Pega application login JMeter script fails with 403 Forbidden error

JohnK17232555 · August 22, 2024, 9:00pm

I’m working on performance testing a Pega application using JMeter. The JMeter script fails at login (Non SSO) at page /prweb/PRServlet/app/il-cc/********/!STANDARD with Error 403 Forbidden. I have captured dynamic values pzHarnessID and pzCTkn in script and using them. I see one more dynamic value pzBFP in header which I’m not able to capture as it seems to be generated by client side javascript. I suspect this is the one causing the request to fail but I might be wrong too. Has anyone come across similar issue handling pzBFP or any other work around you would suggest? Appreciate any help on this

Thanks

John

MarijeSchillern · September 2, 2024, 2:28pm

@JohnK17232555 Below is a GenAI-powered tool. All generated answers require validation against the provided references.

The issue you are facing with the 403 Forbidden error during performance testing using JMeter could be related to the CSRF token and fingerprint generation logic. In Pega Platform 8.4.3, a similar issue was resolved by adding both CSRF token and fingerprint generation logic to the pzBulkProcessingList. This might be relevant to your situation as the pzBFP value seems to be a client-side generated token that is required for the request to be authenticated properly. You might need to ensure that all necessary tokens, including CSRF and fingerprint tokens, are correctly captured and included in your JMeter script to avoid the 403 error.

Pega Platform 8.4.3 Patch Resolved Issues

To resolve the 403 Forbidden error during login in your JMeter script, try the following steps:

Use the Netscape cookie policy in the HTTP cookie manager.
Switch to the JVM HTTP implementation (HTTP request defaults → Advanced → Implementation: Java) instead of the standard Apache HttpComponents HttpClient 4.x.
Ensure you are correctly extracting and using the pzTransactionId to maintain state between pages.
For the pzBFP value, you might need to simulate the client-side JavaScript that generates it or find a way to capture it dynamically.
These steps should help you address the issue and successfully log in using JMeter.

Performance Testing

Conversation		Replies	Views
Pzc token handling at runtime in jmeter test General pega-platform , constellation , team-lead , other-industry , 24-2	2	200	January 20, 2025
403 Forbidden Error General system-architect , pega-cloud , other-industry , 8-4	9	4800	August 26, 2022
Post upgrade to 8.4 unable to login to Pega General lead-system-architect , updates , financial-services , 8-4-3 , dev-designer-studio	3	365	September 22, 2021
Pega REST Integration with Service via API gateway using JWT authentication General solutions-engineer , system-architect , security , partners-and-integrations , financial-services	1	377	September 9, 2024
I getting forbidden 403 error for some users .how to resolve this issue General data-integration , updates , pega-cloud , 8-7-5	1	1032	July 15, 2024

Pega application login JMeter script fails with 403 Forbidden error

Related topics