Previous Topic: Test Tool OverviewNext Topic: Run a Functionality Test


Configure Your Test Environment Agent

You can configure the Agent that the Test Tool simulates during a test in the CA SiteMinder® Agent group box.

The Agent that the Test Tool simulates must be configured in the Administrative UI.

To configure Agent information, specify the following options

Agent Type

Specify one of the following Agent Types:

Version 4

Simulates CA SiteMinder® 4.x Agents.

Version 5

Simulates CA SiteMinder® 5.x Agents.

Note: If you want to use the Test Tool on a system to simulate a CA SiteMinder® 5.x Web Agent, you must run the smreghost.exe application on the system where you will run the Test Tool. The smreghost.exe file is included with your Web Agent, and described in the Web Agent Installation Guide. The file is also located in <Policy Server install dir>/siteminder/bin.

RADIUS

Simulates RADIUS devices.

Agent Name

Enter the name of the Agent as it appears in the Administrative UI. This field is required for both Version 4 and Version 5 Agent simulations.

Secret

Enter the Agent’s shared secret. This must match the shared secret entered when the Agent was created. A Secret is required for Version 4 and RADIUS Agent simulations.

(Optional) Server

Enter the full name of the server on which the Agent resides. For example, to test the Policy Server for http://www.myorg.org, enter www.myorg.org in this field. This field may be used for Version 4 Agent simulations.

SmHost.conf Path

Enter the path to the SmHost.conf file that contains the settings for the Version 5 Agent you want to simulate. You can use the Browse button to search for the SmHost.conf file.

Start the Test Tool on Windows

Start the Test Tool to test Policy Server functionality.

Important! If you are accessing the Test Tool on Windows Server 2008, open the shortcut with Administrator permissions. Use Administrator permissions even if you are logged in to the system as an Administrator. For more information, see the release notes for your CA SiteMinder® component.

Follow these steps:

Use one of the following methods:

Start the Test Tool on UNIX

Start the Test Tool to test Policy Server functionality.

Follow these steps:

  1. Open a Command Window and navigate to policy_server_home/bin.
  2. Type the following command:
    ./smtest
    

    Note: To run the Test Tool on UNIX, the X display server must be running. If required, enable the display by entering the following in a Command Window:

    export DISPLAY=n.n.n.n:0.0
    
    n.n.n.n

    Specifies the IP address of the Policy Server host system.

How to Use the Test Tool in FIPS-only Environments

Policy Servers that are configured in FIPS-migration or FIPS-only modes encrypt sensitive data using Advanced Encryption Standard (AES) algorithms. When running Interactive tests, the Test Tool uses FIPS-compliant algorithms as required to communicate with FIPS-only mode Policy Servers.

However, by default, the Test Tool does not use FIPS-compliant algorithms to encrypt sensitive data when creating a Command Script file in Record mode. A Command Script that contains data encrypted with a non-FIPS algorithm cannot therefore be played back to test a FIPS-only mode Policy Server.

To record and play back tests against a FIPS-migration or FIPS-only mode Policy Server, do one of the following procedures:

Note: If the Test Tool is not started using a command-line option, it uses the FIPS mode that is defined in the CA_SM_PS_FIPS140 environment variable. If CA_SM_PS_FIPS140 is not set, the Test Tool defaults to FIPS-compatibility mode.

Start the Test Tool in a Specific FIPS Mode Using Command-line Options

To open the Test Tool in a specific FIPS mode to record or playback, start the Test Tool using the -cf command line option.

Follow these steps:

  1. Open a Command Window and navigate to one of the following locations:
  2. Enter the following command:
    smtest -cf FIPSmode [command_script]
    
    FIPSmode

    Specifies one of the following FIPS modes (to match the FIPS mode of the Policy Server):

    • COMPAT (default)
    • MIGRATE
    • ONLY

    Note: The value of FIPSmode is not case-sensitive.

    command_script

    (Optional) specifies the pathname of a Command Script file to playback.

