EMI STS Test Plan

  • Component: STS
  • Description: Security Token Service

Unit Tests

The unit tests are automatically run at build time, and the build will fail if a unit test is not successful. TestNG framework is used for unit testing.

If the RfC is a source code modification (bugs, ...), the developers are responsible to implement the required unit test for every RfCs implemented.

Deployment Tests

The repositories defined in the EMI-3, corresponding to the desired platform must be installed to the system.

As the 1.0 version of STS is the first certified version, only clean installations are documented.

Client deployment

No client is included in the EMI-3 distribution.

Server deployment

The server-side can be installed by installing the package sts.

See STSConfiguration for the configuration instructions.

Configuration is tested in the functional tests.

Basic Functionality Tests

Automatic tests have been implemented for the functional tests, except the configuration tests. The configuration tests require visible output verification from the command-line interface.

Configuration

Test-Server-Config-1

Precondition

The configuration file sts-server.ini is invalid.

Test

Start the STS server.

Postcondition

The STS server is not running. The STS server logs indicate the error and prints all the information needed to find the cause of the error.

Test-Server-Config-2

Precondition

The configuration file sts-server.ini is valid.

Test

Start the STS server.

Postcondition

The STS server is running and it listens to the configured port.

Functionality

Test-Func-WsTrust-01

Precondition

The STS server is configured and running.

Test

The test client sends a SOAP message, containing invalid sbf:Framework version.

Postcondition

The server responds with an error describing the invalid Framework version (something else than 2.0).

Test-Func-WsTrust-02

Precondition

The STS server is configured and running.

Test

The test client sends a SOAP message, containing a valid sbf:Framework version (2.0).

Postcondition

The server responds without an error describing the invalid Framework version.

Test-Func-WsTrust-03

Precondition

The STS server is configured and running. The message passes Test-Func-WsTrust-02.

Test

The test client sends a SOAP message, containing an expired timestamp (more in the past than the clock skew configured to the server).

Postcondition

The server responds without an error describing that the message has been expired.

Test-Func-WsTrust-04

Precondition

The STS server is configured and running. The message passes Test-Func-WsTrust-02.

Test

The test client sends a SOAP message, containing a valid timestamp (with the clock skew configured to the server).

Postcondition

The server responds without an error describing that the message has been expired.

Test-Func-WsTrust-05

Precondition

The STS server is configured and running. The message passes Test-Func-WsTrust-02.

Test

The test client sends a SOAP message, containing a timestamp in the future (more in the future than the clock skew configured to the server).

Postcondition

The server responds with an error describing that the message has been issued too far in the future.

Test-Func-WsTrust-06

Precondition

The STS server is configured and running. The message passes Test-Func-WsTrust-02 and Test-Func-WsTrust-04.

Test

The test client sends a SOAP message, containing a valid message ID.

Postcondition

The server responds with a SOAP message that contains the message ID in the RelatesTo-element.

Test-Func-WsTrust-07

Precondition

The STS server is configured to require message IDs and running. The message passes Test-Func-WsTrust-02 and Test-Func-WsTrust-04.

Test

The test client sends a SOAP message, not containing a message ID.

Postcondition

The server responds with an error describing that the message ID has not been found even though it's required.

Test-Func-WsTrust-08

Precondition

The STS server is configured and running. The message passes Test-Func-WsTrust-02, Test-Func-WsTrust-04 and Test-Func-WsTrust-06.

Test

The test client sends a SOAP message, containing an invalid wsa:Action.

Postcondition

The server responds with an error describing that the action is not supported.

Test-Func-WsTrust-09

Precondition

The STS server is configured and running. The message passes Test-Func-WsTrust-02, Test-Func-WsTrust-04 and Test-Func-WsTrust-06.

Test

The test client sends a SOAP message, containing a valid wsa:Action.

Postcondition

The server responds without an error describing that the action is not supported.

