Extending JMeter with a WS-Trust/STS sampler

JMeter does not have any inbuilt support for WS-Security or WS-Trust and that made me develop this STS Sampler for JMeter – which could make anyone’s life better while load testing an STS.
First you need to have the Apache JMeter distribution. I am using v2.7.
Then you can download sts.sampler.zip from here – unzip it and copy the “repo” directory directly to JMETER_HOME. Also copy all the jars inside lib.ext directory to JMETER_HOME/lib/ext.
That’s it – now start the JMeter.
Under your thread group – right click – and add the Java Request Sampler…
Now, select org.wso2.apache.jmeter.sts.STSSampler as the classname – you will see the following then…
Let me briefly explain here – what exactly the different parameter names mean..
STS_End_Point : End point of the Security Token Service. If you are using the STS that comes with WSO2 Identity Server, then this would be https://localhost:9443/services/wso2carbon-sts
STS_Security_Policy : Location to the WS-Security Policy – that is being used to secure STS. It can be a security policy with UsernameToken and Sign & Encryption.
Applies_To : Against which service you are going to use this Token, obtained from the STS – or in other words, the scope of the token. This can be any URI known to the STS. STS may use this URI to find public key of that service and will use that to encrypt the key issued. So, whatever you put should be meaningful to your STS.
Token_Type : It can be any one of the following…
1. http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0
2. http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1
Key_Type : It can be any one of the following…
1. /SymmetricKey : A symmetric key token is requested (default)
2. /PublicKey : A public key token is requested
3. /Bearer : A bearer token is requested. This key type can be used by requestors to indicate that they want a security token to be issued that does not require proof of possession.
Key_Size : Size of the key. By default it’s being set to 256. This is an integer element indicates the size of the key REQUIRED specified in number of bits.
Claim_Dialect : Claim dialect which is known the STS. This can be used to group set of claims together.
Required_Claims : URIs known to the STS which indicate the required set of attributes. This can be a comma separated list.
System_Trust_Store : When the URL to the STS is on https – this indicates the location to the JKS file which includes the public certificate corresponding to the STS endpoint.
System_Trust_Store_Password : Password to access System_Trust_Store
Username : This is required when the STS is secured with UsernameToken security policy. This is the corresponding user name.
Password : Password corresponding to the above Username.
Encryption_Key_Store : This is required when the STS is secured with WS-Security Encryption. Location of the JKS where the public key of the STS endpoint being stored.
Encryption_Key_Store_Password : Password corresponding to the Encryption_Key_Store.
Encryption_Key_Alias : Alias from the Encryption_Key_Store corresponding to the STS endpoint. This helps to load the public key of STS.
Signature_Key_Store : This is required when the STS is secured with WS-Security Signature. Location of the JKS where the private key of the STS client being stored.
Signature_Key_Store_Password : Password corresponding to the Signature_Key_Store.
Signature_Key_Alias : Alias from the Signature_Key_Store corresponding to the STS client. This helps to load the private key of STS client.
Signature_Key_Password : Password corresponding to the private key of the STS client.
Following is an example configuration that I used to load test STS which ships with WSO2 Identity Server.

Reference: Extending JMeter with a WS-Trust/STS sampler from our JCG partner Prabath Siriwardena at the Facile Login blog.

Do you want to know how to develop your skillset to become a Java Rockstar?

Subscribe to our newsletter to start Rocking right now!

To get you started we give you two of our best selling eBooks for FREE!

JPA Mini Book

Learn how to leverage the power of JPA in order to create robust and flexible Java applications. With this Mini Book, you will get introduced to JPA and smoothly transition to more advanced concepts.

JVM Troubleshooting Guide

The Java virtual machine is really the foundation of any Java EE platform. Learn how to master it with this advanced guide!

Given email address is already subscribed, thank you!
Oops. Something went wrong. Please try again later.
Please provide a valid email address.
Thank you, your sign-up request was successful! Please check your e-mail inbox.
Please complete the CAPTCHA.
Please fill in the required fields.

Leave a Reply


9 + = ten



Java Code Geeks and all content copyright © 2010-2014, Exelixis Media Ltd | Terms of Use | Privacy Policy
All trademarks and registered trademarks appearing on Java Code Geeks are the property of their respective owners.
Java is a trademark or registered trademark of Oracle Corporation in the United States and other countries.
Java Code Geeks is not connected to Oracle Corporation and is not sponsored by Oracle Corporation.
Do you want to know how to develop your skillset and become a ...
Java Rockstar?

Subscribe to our newsletter to start Rocking right now!

To get you started we give you two of our best selling eBooks for FREE!

Get ready to Rock!
You can download the complementary eBooks using the links below:
Close