You can configure the Agent that the Test Tool simulates during a test in the CA SiteMinder® Agent group box.
The Agent that the Test Tool simulates must be configured in the Administrative UI.
To configure Agent information, specify the following options
Specify one of the following Agent Types:
Simulates CA SiteMinder® 4.x Agents.
Simulates CA SiteMinder® 5.x Agents.
Note: If you want to use the Test Tool on a system to simulate a CA SiteMinder® 5.x Web Agent, you must run the smreghost.exe application on the system where you will run the Test Tool. The smreghost.exe file is included with your Web Agent, and described in the Web Agent Installation Guide. The file is also located in <Policy Server install dir>/siteminder/bin.
Simulates RADIUS devices.
Enter the name of the Agent as it appears in the Administrative UI. This field is required for both Version 4 and Version 5 Agent simulations.
Enter the Agent’s shared secret. This must match the shared secret entered when the Agent was created. A Secret is required for Version 4 and RADIUS Agent simulations.
Enter the full name of the server on which the Agent resides. For example, to test the Policy Server for http://www.myorg.org, enter www.myorg.org in this field. This field may be used for Version 4 Agent simulations.
Enter the path to the SmHost.conf file that contains the settings for the Version 5 Agent you want to simulate. You can use the Browse button to search for the SmHost.conf file.
Start the Test Tool to test Policy Server functionality.
Important! If you are accessing the Test Tool on Windows Server 2008, open the shortcut with Administrator permissions. Use Administrator permissions even if you are logged in to the system as an Administrator. For more information, see the release notes for your CA SiteMinder® component.
Follow these steps:
Use one of the following methods:
smtest
Start the Test Tool to test Policy Server functionality.
Follow these steps:
./smtest
Note: To run the Test Tool on UNIX, the X display server must be running. If required, enable the display by entering the following in a Command Window:
export DISPLAY=n.n.n.n:0.0
Specifies the IP address of the Policy Server host system.
Policy Servers that are configured in FIPS-migration or FIPS-only modes encrypt sensitive data using Advanced Encryption Standard (AES) algorithms. When running Interactive tests, the Test Tool uses FIPS-compliant algorithms as required to communicate with FIPS-only mode Policy Servers.
However, by default, the Test Tool does not use FIPS-compliant algorithms to encrypt sensitive data when creating a Command Script file in Record mode. A Command Script that contains data encrypted with a non-FIPS algorithm cannot therefore be played back to test a FIPS-only mode Policy Server.
To record and play back tests against a FIPS-migration or FIPS-only mode Policy Server, do one of the following procedures:
Note: If the Test Tool is not started using a command-line option, it uses the FIPS mode that is defined in the CA_SM_PS_FIPS140 environment variable. If CA_SM_PS_FIPS140 is not set, the Test Tool defaults to FIPS-compatibility mode.
To open the Test Tool in a specific FIPS mode to record or playback, start the Test Tool using the -cf command line option.
Follow these steps:
smtest -cf FIPSmode [command_script]
Specifies one of the following FIPS modes (to match the FIPS mode of the Policy Server):
Note: The value of FIPSmode is not case-sensitive.
(Optional) specifies the pathname of a Command Script file to playback.
Test Tool behavior for each FIPSmode setting is as follows:
Configures the Test Tool to operate with the following characteristics:
Configures the Test Tool to operate with the following characteristics:
Configures the Test Tool to operate with the following characteristics:
Configure the default FIPS mode for the Test Tool (and other local CA SiteMinder® components) by defining the CA_SM_PS_FIPS140 environment variable.
Note: If the Test Tool is started using the -cf command line option, the CA_SM_PS_FIPS140 environment variable is ignored.
Follow these steps:
CA_SM_PS_FIPS140=FIPSmode
Specifies one of the following FIPS modes (to match the FIPS mode of the Policy Server):
Note: For more information about setting environment variables, see your OS–specific documentation.
Test Tool behavior for each FIPSmode environment setting is as follows:
Configures the Test Tool to operate with the following characteristics:
Configures the Test Tool to operate with the following characteristics:
Configures the Test Tool to operate with the following characteristics:
The test tool requires information about the Policy Server that will be used when simulating the interaction with the Agent described in the CA SiteMinder® Agent group box. The required information differs slightly depending on the type of Agent you selected.