Test-Func-WsTrust-10

Precondition

The STS server is configured and running. The message passes Test-Func-WsTrust-02, Test-Func-WsTrust-04, Test-Func-WsTrust-06 and Test-Func-WsTrust-09.

Test

The test client sends a SOAP message, containing a wst:RequestSecurityToken with an invalid wst:RequestType.

Postcondition

The server responds with an error describing that the request type is not supported.

Test-Func-WsTrust-11

Precondition

The STS server is configured and running. The message passes Test-Func-WsTrust-02, Test-Func-WsTrust-04, Test-Func-WsTrust-06 and Test-Func-WsTrust-09.

Test

The test client sends a SOAP message, containing a wst:RequestSecurityToken with a valid wst:RequestType.

Postcondition

The server responds without an error describing that the request type is not supported.

Test-Func-LDAP-01

Precondition

The STS server is configured and running. The message passes Test-Func-WsTrust-02, Test-Func-WsTrust-04, Test-Func-WsTrust-06, Test-Func-WsTrust-09 and Test-Func-WsTrust-11.

Test

The test client sends a SOAP message, containing an username token with invalid username or password.

Postcondition

The server responds with an error describing that the password was invalid.

Test-Func-LDAP-02

Precondition

The STS server is configured and running. The message passes Test-Func-WsTrust-02, Test-Func-WsTrust-04, Test-Func-WsTrust-06, Test-Func-WsTrust-09 and Test-Func-WsTrust-11.

Test

The test client sends a SOAP message, containing an username token with valid username or password.

Postcondition

The server responds without an error describing that the password was invalid.

Test-Func-SAML-01

Precondition

The STS server is configured to trust the IDP used in the tests, and is running. The message passes Test-Func-WsTrust-02, Test-Func-WsTrust-04, Test-Func-WsTrust-06, Test-Func-WsTrust-09 and Test-Func-WsTrust-11.

Test

The test client sends a PAOS request to initiate the ECP profile.

Postcondition

The server responds with a SOAP message containing the SAML authentication request.

Test-Func-SAML-02

Precondition

The STS server is configured to trust the IDP used in the tests, and is running. The message passes Test-Func-WsTrust-02, Test-Func-WsTrust-04, Test-Func-WsTrust-06, Test-Func-WsTrust-09 and Test-Func-WsTrust-11.

Test

The test client sends a SOAP message, containing a SAML assertion with invalid signature.

Postcondition

The server responds with an error describing that the signature is invalid.

Test-Func-SAML-03

Precondition

The STS server is configured to trust the IDP used in the tests, and is running. The message passes Test-Func-WsTrust-02, Test-Func-WsTrust-04, Test-Func-WsTrust-06, Test-Func-WsTrust-09 and Test-Func-WsTrust-11.

Test

The test client sends a SOAP message, containing a SAML assertion with a valid signature.

Postcondition

The server responds without an error describing that the signature is invalid.

Test-Func-SAML-04

Precondition

The STS server is configured to trust the IDP used in the tests, and is running. The message passes Test-Func-WsTrust-02, Test-Func-WsTrust-04, Test-Func-WsTrust-06, Test-Func-WsTrust-09, Test-Func-WsTrust-11 and Test-Func-SAML-03.

Test

The test client sends a SOAP message, containing a SAML assertion with expired issue instant (relates the clockSkew and assertionLifetime configuration).

Postcondition

The server responds with an error describing that the assertion has been expired.

Test-Func-SAML-05

Precondition

The STS server is configured to trust the IDP used in the tests, and is running. The message passes Test-Func-WsTrust-02, Test-Func-WsTrust-04, Test-Func-WsTrust-06, Test-Func-WsTrust-09, Test-Func-WsTrust-11 and Test-Func-SAML-03.

Test

The test client sends a SOAP message, containing a SAML assertion with a valid issue instant (relates the clockSkew and assertionLifetime configuration).

Postcondition

The server responds without an error describing that the assertion has been expired.

