Previous Topic: Configure Your Test Environment AgentNext Topic: Perform a Regression Test by Playing Back a Test Recorded in a Command Script File


Run a Functionality Test

The CA SiteMinder® Test Tool allows you to test the functionality of policies in a simulated real-world environment. To perform a functionality test, you must have the following:

CA SiteMinder® allows you to perform the following functionality tests:

IsProtected

Indicates whether or not a policy is protecting the resource you specified.

IsAuthenticated

Indicates whether or not the Policy Server can authenticate a set of user credentials against a user directory.

When user credentials are authenticated, the Policy Server compares the credentials to entries in a user directory. If the credentials match an entry, the Policy Server creates a session ticket and authenticates the user.

In a "real" CA SiteMinder® deployment, CA SiteMinder® confirms that a user’s session ticket is valid instead of rechecking the user’s credentials against a directory when an authenticated user makes additional requests. By default, the Test Tool authenticates the user each time the IsAuthenticated test is run, regardless of whether or not the user has a session ticket.

You can configure the Test Tool to validate a user’s session ticket by entering Validate in the Comment field in the Test Tool before running an IsAuthenticated test; however, CA SiteMinder® must authenticate the user before validating the session ticket.

Note: You can specify Validate when you run multiple tests in Interactive mode (using the Repeat count field), and in Playback mode.

IsAuthorized

Indicates whether or not the Policy Server can authorize a user based on a policy.

These tests must be run in the order they appear above. For example, you must run IsProtected before running IsAuthenticated. The order reflects the steps that CA SiteMinder® uses to determine a user’s access rights.

While running functionality tests, you can also use the Test Tool to perform the following tasks:

DoAccounting

Logs the most recent accounting server transactions.

DoManagement

Requests Agent commands, such as cache flush commands that clear the Agent cache. Running DoManagement ensures that the Test Tool receives current information from the Policy Server.

To run a functionality test

  1. Configure a test environment.

    Note: You can also test policies using the Scripting Interface. See the Programming Guide for Perl.

  2. (Optional) Specify the number of times you want the Test Tool to run your test in the Repeat Count field in the Command group box.
  3. In the Command group box, select one of the following tests to run:
  4. If you are running an IsAuthenticated test and you want the Test Tool to validate an authenticated user’s session ticket instead of authenticating the user’s credentials against a user directory, enter Validate in the Comment field.

Note: Before validating a user’s session ticket, the user must be authenticated. Once the user is authenticated, CA SiteMinder® creates a session ticket for the user.

More information:

Calculate an Average Elapsed Time

Configure Your Test Environment Agent

(Optional) Record Your Test in a Command Script File for Regression and Stress Testing

When you run a test in Record mode, the Test Tool writes the test commands and test results to a plain-text Command Script file. This file can later be used as an input file to repeat the test in playback mode.

You can record multiple tests to the same Command Script file. The Test Tool appends the test results to the end of the file. You can then use the script file for regression testing.

Follow these steps:

  1. Select the Record test mode.
  2. Enter the path and filename for the Command Script file where the test results are stored in the Output Script field.
  3. Optionally, enter how many times the recorded test is to run in the Repeat count field.
  4. Optionally, enter a comment to add to the Command Script file in the Comment field.
  5. Run one or more tests.
  6. To stop recording, specify a new test mode.

More information:

How to Use the Test Tool in FIPS-only Environments

Functionality Test Results

The tables in this section describe the results of each type of functionality test.

If isProtected...

Then...

Succeeds

The Test Tool displays Protected in the Message field. This means that the Test Tool made a successful connection to the Policy Server and a policy is protecting the resource.

The Test Tool also populates the following fields with values returned by the Policy Server:

Realm Name

Name of the realm that contains the resource

Realm OID

The realm object identifier

Credentials

The authentication scheme used to protect the resource

Redirect

The redirect string used by the authentication scheme, if one is specified. All certificate and HTML forms-based schemes return this string, which typically instructs the Agent where to display a form.

Fails

The Test Tool displays Error or Not Protected in the Message field. Error indicates that the Test Tool could not connect to the Policy Server; Not Protected indicates that the specified resource is not protected by a policy.

If the test fails:

Make sure that the policy is configured correctly.

Check the Authentication server log for debugging information.

If isAuthenticated...

Then...

Succeeds

The Test Tool displays Authenticated in the Message field and populates the following fields with values returned by the Policy Server:

Session ID

A unique CA SiteMinder®-assigned session ID. The Policy Server uses this ID to identify the cookie where session information is stored.

Attributes

The attributes the Policy Server sends back in the response. For example:

The response indicates the name of the user directory where the user was authenticated.

Note: Click Reset to clear responses displayed in the Attributes field without removing user-supplied information.

Reason

The reason code associated with the outcome of the test. This field is used to supply information to developers using the CA SiteMinder® SDK. Reason codes are listed in SmApi.h.

Fails

The Test Tool displays Not Authenticated in the Message field.

If the test fails:

Make sure that you are using valid user credentials.

Check the Authentication server log for debugging information.

If IsAuthorized...

Then...

Succeeds

The Test Tool displays Authorized in the Message field and the CA SiteMinder®-assigned Session ID in the Session ID field. This ID identifies the cookie where session information is stored.

Fails

The Test Tool displays Not Authorized in the Message field.

If the test fails:

Make sure that the policy is configured correctly.

Check the Authorization server log for debugging information.

Calculate an Average Elapsed Time

After performing a test, the Test Tool displays the amount of time the test took to run in the Elapsed Time field of the Command group box. Because of fluctuations in the system, averaging the elapsed time of multiple tests provides more accurate results.

To get an average elapsed time

  1. In the Repeat Count field, specify the number of times you want to run the test.

    The Test Tool runs the test the specified number of times and then displays the total elapsed time.

  2. Divide the elapsed time by the number of times the test was run to determine the average elapsed time.