Hi Everyone,
We are using SSO SAML enabled AEM instance and enabled CSRF token APIs for POST requests to work.
It is working properly.
But during our load testing with near 3000 Vusers(2 publishers), we are getting some failures in CSRF token APIs.
CSRF calls are providing empty response instead of valid tokens.
For normal user session, no issues observed.
Any idea or thoughts ?
Views
Replies
Total Likes
Hi @akhilraj
https://experienceleaguecommunities.adobe.com/t5/adobe-experience-manager/aem-perf-testing-csrf-toke...
https://experienceleague.adobe.com/docs/experience-manager-65/content/implementing/developing/introd...
Verify that the load testing environment is properly configured: Ensure that the load testing environment is properly configured to handle the load. Make sure that there are enough resources available to handle the load and that the network bandwidth is sufficient.
Check the SSO SAML configuration: Verify that the SSO SAML configuration is correctly set up and that the load testing environment is properly configured to handle SSO SAML requests. Ensure that the SSO SAML configuration is not causing any issues with the CSRF token APIs.
Check the CSRF token API implementation: Verify that the CSRF token API implementation is correct and that it is not causing any issues during load testing. Ensure that the API is properly handling the load and that it is not causing any performance issues.
Check the logs: Review the logs on the AEM instance to see if there are any error messages or warnings related to the CSRF token APIs. This may help identify any issues that are causing the failures.
Consider adjusting the load testing parameters: If the failures are related to the load testing parameters, consider adjusting the parameters to reduce the load on the AEM instance. This may help reduce the number of failures and improve the performance of the CSRF token APIs.
Hi @Raja_Reddy ,
Thanks for the reply.
Point 1 and 2 we will check with Performance team.
Point3: we have just added client library "granite.csrf.standalone " for CSRF API to trigger as our POST calls were failing with 403 after we moved to SAML auth. We havent done anyother implementation related to CSRF.
Point4: There are no errors present in any of the logs from publisher side for the token
Point 5; Will check with team.
Do you have any input for Points 3 and 4
@akhilraj Did you find the suggestions from users helpful? Please let us know if more information is required. Otherwise, please mark the answer as correct for posterity. If you have found out solution yourself, please share it with the community.
Views
Replies
Total Likes
Views
Likes
Replies
Views
Likes
Replies