The CA SiteMinder® Test Tool allows you to test the functionality of policies in a simulated real-world environment. To perform a functionality test, you must have the following:
Note: If the Test Tool is simulating a CA SiteMinder® Agent v5.x, that Agent must have 4.x support enabled.
CA SiteMinder® allows you to perform the following functionality tests:
Indicates whether or not a policy is protecting the resource you specified.
Indicates whether or not the Policy Server can authenticate a set of user credentials against a user directory.
When user credentials are authenticated, the Policy Server compares the credentials to entries in a user directory. If the credentials match an entry, the Policy Server creates a session ticket and authenticates the user.
In a "real" CA SiteMinder® deployment, CA SiteMinder® confirms that a user’s session ticket is valid instead of rechecking the user’s credentials against a directory when an authenticated user makes additional requests. By default, the Test Tool authenticates the user each time the IsAuthenticated test is run, regardless of whether or not the user has a session ticket.
You can configure the Test Tool to validate a user’s session ticket by entering Validate in the Comment field in the Test Tool before running an IsAuthenticated test; however, CA SiteMinder® must authenticate the user before validating the session ticket.
Note: You can specify Validate when you run multiple tests in Interactive mode (using the Repeat count field), and in Playback mode.
Indicates whether or not the Policy Server can authorize a user based on a policy.
These tests must be run in the order they appear above. For example, you must run IsProtected before running IsAuthenticated. The order reflects the steps that CA SiteMinder® uses to determine a user’s access rights.
While running functionality tests, you can also use the Test Tool to perform the following tasks:
Logs the most recent accounting server transactions.
Requests Agent commands, such as cache flush commands that clear the Agent cache. Running DoManagement ensures that the Test Tool receives current information from the Policy Server.
To run a functionality test
Note: You can also test policies using the Scripting Interface. See the Programming Guide for Perl.
Note: Before validating a user’s session ticket, the user must be authenticated. Once the user is authenticated, CA SiteMinder® creates a session ticket for the user.
When you run a test in Record mode, the Test Tool writes the test commands and test results to a plain-text Command Script file. This file can later be used as an input file to repeat the test in playback mode.
You can record multiple tests to the same Command Script file. The Test Tool appends the test results to the end of the file. You can then use the script file for regression testing.
Follow these steps:
The tables in this section describe the results of each type of functionality test.
If isProtected... |
Then... |
---|---|
Succeeds |
The Test Tool displays Protected in the Message field. This means that the Test Tool made a successful connection to the Policy Server and a policy is protecting the resource. The Test Tool also populates the following fields with values returned by the Policy Server: Realm Name Name of the realm that contains the resource Realm OID The realm object identifier Credentials The authentication scheme used to protect the resource Redirect The redirect string used by the authentication scheme, if one is specified. All certificate and HTML forms-based schemes return this string, which typically instructs the Agent where to display a form. |
Fails |
The Test Tool displays Error or Not Protected in the Message field. Error indicates that the Test Tool could not connect to the Policy Server; Not Protected indicates that the specified resource is not protected by a policy. If the test fails: Make sure that the policy is configured correctly. Check the Authentication server log for debugging information. |
If isAuthenticated... |
Then... |
---|---|
Succeeds |
The Test Tool displays Authenticated in the Message field and populates the following fields with values returned by the Policy Server: Session ID A unique CA SiteMinder®-assigned session ID. The Policy Server uses this ID to identify the cookie where session information is stored. Attributes The attributes the Policy Server sends back in the response. For example: The response indicates the name of the user directory where the user was authenticated. Note: Click Reset to clear responses displayed in the Attributes field without removing user-supplied information. Reason The reason code associated with the outcome of the test. This field is used to supply information to developers using the CA SiteMinder® SDK. Reason codes are listed in SmApi.h. |
Fails |
The Test Tool displays Not Authenticated in the Message field. If the test fails: Make sure that you are using valid user credentials. Check the Authentication server log for debugging information. |
If IsAuthorized... |
Then... |
---|---|
Succeeds |
The Test Tool displays Authorized in the Message field and the CA SiteMinder®-assigned Session ID in the Session ID field. This ID identifies the cookie where session information is stored. |
Fails |
The Test Tool displays Not Authorized in the Message field. If the test fails: Make sure that the policy is configured correctly. Check the Authorization server log for debugging information. |
After performing a test, the Test Tool displays the amount of time the test took to run in the Elapsed Time field of the Command group box. Because of fluctuations in the system, averaging the elapsed time of multiple tests provides more accurate results.
To get an average elapsed time
The Test Tool runs the test the specified number of times and then displays the total elapsed time.
Copyright © 2014 CA.
All rights reserved.
|
|