Test Tool behavior for each FIPSmode setting is as follows:

COMPAT

Configures the Test Tool to operate with the following characteristics:

MIGRATE

Configures the Test Tool to operate with the following characteristics:

ONLY

Configures the Test Tool to operate with the following characteristics:

Define the Default FIPS Mode By Setting the CA_SM_PS_FIPS140 Environment Variable

Configure the default FIPS mode for the Test Tool (and other local CA SiteMinder® components) by defining the CA_SM_PS_FIPS140 environment variable.

Note: If the Test Tool is started using the -cf command line option, the CA_SM_PS_FIPS140 environment variable is ignored.

Follow these steps:

  1. Complete one of the following steps:
  2. Set the following environment variable:

    CA_SM_PS_FIPS140=FIPSmode

    FIPSmode

    Specifies one of the following FIPS modes (to match the FIPS mode of the Policy Server):

    • COMPAT (Default)
    • MIGRATE
    • ONLY

    Note: For more information about setting environment variables, see your OS–specific documentation.

  3. Verify that Windows or the UNIX shells that runs the Administrative UI correctly recognizes the CA_SM_PS_FIPS140 variable.

Test Tool behavior for each FIPSmode environment setting is as follows:

COMPAT

Configures the Test Tool to operate with the following characteristics:

MIGRATE

Configures the Test Tool to operate with the following characteristics:

ONLY

Configures the Test Tool to operate with the following characteristics:

Policy Server Identification

The test tool requires information about the Policy Server that will be used when simulating the interaction with the Agent described in the CA SiteMinder® Agent group box. The required information differs slightly depending on the type of Agent you selected.

Set Up the Policy Server for Version 4 Agents and RADIUS Agent Simulations

For Version 4 Agents and RADIUS Agent simulations, you must specify the IP address and port information of the Policy Server(s) used in the test. If you want to simulate a multiple Policy Server environment, you can specify how those Policy Servers operate.

To set up Policy Server(s) for Version 4 Agent and RADIUS Agent simulations

  1. Specify the following Policy Server options, as necessary:
    Policy Server

    Indicates whether you are specifying the primary or secondary Policy Server.

    IP Address

    Specifies the IP address of the Policy Server. By default, this field contains the IP address of the local system.

    Authorization, Authentication, and Accounting Ports

    Specifies the TCP ports used for authorization, authentication, and accounting requests. These fields are populated with the Policy Server’s default port numbers.

    Timeout

    Displays the time (in seconds) that the Test Tool should wait for a response from the Policy Server.

  2. Select one of the following operation modes:
    Failover

    Enables failover. During failover, the Test Tool directs requests to the initial Policy Server. If the initial Policy Server fails, the Test Tool redirects requests to the secondary Policy Server.

    Round Robin

    Enables round robin load balancing. Round robin load balancing divides requests between the primary and secondary Policy Servers. For each connection, the Test Tool alternates between Policy Servers.

  3. Click Connect to make sure that the Test Tool can connect to the Policy Server.

    If the Test Tool makes a connection, the IsProtected and DoManagement stop lights turn green.

Note: You must specify an Agent before testing the Policy Server connection.

Policy Server Information for Version 5 Agents

For Version 5 Agents simulations, you may specify the IP address and port information of the Policy Server(s) used in the test, or you may use the Policy Server information contained in the Host Configuration Object contained in the policy store.

By default, the Policy Server information will be retrieved from the policy store when the Test Tool uses the SmHost.conf file to establish an initial connection to the Policy Server. To specify Policy Server information manually, select the Override check box and fill in Policy Server information as described in Set Up the Policy Server for Version 4 Agents and RADIUS Agent Simulations.

You can configure the Agent that the Test Tool simulates during a test in the CA SiteMinder® Agent group box.

Select a Test Mode

Use one of the test modes in the following list to determine how tests are run and results are displayed. Depending on the test mode that you select, you may also have to specify script information.

