From Fedora Project Wiki

Fedora Test Days
Ipsilon

Date 2015-03-12
Time all day

Website Fedora Calendar
IRC #fedora-test-day (webirc)
Mailing list test


Can't make the date?
If you come to this page before or after the test day is completed, your testing is still valuable, and you can use the information on this page to test, file any bugs you find at Bugzilla, and add your results to the results section. If this page is more than a month old when you arrive here, please check the current schedule and see if a similar but more recent Test Day is planned or has already happened.

What to test?[edit]

Today's installment of Fedora Test Day will focus on Ipsilon. Ipsilon is a server and a toolkit to configure Apache-based Service Providers. The server is a plugable self-contained mod_wsgi application that provides federated SSO to web applications. User authentication is always performed against a separate Identity Management system (for example a FreeIPA server), and communication with applications is done using a federation protocol like SAML, OpenID, etc..

Who's available[edit]

The following cast of characters will be available testing, workarounds, bug fixes, and general discussion ...

Prerequisite for Test Day[edit]

At least three virtual (or physical) machines will be required to test.

Recommendation is 1GB RAM and 4GB free disk post-install per-VM (a 10GB disk for the IDP/IPA and an 8 GB disk for each of the SP is fine).

Working DNS is required. It can be configured during the test.

You'll also need Fedora 22 Alpha.

How to test?[edit]

Ipsilon has a number of different components. Multiple virtual machines (or physical machines if you'd prefer) will be necessary to test.

Testing will involve:

  • Installing an identity source (IPA)
  • Installing an Identity Provider (IDP)
  • Installing one or more Service Providers (SP)
  • Testing login and logout between those service providers using a browser.

In an effort to reduce the number of VM's required IPA and the IDP will be installed on the same server.

Each SP will be enrolled as an IPA client.

See below for specific details.

Update your machine[edit]

If you're running Fedora 22, make sure you have all the current updates for it installed, using the update manager.

Configure the COPR repo[edit]

A few last-minute changes were made to the packages for the Test Day. Run:

# dnf copr enable rcritten/ipsilon

to enable the repository containing the needed packages before you begin testing.

Permissive SELinux[edit]

There are some known issues with SELinux at the moment. Please put each VM into permissive mode before proceeding with testing:

# setenforce permissive

At the completion of testing it would be great to get the output of:

# ausearch -m AVC -ts recent

for each VM.

Test Cases[edit]

Install/Setup Tests (initially SAML):

  1. Install IPA server
  2. Install IDP
  3. Install first SP
  4. Install an SP on another VM using the same instructions as above

SAML SP testing:

Info plugin testing:

Attribute mapping and filtering:

Test Results[edit]

If you have problems with any of the tests, report a bug to Bugzilla usually for the component ipsilon. If you are unsure about exactly how to file the report or what other information to include, just ask on IRC and we will help you. Once you have completed the tests, add your results to the Results table below, following the example results from the first line as a template. The first column should be your name with a link to your User page in the Wiki if you have one. For each test case, use the result template to enter your result, as shown in the example result line.

If you get an Internal Server error on an SP then include in the bug report any errors you might find in /var/log/httpd/ssl_error_log.

If you get an Internal Server error on the IDP then include in the bug report any errors you might find in /var/log/httpd/error_log.

Please include as much detail as you can on the steps taken to cause any exceptions.

User Install IPA Install IDP Install SPs Login/out to SP Info Plugins Attribute Mapping and Filtering References
Sample User
none
none
none
Pass pass
Warning warn
[1]
Fail fail
[2]
  1. Test pass, but also encountered RHBZ #54321
  2. RHBZ #12345
mrniranjan
Pass pass
Pass pass
Pass pass
Warning warn
[1]
Pass pass
Pass pass
  1. Logins pass but after logout and login back auth form doesn't come up instead it shows authenticated!
simo
Pass pass
Pass pass
Pass pass
Warning warn
[1][2][3]
Pass pass
Pass pass
  1. kdestory to test password based re-login
  2. sometimes password-based re-login leaves me stranded in the Idp and does not redirect back - https://fedorahosted.org/ipsilon/ticket/74
  3. Clicking on LogOut in the SP when user is already logged out in the Idp, gives a 400 - Bad Request in the Idp
spoore
Pass pass
Pass pass
Pass pass
Warning warn
[1]
Pass pass
Pass pass
  1. same results as simo above
nkinder
Pass pass
Pass pass
Pass pass
Warning warn
[1][2]
Pass pass
Pass pass
  1. IdP initiated logout does not trigger SLO - https://fedorahosted.org/ipsilon/ticket/87
  2. SP logout without an active session results in a 400 page - https://fedorahosted.org/ipsilon/ticket/88 (also encountered by simo and spoore above)
Roshi
Pass pass
Pass pass
Pass pass
none
none
none