How to login Jmeter using my User id/Password and Authenticator

[Quynh Ly]

Is it possible to login Jmeter using my user id/Password and authenticator.  Kindly advise me the steps/example?  Thank you.

[Dmitri T]

Please define "authenticator"? In general 2nd factor authentication is not something you can bypass using JMeter, in certain cases like TOTP it's possible to calculate the one-time-password using JSR223 Test Elements and Groovy language but in case of "real" 2FA via i.e. Authenticator app it won't be easy, consider asking your app administrators to temporary turn off 2FA for the duration of the load test or configure it to accept fixed test TOTP

[Quynh Ly]

Hello Dmitri,

Yes, I am using the 2 factor token.

Below is what I try to achieve.  Kindly review and kindly provide me some guidance:

1/Currently, I am login using the client id and client secret and test the application.

2/ But now, they implement certain security at the user login level and thus, I will need to login with my user id and password in order to test the application.

Is there any work around?  Please advise.  Thank you so much for your great help.

[Dmitri T]

Unfortunately you don't provide enough details hence I'm not able to help. If "they" enabled another security layer "they" should give you a piece of advice regarding how to bypass this.

Once you know the algorithm you can come back with more details.

So far I can only state that any 3rd-party services must be out of the scope of the performance test including 2FA, captcha, external images, banners, videos, etc.

[Quynh Ly]

Hello Dmitri, 

The authenticator that we use is Authenticator  one -time passwords enabled. I informed you earlier that 2 way factor token.

The developer created 2 new roles at the user login level.  If I login using my id, I will have these two roles to perform update/delete/add....If I disable these 2 roles in Database, then I will not be able to update/delete/add.  I hope you can provide me some guidance.  Thank you!!!

[Dmitri T]

I informed you earlier that it's possible to use JSR223 Test Elements and Groovy languagefor executing arbitrary code including generating OTP

For example here is the demo of using totp.jar for generating OTP acting as the 2nd factor of authentication:

if your application uses TOTP algorithm described in RFC 6238 you will be able to use this approach. If the algorithm is different - you will have to find out your own way.

[Quynh Ly]

Hello Dmitri,

I appreciate it very much for your information.  We are using OKTA OTP.  I do not know is OKTA use TOTP algorithm described in RFC 6238? i try to read the article but I am not sure.

Kindly advise me if you know. 

I really hope that your information will help us resolving me the issue.  Thank you so much.