How To Bypass SSO in Automation Testing?

How To Bypass SSO in Automation Testing?

SSO stands for Single sign on. The browser may ask for user credentials or may take from windows authentication process. Due to same origin policy , it will never ask for user id and password as long as the user logs in the system. SSO is to prevent unauthorized access from client machine to the server resources.This is due to the solution of multi password issue. But during testing the we need to log, in the same client machine with multiple user credentials as if the real users are working. If the application is SSO enabled, it is not  possible as it will always take the original logged in user credentials for opening the application and never switch the profiles. In automation it is a real road block.

See also  Concept of Absolute Path and Relative Path In QTP
The simple SSO workflow is depicted below:

In RSA community as per doc 72967, they have proposed a solution – that is to pass SSO login as false in the url itself.
The link will look like-http://url?SSOlogin=false
unfortunately that solution did not work for us.
on further googling I found one more solution i.e to give username and password in the URL itself. Something like- http://myUserName:[email protected]

The selenium implementation we tried as follows:
WebDriver driver=New FirefoxDriver();
String url="http://"+myUserName+":"+"myUserPassword"+"@"+url;

This solution did not also worked. Application keeps logging with old user name

A possible great work around would be to disable the SSO for testing URL. But, for our case, it was not possible. Also it opens up another kind of threats.Not a good solution.

In IBM forum , I have checked , on topic that says “Can I bypass single-signon using batch file or executable file?” The exact problem we were having!!!
The solution given:

  1. Login with test user log in credential in client box
  2. Disable integrated windows authentication[Tools–>Internet Options–>Advanced tab->clear the enable integrated windows Authentication(need to restart the IE)]
  3. Start the IE session as different user like in command prompt use runas command:
  • Open command prompt and navigate IE directory
  • give command runas/user:[email protected]_qualified_domain_name iexplore
  • When it prompts for password , provide password
Unfortunately, win-7 on wards this feature is not available. It will ask for password and never accept the password.As a result, we could not operate the same.

I got few more

  • Deploy a policy that sets the execution policy to remote signing.
  • make a .bat file that will open powershell and run command
They were also not effective as we really could not change the policy on login as a admin to use different switch.Also this will not work in highly secured zones.

SQA forum suggested one solution..
1. go to IE–>Tools–>Options–>Advanced–>Uncheck the enabled Integrated  windows authentication under security. It is good to try but did not work for me.

See also  Multimedia Audio in Java Concept Simplified


One solution given in technibble to use utiman also did not suffice our requirements.Moreover runas command needs admin privilege to run.
The next possible  solution we have tested is powershell explained in
@Echo off
SET this_script_directory=%~dpo
SET powershellScriptpath=%this_script_directory% mypoweshell.ps1
powershell_NoProfile_ExecutionPolicy.Bypass_command "&{start_processPowershell_argumentlist"
-NoProfilee -ExecutionPolicy ByPass -File ""%powershellScriptpath%""'-verb.RunAs}"
Another solution is to deploy a logout button having the following features:
  • Logout button should invoke the logout function which destroys all session tokens or render them unusable.
  • Server performs proper check for session check,dishonor any access/request from previous token.
  • A time out feature to logout client from server.
Developers were little hesitant to implement a new button as it was never told in the requirement itself.

While googling on SSO, I came to know it is something to do with Cookies. Once Cookies are getting destroyed, application can return to login screen.But at this point of time our objective was to implement something that can destroy the cookies. To bypass this by using a different log in, we need to reset browser cookie info from browser cookie storage area.
java implementation of deleting cookie:

public void deleteAllCookies()
set  allCookies=driver.manage().getCookies();
for (Cookie cookie:allCookies)
Now we can create a set of user cookies-

Cookies myCookie=new Cookie("myTestCookie","123456789123");

to work with the cookie


A better approach could be:

Cookies myCookie=new Cookie("name","value")
                 .domain("your domain")
                 .expiresOn(new Date(2017,10,15))
                 .path("/your path")
Deleting Cookies from chrome is different, what we have implemented:
Set oDelCookies=CreateObject("Wscript.Shell")
wait 2
oDelCookies.sendKeys "Enter"
set oDelCookies=nothing
for IE the code to delete the same:

A better approach could be as follows: This is from stackoverflow here "iexplore"
wait 2
wait 2
Function clearAllDetails

Dim oShell,oExec
Set oShell = CreateObject(“WScript.Shell”) “RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 1” ‘clearing History “RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 2” ‘clearing Cookie “RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 8” ‘clearing Temporary Internet Files “RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 16” ‘clearing form data “RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 32” ‘clearing password “RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 255” ‘clearing All “RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 4351” ‘clearing everything used in addons
End Function

Clear all chrome stored info via VBS:
set objFSO=CreateObject("Scripting.FilesystemObject")
"GoogleChromeUser DataDefault"
set filesInFolder=objFSO.getFolder(strAppDataFolder).Files
set foldersInFolder=objFSO.getFolder(strAppDataFolder).subFolders
for each folder in foldersInFolder
if not ucase(Folder.Name)="EXTENSIONS" and not ucase("EXTENSION STATE" then
folder.delete true
end if
for each File in filesInFolder
if not ucase(File.Name)="PREFERENCES" then
End if
Cleared all Firefox cache/password/cookies in VBS


set objFSO=CreateObject("Scripting.FilesystemObject")
set filesInFolder=objFSO.getFolder(strAppDataFolder).Files
set foldersInFolder=objFSO.getFolder(strAppDataFolder).subFolders
for each folder in foldersInFolder
folder.delete true
set foldersInFolder=objFSO.getFolder(strRomingAppData).subFolders
for each folder in foldersInFolder
set filesInFolder=folder.Files
for each File in filesInFolder
if (1,File.Name,"sqlite")>0 then
End if
Now We got how to handle Chrome,IE and Firefox in order to delete cache.. It is time to integrate the same code with Java and call as a first step from our script
public void ClearAll() throws InterruptedException
Runtime.getRuntime.exec("Path of the VBS");
catch(Exceptipon e)


For salesforce -Rajesh Ramachandra has described a process that is instead of providing provide It will navigate to the login page instead of SSO login.

See also  Literals in Java Simplified

image credit:

Share and Enjoy !

15 thoughts on “How To Bypass SSO in Automation Testing?

  1. When someone writes an post he/she keeps the thought of
    a user in his/her brain that how a user can know it. Thus that’s why this
    post is great. Thanks!

  2. Hi, I do believe this is a great blog. I stumbledupon it 😉 I
    will come back once again since I book-marked it. Money and
    freedom is the best way to change, may you be rich and continue to
    help other people.

  3. What a information of un-ambiguity and preserveness of precious familiarity concerning unexpected emotions.

  4. No matter if some one searches for his essential thing, therefore he/she desires to
    be available that in detail, so that thing is maintained over here.

  5. Paragraph writing is also a excitement, if you
    know afterward you can write otherwise it is complicated to write.

    adreamoftrains content hosting

  6. Pingback: Google
  7. Pingback: Google
  8. Pingback: Google
  9. Pingback: Google
  10. Pingback: Google
  11. We stumbled over here coming from a different website and thought I might check things
    out. I like what I see so i am just following you.
    Look forward to looking into your web page repeatedly.

  12. Pingback: Google
  13. Pingback: Google
  14. Pingback: Google
  15. I’ve been absent for some time, but now I remember why I used to love this website. Thanks, I will try and check back more often. How frequently you update your web site?

Leave a Reply

Your email address will not be published. Required fields are marked *