|Fedora Test Days|
What to test?
Today's installment of Fedora Test Day will focus on Ipsilon. Ipsilon is a server and a toolkit to configure Apache-based Service Providers. The server is a plugable self-contained mod_wsgi application that provides federated SSO to web applications. User authentication is always performed against a separate Identity Management system (for example a FreeIPA server), and communication with applications is done using a federation protocol like SAML, OpenID, etc..
The following cast of characters will be available testing, workarounds, bug fixes, and general discussion ...
- Development - Rob Crittenden (rcrit), Patrick Uiterwijk (puiterwijk), Simo Sorces (simo), Nathan Kinder (nkinder)
- QA - Mike Ruckman (roshi)
Prerequisite for Test Day
At least three virtual (or physical) machines will be required to test.
Recommendation is 1GB RAM and 4GB free disk post-install per-VM (a 10GB disk for the IDP/IPA and an 8 GB disk for each of the SP is fine).
Working DNS is required. It can be configured during the test.
You'll also need Fedora 22 Alpha.
How to test?
Ipsilon has a number of different components. Multiple virtual machines (or physical machines if you'd prefer) will be necessary to test.
Testing will involve:
- Installing an identity source (IPA)
- Installing an Identity Provider (IDP)
- Installing one or more Service Providers (SP)
- Testing login and logout between those service providers using a browser.
In an effort to reduce the number of VM's required IPA and the IDP will be installed on the same server.
Each SP will be enrolled as an IPA client.
See below for specific details.
Update your machine
If you're running Fedora 22, make sure you have all the current updates for it installed, using the update manager.
Configure the COPR repo
A few last-minute changes were made to the packages for the Test Day. Run:
# dnf copr enable rcritten/ipsilon
to enable the repository containing the needed packages before you begin testing.
There are some known issues with SELinux at the moment. Please put each VM into permissive mode before proceeding with testing:
# setenforce permissive
At the completion of testing it would be great to get the output of:
# ausearch -m AVC -ts recent
for each VM.
Install/Setup Tests (initially SAML):
- Install IPA server
- Install IDP
- Install first SP
- Install an SP on another VM using the same instructions as above
SAML SP testing:
Info plugin testing:
Attribute mapping and filtering:
Construct a table or list to allow testers to post results. Each column should be a test case or configuration, and each row should consist of test results.
If you have problems with any of the tests, report a bug to Bugzilla usually for the component ipsilon If you are unsure about exactly how to file the report or what other information to include, just ask on IRC and we will help you. Once you have completed the tests, add your results to the Results table below, following the example results from the first line as a template. The first column should be your name with a link to your User page in the Wiki if you have one. For each test case, use the result template to enter your result, as shown in the example result line.
If you get an Internal Server error on an SP then in the bugzilla include any errors you might find in /var/log/httpd/ssl_error_log
If you get an Internal Server error on the IDP then the bugzilla include any errors you might find in /var/log/httpd/error_log
Please include as much detail as you can on the steps taken to cause any exceptions.
|User||Install IPA||Install IDP||Install SPs||Login/out to SP||Attribute retrieve||Attributer map||References|