Test-Func-SAML-06

Precondition

The STS server is configured to trust the IDP used in the tests, and is running. The message passes Test-Func-WsTrust-02, Test-Func-WsTrust-04, Test-Func-WsTrust-06, Test-Func-WsTrust-09, Test-Func-WsTrust-11 and Test-Func-SAML-03.

Test

The test client sends a SOAP message, containing a SAML assertion with issue instant in the future (relates the clockSkew configuration).

Postcondition

The server responds with an error describing that the assertion has been issued in the future.

Test-Func-SAML-07

Precondition

The STS server is configured to trust the IDP used in the tests, and is running. The message passes Test-Func-WsTrust-02, Test-Func-WsTrust-04, Test-Func-WsTrust-06, Test-Func-WsTrust-09, Test-Func-WsTrust-11,Test-Func-SAML-03 and Test-Func-SAML05.

Test

The test client sends a SOAP message, containing a SAML assertion with expired authentication instant (relates the clockSkew configuration).

Postcondition

The server responds with an error describing that the authentication has been expired.

Test-Func-SAML-08

Precondition

The STS server is configured to trust the IDP used in the tests, and is running. The message passes Test-Func-WsTrust-02, Test-Func-WsTrust-04, Test-Func-WsTrust-06, Test-Func-WsTrust-09, Test-Func-WsTrust-11,Test-Func-SAML-03 and Test-Func-SAML05.

Test

The test client sends a SOAP message, containing a SAML assertion with a valid authentication instant (relates the clockSkew configuration).

Postcondition

The server responds without an error describing that the authentication has been expired.

Test-Func-SAML-09

Precondition

The STS server is configured to trust the IDP used in the tests, and is running. The message passes Test-Func-WsTrust-02, Test-Func-WsTrust-04, Test-Func-WsTrust-06, Test-Func-WsTrust-09, Test-Func-WsTrust-11,Test-Func-SAML-03 and Test-Func-SAML05.

Test

The test client sends a SOAP message, containing a SAML assertion with authentication instant in the future (relates the clockSkew configuration).

Postcondition

The server responds with an error describing that the authentication has been performed in the future.

Test-Func-SAML-10

Precondition

The STS server is configured to trust the IDP used in the tests, and is running. The message passes Test-Func-WsTrust-02, Test-Func-WsTrust-04, Test-Func-WsTrust-06, Test-Func-WsTrust-09, Test-Func-WsTrust-11,Test-Func-SAML-03, Test-Func-SAML05 and Test-Func-SAML-08.

Test

The test client sends a SOAP message, containing a SAML assertion with expired conditions (relates the clockSkew configuration).

Postcondition

The server responds with an error describing that the conditions have been expired.

Test-Func-SAML-11

Precondition

The STS server is configured to trust the IDP used in the tests, and is running. The message passes Test-Func-WsTrust-02, Test-Func-WsTrust-04, Test-Func-WsTrust-06, Test-Func-WsTrust-09, Test-Func-WsTrust-11,Test-Func-SAML-03, Test-Func-SAML05 and Test-Func-SAML-08.

Test

The test client sends a SOAP message, containing a SAML assertion with valid conditions (relates the clockSkew configuration).

Postcondition

The server responds without an error describing that the conditions have been expired.

Test-Func-SAML-12

Precondition

The STS server is configured to trust the IDP used in the tests, and is running. The message passes Test-Func-WsTrust-02, Test-Func-WsTrust-04, Test-Func-WsTrust-06, Test-Func-WsTrust-09, Test-Func-WsTrust-11,Test-Func-SAML-03, Test-Func-SAML05 and Test-Func-SAML-08.

Test

The test client sends a SOAP message, containing a SAML assertion with conditions valid in the future (relates the clockSkew configuration).

Postcondition

The server responds with an error describing that the conditions are only valid in the future.

