Expand my Community achievements bar.

Don’t miss the AEM Skill Exchange in SF on Nov 14—hear from industry leaders, learn best practices, and enhance your AEM strategy with practical tips.

CSRF API response is empty sometimes during high user performance Testing

Avatar

Level 6

Hi Everyone,

 

We are using SSO SAML enabled AEM instance and  enabled CSRF token APIs for POST requests to work.

It is working properly.

 

But during our load testing with near 3000 Vusers(2 publishers), we are getting some failures in CSRF token APIs.

 

CSRF calls are providing empty response instead of valid tokens.

 

For normal user session, no issues observed.

 

Any idea or thoughts ?

4 Replies

Avatar

Community Advisor

Hi @akhilraj 
https://experienceleaguecommunities.adobe.com/t5/adobe-experience-manager/aem-perf-testing-csrf-toke... 
https://experienceleague.adobe.com/docs/experience-manager-65/content/implementing/developing/introd... 

  1. Verify that the load testing environment is properly configured: Ensure that the load testing environment is properly configured to handle the load. Make sure that there are enough resources available to handle the load and that the network bandwidth is sufficient.

  2. Check the SSO SAML configuration: Verify that the SSO SAML configuration is correctly set up and that the load testing environment is properly configured to handle SSO SAML requests. Ensure that the SSO SAML configuration is not causing any issues with the CSRF token APIs.

  3. Check the CSRF token API implementation: Verify that the CSRF token API implementation is correct and that it is not causing any issues during load testing. Ensure that the API is properly handling the load and that it is not causing any performance issues.

  4. Check the logs: Review the logs on the AEM instance to see if there are any error messages or warnings related to the CSRF token APIs. This may help identify any issues that are causing the failures.

  5. Consider adjusting the load testing parameters: If the failures are related to the load testing parameters, consider adjusting the parameters to reduce the load on the AEM instance. This may help reduce the number of failures and improve the performance of the CSRF token APIs.



Avatar

Level 6

Hi @Raja_Reddy ,

 

Thanks for the reply.

 

Point 1 and 2 we will check with Performance team.

 

Point3:  we have just added client library "granite.csrf.standalone " for CSRF API to trigger as our POST calls were failing with 403 after we moved to SAML auth. We havent done anyother implementation related to CSRF.

 

Point4: There are no errors present in any of the logs from publisher side for the token

 

Point 5; Will check with team.

 

Do you have any input for Points 3 and 4 

 

Avatar

Administrator

@akhilraj Did you find the suggestions from users helpful? Please let us know if more information is required. Otherwise, please mark the answer as correct for posterity. If you have found out solution yourself, please share it with the community.



Kautuk Sahni