(Created page with "{{Infobox_group | name = Fedora Test Days | image = link=QA/Fedora_19_test_days | caption = Ipsilon | date = 2015-03-12 | time = all day | w...") |
(Drop direct Test Days category membership) |
||
(46 intermediate revisions by 14 users not shown) | |||
Line 14: | Line 14: | ||
== What to test? == | == What to test? == | ||
Today's installment of Fedora Test Day will focus on '''Ipsilon'''. Ipsilon is a server and a toolkit to configure Apache-based Service Providers. The server is a plugable self-contained mod_wsgi application that provides federated SSO to web applications. User authentication is always performed against a separate Identity Management system (for example a FreeIPA server), and communication with | Today's installment of Fedora Test Day will focus on '''Ipsilon'''. Ipsilon is a server and a toolkit to configure Apache-based Service Providers. The server is a plugable self-contained mod_wsgi application that provides federated SSO to web applications. User authentication is always performed against a separate Identity Management system (for example a FreeIPA server), and communication with applications is done using a federation protocol like SAML, OpenID, etc.. | ||
== Who's available == | == Who's available == | ||
The following cast of characters will be available testing, workarounds, bug fixes, and general discussion ... | The following cast of characters will be available testing, workarounds, bug fixes, and general discussion ... | ||
* Development - [[rcritten | * Development - [[User:rcritten|Rob Crittenden]] (rcrit), [[User:puiterwijk|Patrick Uiterwijk]] (puiterwijk), [[User:simo|Simo Sorce]] (simo), [[User:nkinder|Nathan Kinder]] (nkinder) | ||
* QA - [[User:Roshi | Mike Ruckman]] (roshi) | |||
== Prerequisite for Test Day == | == Prerequisite for Test Day == | ||
At least three virtual (or physical) machines will be required to test. | |||
Recommendation is 1GB RAM and 4GB free disk post-install per-VM (a 10GB disk for the IDP/IPA and an 8 GB disk for each of the SP is fine). | |||
Working DNS is required. It can be configured during the test. | |||
You'll also need [https://getfedora.org/en/server/prerelease/ Fedora 22 Alpha]. | |||
== How to test? == | == How to test? == | ||
Ipsilon has a number of different components. Multiple virtual machines (or physical machines if you'd prefer) will be necessary to test. | |||
* | Testing will involve: | ||
* | * Installing an identity source (IPA) | ||
* | * Installing an Identity Provider (IDP) | ||
* Installing one or more Service Providers (SP) | |||
* Testing login and logout between those service providers using a browser. | |||
In an effort to reduce the number of VM's required IPA and the IDP will be installed on the same server. | |||
Each SP will be enrolled as an IPA client. | |||
See below for specific details. | |||
=== '''Update your machine''' === | === '''Update your machine''' === | ||
If you're running Fedora | If you're running Fedora 22, make sure you have all the current updates for it installed, using the update manager. | ||
=== '''Configure the COPR repo''' === | |||
A few last-minute changes were made to the packages for the Test Day. Run: | |||
# dnf copr enable rcritten/ipsilon | |||
to enable the repository containing the needed packages before you begin testing. | |||
=== '''Permissive SELinux''' === | |||
There are some known issues with SELinux at the moment. Please put each VM into permissive mode before proceeding with testing: | |||
# setenforce permissive | |||
At the completion of testing it would be great to get the output of: | |||
# ausearch -m AVC -ts recent | |||
for each VM. | |||
== Test Cases == | == Test Cases == | ||
Install/Setup Tests (initially SAML): | |||
# [[QA:Testcase_ipsilonv1_ipa_install|Install IPA server]] | |||
# [[QA:Testcase_ipsilonv1_ipa_idp_install|Install IDP]] | |||
# [[QA:Testcase_ipsilonv1_sp1_install|Install first SP]] | |||
# Install an SP on another VM using the same instructions as above | |||
SAML SP testing: | |||
* [[QA:Testcase_ipsilonv1_ipa_login|Test login/logout to SP]] | |||
Info plugin testing: | |||
* [[QA:Testcase_ipsilonv1_sssd_info|Test retrieving additional attributes]] | |||
Attribute mapping and filtering: | |||
* [[QA:Testcase_ipsilonv1_attr_map_filter|Map and filter attributes]] | |||
== Test Results == | == Test Results == | ||
