Load Testing in Single Sign On Applications
I have a concern regarding performance/load testing in applications that use single Sign On (SSO). Single Sign On enables authentication in the domain. So when users launch the application, they are redirected to the homepage without putting username and password. I work for a company where almost all web applications has single sign on enabled. When I do load testing, I use same username/password for all virtual users which is not an effective method. If anyone has an experience on this one, I would love to continue this discussion.
Using the same username/password is not acceptable as this is not how the users will engage the application in production. You also have the distinctly high possibility of causing an unnatural locking condition on user based records which would not occur in production. You also will not be able to ascertain if you have odd conditions like session bleed over under load - this is where user B is receiving user A's data. You would also fail a performance testing audit with identical data.
All of the commercial performance testing tools include capabilities to represent different users credentials for each virtual user under load, even with integrated authentication. You have not mentioned the tool that you are using in this case, but I can affirm that, at least for LoadRunner, this is a topic discussed and documented as part of the user training class for the tool.
Thanks for your input JPulley3. We are using IBM Rational Performance Tester for our testing. Yes, I know the concept of parameterization of username/password for virtual users. However, our constraint is not the tool but our company policy. The system doesn't allow dummy username and password. we need to create proper NT account to get access to the application. And the process of creating those account is lengthy. So, it is not practical creating 500/1000 NT accounts just for perf testing. So, I am looking for possible workaround.