OKTA SAML Authentication Jmeter script recording

Question

I am doing the jmeter recording with a site which uses the OKTA authentication. In that for one request i am sending the SAML Response. But that request is always failing. The response message i am getting is 404 error message for that request. There is no change in the headers and request body or method types. The request which i am sending from jmeter and the browser looks same. But still the request getting failed.

The only difference i am seeing is in the browser request there are some special characters like + or == is going in the request body. In jmeter these values are sent in the encoded form.

In jmeter i corelate the SAML response from one of the request response using the Regular Expression Extractor and stored it in a variable.

In the next request i passed the value. The value we got from the previous response is in the encoded form. So the value is going in the encoded form. Does it cause any problem for the request to get fail. If it is how to resolve it.

Jmeter version: 5.1.1 Java 8

Answer 1

Given you send the same request you should get the same response so I would recommend comparing the requests originating from the real browser and JMeter using a 3rd-party sniffer tool like Fiddler or Wireshark.

Requests must be exactly the same apart from dynamic parameters which need to be correlated. Once JMeter will send the same request as real browser does - it should get the same response. Pay attention to everything: URL query string, headers, etc.

By the way, there is Auto Correlation Recorder Plugin which tries to detect and handle dynamic values, maybe it worth trying re-recording your flow with it?