If you have problems with any of the tests, report a bug to [https://bugzilla.redhat.com Bugzilla] usually for the component [https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora&version=22&component=ipsilon ipsilon]. If you are unsure about exactly how to file the report or what other information to include, just ask on IRC and we will help you. Once you have completed the tests, add your results to the Results table below, following the example results from the first line as a template. The first column should be your name with a link to your User page in the Wiki if you have one. For each test case, use the [[Template:result|result template]] to enter your result, as shown in the example result line. | |||
If you | If you get an Internal Server error on an SP then include in the bug report any errors you might find in {{filename|/var/log/httpd/ssl_error_log}}. | ||
If you get an Internal Server error on the IDP then include in the bug report any errors you might find in {{filename|/var/log/httpd/error_log}}. | |||
Please include as much detail as you can on the steps taken to cause any exceptions. | |||
{| | {| | ||
! User | ! User | ||
! [[QA: | ! [[QA:Testcase_ipsilonv1_ipa_install|Install IPA]] | ||
! [[QA: | ! [[QA:Testcase_ipsilonv1_ipa_idp_install|Install IDP]] | ||
! [[QA: | ! [[QA:Testcase_ipsilonv1_sp1_install|Install SPs]] | ||
! [[QA: | ! [[QA:Testcase_ipsilonv1_ipa_login|Login/out to SP]] | ||
! [[QA:Testcase_ipsilonv1_sssd_info|Info Plugins]] | |||
! [[QA:Testcase_ipsilonv1_attr_map_filter|Attribute Mapping and Filtering]] | |||
! References | ! References | ||
|- | |- | ||
| [[User:SampleUser|Sample User]] | | [[User:SampleUser|Sample User]] | ||
| {{result|none}} | | {{result|none}} | ||
| {{result|none}} | |||
| {{result|none}} | |||
| {{result|pass}} | | {{result|pass}} | ||
| {{result|warn}} <ref>Test pass, but also encountered {{bz|54321}}</ref> | | {{result|warn}} <ref>Test pass, but also encountered {{bz|54321}}</ref> | ||
Line 77: | Line 122: | ||
| <references/> | | <references/> | ||
|- | |- | ||
|} | |- | ||
| [[User:mrniranjan|mrniranjan]] | |||
| {{result|pass}} | |||
| {{result|pass}} | |||
| {{result|pass}} | |||
| {{result|warn}} <ref>Logins pass but after logout and login back auth form doesn't come up instead it shows authenticated!</ref> | |||
| {{result|pass}} | |||
| {{result|pass}} | |||
| <references/> | |||
|- | |||
|- | |||
| [[User:simo|simo]] | |||
| {{result|pass}} | |||
| {{result|pass}} | |||
| {{result|pass}} | |||
| {{result|warn}} <ref>kdestory to test password based re-login</ref><ref>sometimes password-based re-login leaves me stranded in the Idp and does not redirect back - https://fedorahosted.org/ipsilon/ticket/74</ref><ref> Clicking on LogOut in the SP when user is already logged out in the Idp, gives a 400 - Bad Request in the Idp</ref> | |||
| {{result|pass}} | |||
| {{result|pass}} | |||
| <references/> | |||
|- | |||
|- | |||
| [[User:spoore|spoore]] | |||
| {{result|pass}} | |||
| {{result|pass}} | |||
| {{result|pass}} | |||
| {{result|warn}} <ref>same results as simo above</ref> | |||
| {{result|pass}} | |||
| {{result|pass}} | |||
| <references/> | |||
|- | |||
|- | |||
| [[User:nkinder|nkinder]] | |||
| {{result|pass}} | |||
| {{result|pass}} | |||
| {{result|pass}} | |||
| {{result|warn}} <ref>IdP initiated logout does not trigger SLO - https://fedorahosted.org/ipsilon/ticket/87</ref><ref>SP logout without an active session results in a 400 page - https://fedorahosted.org/ipsilon/ticket/88 (also encountered by simo and spoore above)</ref> | |||
| {{result|pass}} | |||
| {{result|pass}} | |||
| <references/> | |||
|- | |||
| [[User:Roshi|Roshi]] | |||
| {{result|pass}} | |||
| {{result|pass}} | |||
| {{result|pass}} | |||
| {{result|none}} | |||
| {{result|none}} | |||
| {{result|none}} | |||
| <references/> | |||
|- | |||
|-|} | |||
[[Category: | [[Category:Fedora 22 Test Days]] |
Latest revision as of 19:37, 26 June 2015
Fedora Test Days | |
---|---|
Ipsilon | |
Date | 2015-03-12 |
Time | all day |
Website | Fedora Calendar |
IRC | #fedora-test-day (webirc) |
Mailing list | test |
What to test?[edit]
Today's installment of Fedora Test Day will focus on Ipsilon. Ipsilon is a server and a toolkit to configure Apache-based Service Providers. The server is a plugable self-contained mod_wsgi application that provides federated SSO to web applications. User authentication is always performed against a separate Identity Management system (for example a FreeIPA server), and communication with applications is done using a federation protocol like SAML, OpenID, etc..