Interactive

Allows you to enter data, run tests, and see the results displayed immediately in the Server Response section.

Record

Combines Interactive operation with a script generation feature that writes test results to a plain-text command script file.

Basic Playback

Uses Command Script files created in the Record mode to automate sequential tests. Ideal for regression testing.

Advanced Playback

Uses a manually configured Thread Control File to automate complex tests. Ideal for stress testing.

More information:

Run a Stress Test

Specify Resource Information

You can specify the resource against which you want to conduct tests. Providing a resource simulates a user entering a URL in a browser.

To specify resource information, provide values for the following options

Resource

Enter the relative path of the resource that CA SiteMinder® is protecting as it is configured in the realm. The path is relative to the Web server’s publishing directory. For example, /protected/.

Action

Enter the Agent action, Authentication event, or Authorization event specified in the rule that you are testing.

You can configure the Agent that the Test Tool simulates during a test in the CA SiteMinder® Agent group box.

Specify User Credentials

The Test Tool requires user credentials to test whether or not a policy can authenticate or authorize a user.

To specify user credentials, complete the following fields:

User Name

Enter the user name you want to use to access the resource.

Password

Enter the password for the user entered in User Name.

CHAP Password

If you are using a RADIUS CHAP authentication scheme, select this check box.

Certificate File

If the protected resource requires certificates to authenticate users, you must provide a certificate file so that the Test Tool can simulate certificate authentication.

You can configure the Agent that the Test Tool simulates during a test in the CA SiteMinder® Agent group box.

Set the Encoding Spec

The encoding spec field allows you to specify a language encoding parameter. The Test Tool uses this parameter to encode headers in the same manner as a Web Agent. It then displays the encoded response attribute data in the Attributes field.

For more information about language encoding, see the Web Agent Configuration Guide.

To set the encoding spec, enter a value for the encoding spec as follows:

encoding_spec, wrapping_spec

where:

Note: If you leave this field blank, the default is UTF-8 with no wrapping.

You can configure the Agent that the Test Tool simulates during a test in the CA SiteMinder® Agent group box.

Save and Load Test Configurations in a Test Tool Settings File

To avoid reentering user-supplied information, such as Agent, resource, and user information, you can save these values into a Test Tool Settings file. You can then reload those values at any time.

To save the current values that are specified in the Test Tool:

  1. Click the Save Settings button.
  2. Enter a location and name for the Test Tool Settings in the Save As dialog and click Save.

    The file is saved with a .ini file extension.

To retrieve the saved values from the Test Tool Settings file:

  1. Click the Load Settings button.
  2. Enter the location and name of the Test Tool Settings File in the Open dialog and click Open.

Note:You can also load the Test Tool Settings file from a Command Script.

(Optional) Regulate Test Tool Connections to the Policy Server

Edit the Test Tool Settings (.ini) file and add the following parameters to regulate how the Test Tool connects to the Policy Server:

MaxConnections:

Specifies the maximum number of connections that the Test Tool establishes to the Policy Server.

MinConnections:

Specifies the minimum number of connections that the Test Tool establishes to the Policy Server.

ConnectionsStep:

Specifies how many new sockets the Test Tool can be opened at a time if a new connection needs to be made (up to the value specified in MaxConnections:).

Follow these steps:

  1. Check the value of the "SM Agent or Radius:" parameter in the Command Script file and do one of the following steps:
  2. Verify that the value of the "Agent Name" parameter in the Command Script file is the same as the "Agent name" parameter in the Test Tool Settings file. If not, the new parameters are ignored and the following default values used: MaxConnections=20, ConnectionStep=2.
  3. Open the Test Tool Settings file in a text editor.
  4. Add required parameters, one per line, using the same format as the other parameters in the file. That it, enter the parameter value starting at column 24 of the line.
  5. Save and close the Test Tool Settings file.