For Version 4 Agents and RADIUS Agent simulations, you must specify the IP address and port information of the Policy Server(s) used in the test. If you want to simulate a multiple Policy Server environment, you can specify how those Policy Servers operate.
To set up Policy Server(s) for Version 4 Agent and RADIUS Agent simulations
Indicates whether you are specifying the primary or secondary Policy Server.
Specifies the IP address of the Policy Server. By default, this field contains the IP address of the local system.
Specifies the TCP ports used for authorization, authentication, and accounting requests. These fields are populated with the Policy Server’s default port numbers.
Displays the time (in seconds) that the Test Tool should wait for a response from the Policy Server.
Enables failover. During failover, the Test Tool directs requests to the initial Policy Server. If the initial Policy Server fails, the Test Tool redirects requests to the secondary Policy Server.
Enables round robin load balancing. Round robin load balancing divides requests between the primary and secondary Policy Servers. For each connection, the Test Tool alternates between Policy Servers.
If the Test Tool makes a connection, the IsProtected and DoManagement stop lights turn green.
Note: You must specify an Agent before testing the Policy Server connection.
For Version 5 Agents simulations, you may specify the IP address and port information of the Policy Server(s) used in the test, or you may use the Policy Server information contained in the Host Configuration Object contained in the policy store.
By default, the Policy Server information will be retrieved from the policy store when the Test Tool uses the SmHost.conf file to establish an initial connection to the Policy Server. To specify Policy Server information manually, select the Override check box and fill in Policy Server information as described in Set Up the Policy Server for Version 4 Agents and RADIUS Agent Simulations.
You can configure the Agent that the Test Tool simulates during a test in the CA SiteMinder® Agent group box.
Use one of the test modes in the following list to determine how tests are run and results are displayed. Depending on the test mode that you select, you may also have to specify script information.
Allows you to enter data, run tests, and see the results displayed immediately in the Server Response section.
Combines Interactive operation with a script generation feature that writes test results to a plain-text command script file.
Uses Command Script files created in the Record mode to automate sequential tests. Ideal for regression testing.
Uses a manually configured Thread Control File to automate complex tests. Ideal for stress testing.
You can specify the resource against which you want to conduct tests. Providing a resource simulates a user entering a URL in a browser.
To specify resource information, provide values for the following options
Enter the relative path of the resource that CA SiteMinder® is protecting as it is configured in the realm. The path is relative to the Web server’s publishing directory. For example, /protected/.
Enter the Agent action, Authentication event, or Authorization event specified in the rule that you are testing.
You can configure the Agent that the Test Tool simulates during a test in the CA SiteMinder® Agent group box.
The Test Tool requires user credentials to test whether or not a policy can authenticate or authorize a user.
To specify user credentials, complete the following fields:
Enter the user name you want to use to access the resource.
Enter the password for the user entered in User Name.
If you are using a RADIUS CHAP authentication scheme, select this check box.
If the protected resource requires certificates to authenticate users, you must provide a certificate file so that the Test Tool can simulate certificate authentication.
You can configure the Agent that the Test Tool simulates during a test in the CA SiteMinder® Agent group box.
The encoding spec field allows you to specify a language encoding parameter. The Test Tool uses this parameter to encode headers in the same manner as a Web Agent. It then displays the encoded response attribute data in the Attributes field.
For more information about language encoding, see the Web Agent Configuration Guide.
To set the encoding spec, enter a value for the encoding spec as follows:
encoding_spec, wrapping_spec
where:
Note: If you leave this field blank, the default is UTF-8 with no wrapping.
You can configure the Agent that the Test Tool simulates during a test in the CA SiteMinder® Agent group box.
To avoid reentering user-supplied information, such as Agent, resource, and user information, you can save these values into a Test Tool Settings file. You can then reload those values at any time.
To save the current values that are specified in the Test Tool:
The file is saved with a .ini file extension.
To retrieve the saved values from the Test Tool Settings file:
Note:You can also load the Test Tool Settings file from a Command Script.
Edit the Test Tool Settings (.ini) file and add the following parameters to regulate how the Test Tool connects to the Policy Server:
Specifies the maximum number of connections that the Test Tool establishes to the Policy Server.
Specifies the minimum number of connections that the Test Tool establishes to the Policy Server.
Specifies how many new sockets the Test Tool can be opened at a time if a new connection needs to be made (up to the value specified in MaxConnections:).
Follow these steps:
Copyright © 2014 CA.
All rights reserved.
|
|