Tuesday, 25 February 2014

Issue with app with GWT and Siteminder authentication

Problem  detailWe are having issues replaying a script. We have tried different protocols without success (Web, Click and script and truclient). We are getting a 500 http error while trying to retrieve a data table.

Application has been created with GWT and uses SiteMinder authentication. We think It might be an authentication issue but there are no values to correlate.

We are getting this error log on app server:
java.lang.SecurityException: Blocked request without GWT permutation header (XSRF attack?)

Want to know if there is any known problem or technology incompatibility and help to handle this scrip to work.

Problem Solution:   Went over how-to do manual correlation.

Here are some Knowledge Base articles on correlation :

1. KM170043 -- Title: What is correlation and how is it done

http://support.openview.hp.com/selfsolve/document/KM170043?searchIdentifier=-46ea3c3f%3a11a56b6178e%3a-5133&resultType=document&documentURL=KM170043&resultsURL=%2fselfsolve%2fdocuments&allowReturn=true

2. KM198688 -- Title: Webinar - The Art and Science of Correlating Web Applications

http://support.openview.hp.com/selfsolve/document/KM198688

3. KM175230 -- Title: How to troubleshoot errors with the web_reg_save_param correlation function


http://support.openview.hp.com/selfsolve/document/KM175230

-------------------------------------------
Also you can reference the online documentation on LoadRunner -- "Virtual User Generator User's Guide" on "Correlation" with reference to "Web HTTP Protocol".

Start ---> All Programs ---> LoadRunner ---> Documentation ---> Here you will see manuals in pdf format.

Customer had questions on siteminder as to its support with loadrunner --


I had asked this question to R&D. The following is the response that I received from R&D regarding this --

Looking at Siteminder, R&D sees it as a SSO(Single Sign On) solution and as a CA, so LoadRunner should handle it as it handles any authentication/authorization/login

Regarding GWT, do you know please let us know if it is GWT-RPC - does it have unique GWT payloads captures at web_custom_requests when recording the script?
GWT can be used as UI layer alone(nothing interesting on the transport layer) or with its RPC mechanism (with payloads that are harder to parameterize & correlate).

2 comments: