Skip to content
CA Single Sign-On - 12.52 SP1
Documentation powered by DocOps

Start and Configure the Test Tool

Last update March 3, 2017

Before running tests with the Test Tool, start the tool and configure the settings and operation of the tool.

Start the Test Tool on Windows

Start the Test Tool using Use one of the following methods:

  • Select the Test Tool icon from the CA Single Sign-On program group.
  • In a Command Window, navigate to policy_server_home\bin and enter the following command:

     smtest

Important! If you are accessing the Test Tool on Windows Server, open the shortcut with Administrator permissions, even if you are logged in to the system as an Administrator.

Use the Test Tool in FIPS-only Environments

Policy Servers that are configured in FIPS-migration or FIPS-only modes encrypt sensitive data using Advanced Encryption Standard (AES) algorithms. When running Interactive tests, the Test Tool uses FIPS-compliant algorithms as required to communicate with FIPS-only mode Policy Servers. By default, the Test Tool does not use FIPS-compliant algorithms to encrypt sensitive data when creating a Command Script file in Record mode. A command script that contains data encrypted with a non-FIPS algorithm cannot be played back to test a FIPS-only mode Policy Server.

To record and play back tests against a FIPS-migration or FIPS-only mode Policy Server, do one of the following procedures:

  • Start the Test Tool in a specific FIPS mode
  • Define the default FIPS Mode

For either method, the following FIPS mode options are available:

  • COMPAT (default)
    Configures the Test Tool to:
    • Encrypt sensitive data using a non-FIPS algorithm when recording a Command Script file.
    • Decrypt sensitive data that is written to a Command Script file using non-FIPS or FIPS algorithms when playing back a test.
  • MIGRATE
    Configures the Test Tool to:
    • Encrypt sensitive data using a FIPS algorithm when recording a Command Script file.
      Decrypt sensitive data written to a Command Script file using non-FIPS or FIPS algorithms when playing back a test.
  • ONLY
    Configures the Test Tool to:
    • Encrypt sensitive data using a FIPS algorithm when recording a Command Script file.
    • Decrypt sensitive data written to a Command Script file using only FIPS algorithms when playing back a test in Basic Playback or Advanced Playback mode.
     

Note: If the Test Tool is not started using the command-line option, it uses the FIPS mode that is defined in the CA_SM_PS_FIPS140 environment variable. If CA_SM_PS_FIPS140 is not set, the Test Tool defaults to FIPS-compatibility mode.

Start the Test Tool in a Specific FIPS Mode

To open the Test Tool in a specific FIPS mode to record or playback, start the Test Tool using the -cf command line option.

Follow these steps:

  1. Open a Command Window and navigate to policy_server_home\bin.
  2. Enter the following command:

    smtest -cf FIPSmode [command_script]

    FIPSmode
    Specifies the FIPS mode (to match the FIPS mode of the Policy Server). The value of FIPSmode is not case-sensitive. The modes are:

    • COMPAT (default)
    • MIGRATE
    • ONLY
     
  • command_script
    (Optional) specifies the path name of a Command Script file to playback.

Define the Default FIPS Mode

Configure the default FIPS mode for the Test Tool (and other local components) by defining the CA_SM_PS_FIPS140 environment variable.

Note: If the Test Tool is started using the -cf command-line option, the CA_SM_PS_FIPS140 environment variable is ignored.

Follow these steps:

  1. Log in to the Administrative UI host system as an administrative user.
  2. Set the following environment variable:
    CA_SM_PS_FIPS140=FIPSmode
    FIPSmode

    Specifies one of the following FIPS modes (to match the FIPS mode of the Policy Server):
    • COMPAT (Default)
    • MIGRATE
    • ONLY
    For more information about setting environment variables, see your OS–specific documentation.
  3. Verify that the Windows shell that runs the Administrative UI correctly recognizes the CA_SM_PS_FIPS140 variable.

Specify the Agent Type

Configure the Agent that the Test Tool simulates during a test. The Agent Type indicates the connection method between the Agent and the Policy Server.

Configure the Agent in the Administrative UI before specifying it in the Test Tool.

In the Agent section of the tool, specify the following information to configure an Agent:

  • Agent Type
    Select the version of the Agent you want the tool to simulate. The Agent version determines the connection type.
    Version 4 – Simulates 4.x Agents. The 4.x Agent type uses a shared secret for the connection method.
    Version 5 – Simulates 5.x Agents. The 5.x Agent uses an SmHost.conf file, with an encryption key in the file.
    To enable the 5.x Agent to connect to the Policy Server, run the smreghost registration tool. Running the smreghost registration tool generates an SmHost.conf file, which the SSO Web Agent uses to make the 5.x connection to the Policy Server. The SmHost.conf points to the bootstrap Policy Server, which loads the host configuration object (HCO). The HCO contains the IP addresses of the Policy Servers used for authentication and authorization. New connections are made to these Policy Servers after the HCO is loaded from the bootstrap server. The smreghost tool is installed with the Web Agent, in agent_home/bin. The file is also located in the directory policy_server_install_dir/siteminder/bin.

    If you receive an error that the host configuration information cannot be obtained from the SmHost.conf file, check the permissions on the file. Also, check that the IP address you specified for the bootstrap Policy Server is correct.
    RADIUS – Simulates RADIUS devices. The RADIUS agent uses a shared secret.
  • Agent Name
    Enter the name of the Agent as it appears in the Administrative UI. This field is required for both Version 4 and Version 5 Agents.
  • Secret (4.x and RADIUS Agents)
    Enter the Agent shared secret. This must match the shared secret specified when you created the Agent. A secret is required for Version 4 and RADIUS Agents.
  • (Optional—4.x and RADIUS Agents) Server
    Enter the full name of the server on which the Agent resides. For example, to test the Policy Server for http://www.myorg.org, enter www.myorg.org in this field.
  • SmHost.conf Path (5.x Agents)
    Enter the path to the SmHost.conf file that contains the settings for the 5.x Agent connection type you want to simulate. The SmHost.conf file must be on the machine where you plan to run the Test Tool. This file contains the IP address of the bootstrap Policy Server and other client side information. Use the Browse button to search for the file.

Identify the Policy Server

The test tool requires information about the Policy Server that will be used when simulating the interaction with the Agent described in the Agent group box. The required information differs slightly depending on the type of Agent you selected.

Set Up the Policy Server for Version 4 and RADIUS Agent Simulations

For Version 4 Agents and RADIUS Agent simulations, you must specify the IP address and port information of the Policy Server(s) used in the test. If you want to simulate a multiple Policy Server environment, you can specify how those Policy Servers operate.

To set up Policy Server(s) for Version 4 Agent and RADIUS Agent simulations

  1. Specify the following Policy Server options, as necessary:
    • Policy Server
      Indicates whether you are specifying the primary or secondary Policy Server.
    • IP Address
      Specifies the IP address of the Policy Server. By default, this field contains the IP address of the local system.
    • Authorization, Authentication, and Accounting Ports
      Specifies the TCP ports used for authorization, authentication, and accounting requests. These fields are populated with the Policy Server’s default port numbers.
    • Timeout
      Displays the time (in seconds) that the Test Tool should wait for a response from the Policy Server.
  2. Select one of the following operation modes:
    • Failover
      Enables failover. During failover, the Test Tool directs requests to the initial Policy Server. If the initial Policy Server fails, the Test Tool redirects requests to the secondary Policy Server.
    • Round Robin
      Enables round robin load balancing. Round robin load balancing divides requests between the primary and secondary Policy Servers. For each connection, the Test Tool alternates between Policy Servers.
  3. Click Connect to make sure that the Test Tool can connect to the Policy Server.
    If the Test Tool makes a connection, the IsProtected and DoManagement stop lights turn green.
Note: You must specify an Agent before testing the Policy Server connection.

Policy Server Information for Version 5 Agents

For Version 5 Agents simulations, use the Policy Server information contained in the Host Configuration Object. By default, the Policy Server information is retrieved from the policy store when the Test Tool uses the SmHost.conf file to establish an initial connection to the Policy Server.

Select a Test Mode

Use one of the test modes in the following list to determine how tests are run and results are displayed. Depending on the test mode that you select, you may also have to specify script information.

  • Interactive
    Allows you to enter data, run tests, and see the results displayed immediately in the Server Response section.
  • Record
    Combines Interactive operation with a script generation feature that writes test results to a plain-text command script file.
  • Basic Playback
    Uses Command Script files created in the Record mode to automate sequential tests. Ideal for regression testing.
  • Advanced Playback
    Uses a manually configured Thread Control File to automate complex tests. Ideal for stress testing.

Specify Resource Information

You can specify the resource against which you want to conduct tests. Providing a resource simulates a user entering a URL in a browser.

To specify resource information, provide values for the following options

  • Resource
    Enter the relative path of the resource that CA Single Sign-On is protecting as it is configured in the realm. The path is relative to the Web server’s publishing directory. For example, /protected/.
  • Action
    Enter the Agent action, Authentication event, or Authorization event specified in the rule that you are testing.

You can configure the Agent that the Test Tool simulates during a test in the Agent group box.

Specify User Credentials

The Test Tool requires user credentials to test whether or not a policy can authenticate or authorize a user.

To specify user credentials, complete the following fields:

  • User Name
    Enter the user name you want to use to access the resource.
  • Password
    Enter the password for the user entered in User Name.
  • CHAP Password
    If you are using a RADIUS CHAP authentication scheme, select this check box.
  • Certificate File
    If the protected resource requires certificates to authenticate users, you must provide a certificate file so that the Test Tool can simulate certificate authentication.

You can configure the Agent that the Test Tool simulates during a test in the Agent group box.

Set the Encoding Spec

The encoding spec field allows you to specify a language encoding parameter. The Test Tool uses this parameter to encode headers in the same manner as a Web Agent. It then displays the encoded response attribute data in the Attributes field.

To set the encoding spec, enter a value for the encoding spec as follows:

encoding_spec, wrapping_spec

  • encoding_spec is a text string that represents one of the following encoding types: UTF-8, Shift-JIS, EUC-J, or ISO-2022 JP
  • wrapping_spec is the wrapping specification, which must be RFC-2047.
Note: If you leave this field blank, the default is UTF-8 with no wrapping.

You can configure the Agent that the Test Tool simulates during a test in the Agent group box.

Save and Load Test Configurations in a Test Tool Settings File

To avoid reentering user-supplied information, such as Agent, resource, and user information, you can save these values into a Test Tool Settings file. You can then reload those values at any time.

To save the current values that are specified in the Test Tool:

  1. Click the Save Settings button.
  2. Enter a location and name for the Test Tool Settings in the Save As dialog and click Save.
    The file is saved with a .ini file extension.

To retrieve the saved values from the Test Tool Settings file:

  1. Click the Load Settings button.
  2. Enter the location and name of the Test Tool Settings File in the Open dialog and click Open.
Note:You can also load the Test Tool Settings file from a Command Script.

(Optional) Regulate Test Tool Connections to the Policy Server

Edit the Test Tool Settings (.ini) file and add the following parameters to regulate how the Test Tool connects to the Policy Server:

  • MaxConnections
    Specifies the maximum number of connections that the Test Tool establishes to the Policy Server.
  • MinConnections
    Specifies the minimum number of connections that the Test Tool establishes to the Policy Server.
  • ConnectionsStep
    Specifies how many new sockets the Test Tool can be opened at a time if a new connection needs to be made (up to the value specified in MaxConnections:).

Follow these steps:

  1. Check the value of the "SM Agent or Radius:" parameter in the Command Script file and do one of the following steps:
    • If the "SM Agent or Radius" value is set to SM Agent v4, proceed to Step 3.
    • If the "SM Agent or Radius" value is set to SM Agent v5, add an “Override Bootstrap:” parameter with a value of 1 to the Command Script file.
  2. Verify that the value of the "Agent Name" parameter in the Command Script file is the same as the "Agent name" parameter in the Test Tool Settings file. If not, the new parameters are ignored and the following default values used: MaxConnections=20, ConnectionStep=2.
  3. Open the Test Tool Settings file in a text editor.
  4. Add required parameters, one per line, using the same format as the other parameters in the file. That it, enter the parameter value starting at column 24 of the line.
  5. Save and close the Test Tool Settings file.
Was this helpful?

Please log in to post comments.