Test-Func-SAML-13

Precondition

The STS server is configured to trust the IDP used in the tests, and is running. The message passes Test-Func-WsTrust-02, Test-Func-WsTrust-04, Test-Func-WsTrust-06, Test-Func-WsTrust-09, Test-Func-WsTrust-11,Test-Func-SAML-03, Test-Func-SAML05, Test-Func-SAML-08 and Test-Func-SAML-11.

Test

The test client sends a SOAP message, containing a SAML assertion with expired subject conformation (relates the clockSkew configuration).

Postcondition

The server responds with an error describing that the subject conformation has been expired.

Test-Func-SAML-14

Precondition

The STS server is configured to trust the IDP used in the tests, and is running. The message passes Test-Func-WsTrust-02, Test-Func-WsTrust-04, Test-Func-WsTrust-06, Test-Func-WsTrust-09, Test-Func-WsTrust-11,Test-Func-SAML-03, Test-Func-SAML05, Test-Func-SAML-08 and Test-Func-SAML-11.

Test

The test client sends a SOAP message, containing a SAML assertion with valid subject conformation (relates the clockSkew configuration).

Postcondition

The server responds without an error describing that the subject conformation has been expired.

Test-Func-SAML-15

Precondition

The STS server is configured to trust the IDP used in the tests, and is running. The message passes Test-Func-WsTrust-02, Test-Func-WsTrust-04, Test-Func-WsTrust-06, Test-Func-WsTrust-09, Test-Func-WsTrust-11,Test-Func-SAML-03, Test-Func-SAML05, Test-Func-SAML-08, Test-Func-SAML-11 and Test-Func-SAML-14.

Test

The test client sends a SOAP message, containing a SAML assertion with invalid in-response-to (that was not obtained from the ECP initiation).

Postcondition

The server responds with an error describing that the authentication request id cannot be found.

Test-Func-SAML-16

Precondition

The STS server is configured to trust the IDP used in the tests, and is running. The message passes Test-Func-WsTrust-02, Test-Func-WsTrust-04, Test-Func-WsTrust-06, Test-Func-WsTrust-09, Test-Func-WsTrust-11,Test-Func-SAML-03, Test-Func-SAML05, Test-Func-SAML-08, Test-Func-SAML-11 and Test-Func-SAML-14.

Test

The test client sends a SOAP message, containing a SAML assertion with a valid in-response-to (obtained from the ECP initiation).

Postcondition

The server responds without an error describing that the authentication request id cannot be found.

Test-Func-SAML-17

Precondition

The STS server is configured to trust the IDP used in the tests, and is running. The message passes Test-Func-WsTrust-02, Test-Func-WsTrust-04, Test-Func-WsTrust-06, Test-Func-WsTrust-09, Test-Func-WsTrust-11,Test-Func-SAML-03, Test-Func-SAML05, Test-Func-SAML-08, Test-Func-SAML-11, Test-Func-SAML-14 and Test-Func-SAML16.

Test

The test client sends a SOAP message, containing a SAML assertion without an attribute required in the subject DN generation.

Postcondition

The server responds with an error describing that the subject DN could not be generated.

Test-Func-SAML-18

Precondition

The STS server is configured to trust the IDP used in the tests, and is running. The message passes Test-Func-WsTrust-02, Test-Func-WsTrust-04, Test-Func-WsTrust-06, Test-Func-WsTrust-09, Test-Func-WsTrust-11,Test-Func-SAML-03, Test-Func-SAML05, Test-Func-SAML-08, Test-Func-SAML-11, Test-Func-SAML-14 and Test-Func-SAML16.

Test

The test client sends a SOAP message, containing a SAML assertion with attributes required in the subject DN generation.

Postcondition

The server responds without an error describing that the subject DN could not be generated.

Test-Func-Issue-LDAP-01

Precondition

The STS server is configured and running. The message passes Test-Func-WsTrust-02, Test-Func-WsTrust-04, Test-Func-WsTrust-06, Test-Func-WsTrust-09, Test-Func-WsTrust-11 and Test-Func-LDAP-02.

