenValidationService  - this is an Admin service

First you have to disable the HideAdminServiceWSDLs property in carbon.xml as follows
<HideAdminServiceWSDLs>false</HideAdminServiceWSDLs> then restart the IS

Now Download the SoapUi project and invoke the OAuth2TokenValidationService

OAuth2TokenValidationService is an admin service so we have to give the username password in soapui project
Once you take the token from curl commands you will receive the access token then you can send the access token to the above validation service through the SoapUI.
Actually we don't need to send the "client_ID" and "context" values only thing is we have to send the "Access Token" and "Token Type"