Who's available[edit]
The following cast of characters will be available testing, workarounds, bug fixes, and general discussion ...
- Development - Rob Crittenden (rcrit), Patrick Uiterwijk (puiterwijk), Simo Sorce (simo), Nathan Kinder (nkinder)
- QA - Mike Ruckman (roshi)
Prerequisite for Test Day[edit]
At least three virtual (or physical) machines will be required to test.
Recommendation is 1GB RAM and 4GB free disk post-install per-VM (a 10GB disk for the IDP/IPA and an 8 GB disk for each of the SP is fine).
Working DNS is required. It can be configured during the test.
You'll also need Fedora 22 Alpha.
How to test?[edit]
Ipsilon has a number of different components. Multiple virtual machines (or physical machines if you'd prefer) will be necessary to test.
Testing will involve:
- Installing an identity source (IPA)
- Installing an Identity Provider (IDP)
- Installing one or more Service Providers (SP)
- Testing login and logout between those service providers using a browser.
In an effort to reduce the number of VM's required IPA and the IDP will be installed on the same server.
Each SP will be enrolled as an IPA client.
See below for specific details.
Update your machine[edit]
If you're running Fedora 22, make sure you have all the current updates for it installed, using the update manager.
Configure the COPR repo[edit]
A few last-minute changes were made to the packages for the Test Day. Run:
# dnf copr enable rcritten/ipsilon
to enable the repository containing the needed packages before you begin testing.
Permissive SELinux[edit]
There are some known issues with SELinux at the moment. Please put each VM into permissive mode before proceeding with testing:
# setenforce permissive
At the completion of testing it would be great to get the output of:
# ausearch -m AVC -ts recent
for each VM.
Test Cases[edit]
Install/Setup Tests (initially SAML):
- Install IPA server
- Install IDP
- Install first SP
- Install an SP on another VM using the same instructions as above
SAML SP testing:
Info plugin testing:
Attribute mapping and filtering:
Test Results[edit]
If you have problems with any of the tests, report a bug to Bugzilla usually for the component ipsilon. If you are unsure about exactly how to file the report or what other information to include, just ask on IRC and we will help you. Once you have completed the tests, add your results to the Results table below, following the example results from the first line as a template. The first column should be your name with a link to your User page in the Wiki if you have one. For each test case, use the result template to enter your result, as shown in the example result line.
If you get an Internal Server error on an SP then include in the bug report any errors you might find in /var/log/httpd/ssl_error_log
.
If you get an Internal Server error on the IDP then include in the bug report any errors you might find in /var/log/httpd/error_log
.
Please include as much detail as you can on the steps taken to cause any exceptions.
User | Install IPA | Install IDP | Install SPs | Login/out to SP | Info Plugins | Attribute Mapping and Filtering | References |
---|---|---|---|---|---|---|---|
Sample User | |||||||
mrniranjan |
| ||||||
simo |
| ||||||
spoore |
| ||||||
nkinder |
| ||||||
Roshi |