Test

The test client sends a SOAP message, containing a request security token message with invalid token type.

Postcondition

The server responds with an error describing that the token type is not supported.

Test-Func-Issue-LDAP-02

Precondition

The STS server is configured and running. The message passes Test-Func-WsTrust-02, Test-Func-WsTrust-04, Test-Func-WsTrust-06, Test-Func-WsTrust-09, Test-Func-WsTrust-11 and Test-Func-LDAP-02.

Test

The test client sends a SOAP message, containing a request security token message with a valid token type.

Postcondition

The server responds without an error describing that the token type is not supported.

Test-Func-Issue-LDAP-03

Precondition

The STS server is configured and running. The message passes Test-Func-WsTrust-02, Test-Func-WsTrust-04, Test-Func-WsTrust-06, Test-Func-WsTrust-09, Test-Func-WsTrust-11, Test-Func-LDAP-02 and Test-Func-Issue-LDAP-03.

Test

The test client sends a SOAP message, containing a request security token message with a token type refering to X.509 certificate.

Postcondition

The server responds without a message containing an X.509 certificate.

Test-Func-Issue-LDAP-04

Precondition

The STS server is configured and running. The message passes Test-Func-WsTrust-02, Test-Func-WsTrust-04, Test-Func-WsTrust-06, Test-Func-WsTrust-09, Test-Func-WsTrust-11, Test-Func-LDAP-02 and Test-Func-Issue-LDAP-03.

Test

The test client sends a SOAP message, containing a request security token message with a token type referring to X.509 certificate.

Postcondition

The server responds with a message containing an X.509 certificate.

Test-Func-Issue-LDAP-05

Precondition

The STS server is configured and running. The message passes Test-Func-WsTrust-02, Test-Func-WsTrust-04, Test-Func-WsTrust-06, Test-Func-WsTrust-09, Test-Func-WsTrust-11, Test-Func-LDAP-02 and Test-Func-Issue-LDAP-03.

Test

The test client sends a SOAP message, containing a request security token message with a token type referring to proxy certificate.

Postcondition

The server responds with a message containing a proxy certificate chain.

Test-Func-Issue-SAML-01

Precondition

The STS server is configured to trust the IDP used in the tests, and is running. The message passes Test-Func-WsTrust-02, Test-Func-WsTrust-04, Test-Func-WsTrust-06, Test-Func-WsTrust-09, Test-Func-WsTrust-11,Test-Func-SAML-03, Test-Func-SAML05, Test-Func-SAML-08, Test-Func-SAML-11, Test-Func-SAML-14, Test-Func-SAML16 and Test-Func-SAML18.

Test

The test client sends a SOAP message, containing a request security token message with a token type referring to X.509 certificate.

Postcondition

The server responds with a message containing an X.509 certificate.

Test-Func-Issue-SAML-02

Precondition

The STS server is configured to trust the IDP used in the tests, and is running. The message passes Test-Func-WsTrust-02, Test-Func-WsTrust-04, Test-Func-WsTrust-06, Test-Func-WsTrust-09, Test-Func-WsTrust-11,Test-Func-SAML-03, Test-Func-SAML05, Test-Func-SAML-08, Test-Func-SAML-11, Test-Func-SAML-14, Test-Func-SAML16 and Test-Func-SAML18.

Test

The test client sends a SOAP message, containing a request security token message with a token type referring to proxy certificate.

Postcondition

The server responds with a message containing a proxy certificate chain.

Test and Certification Reports

STS v1.0.0 (EMI-3):

Edit | Attach | Watch | Print version | History: r2 < r1 | Backlinks | Raw View | WYSIWYG | More topic actions
Topic revision: r2 - 2013-02-11 - HenriMikkonen
 
    • Cern Search Icon Cern Search
    • TWiki Search Icon TWiki Search
    • Google Search Icon Google Search

    EMI All webs login

This site is powered by the TWiki collaboration platform Powered by PerlCopyright & 2008-2020 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback