source: TI12-security/trunk/python/ndg.security.test/ndg/security/test/sessionMgr/README @ 3199

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI12-security/trunk/python/ndg.security.test/ndg/security/test/sessionMgr/README@4081
Revision 3199, 3.6 KB checked in by pjkersha, 12 years ago (diff)

Fixes to unit tests ready for OMII-UK first software drop.

security/python/ndg.security.server/ndg/security/server/conf/attAuthorityProperties.xml,
security/python/ndg.security.server/ndg/security/server/conf/sessionMgrProperties.xml: include comment about addition of CA certs from other trusted NDG sites.

security/python/ndg.security.test/ndg/security/test/attCert/attCertTest.cfg: fix file paths - ref by $NDGSEC_ATTCERT_UNITTEST_DIR env var

security/python/ndg.security.test/ndg/security/test/attCert/AttCertTest.py: some file paths not having $NDGSEC_ATTCERT_UNITTEST_DIR expanded correctly

security/python/ndg.security.test/ndg/security/test/sessionMgr/README,
security/python/ndg.security.test/ndg/security/test/sessionMgrClient/README: fix instructions for including CA cert from MyProxy? CA.

security/python/ndg.security.test/ndg/security/test/sessionMgrClient/SessionMgrClientTest.py:

  • fix for some file paths - env var not expanded
  • fix test1Connect writing of user.creds - ensure new lines between concatenated certs. and private key content

security/python/ndg.security.test/ndg/security/test/sessionMgrClient/sessionMgrProperties.xml: add instructions for adding MyProxy? CA cert into caCertFileList elem.

security/python/ndg.security.test/ndg/security/test/XMLSecDoc/README: missed out before

security/python/ndg.security.test/setup.py: fixes for missing package data for various tests.

Line 
1Unit tests for NDG Security Session Manager Module
2==================================================
3These tests need some careful attention to their configuration in order to
4correctly set up.  MyProxy and test Attribute Authorities services must be
5configured and started.
6
7MyProxy is installed as part of the NDG Security installation.  See the
8installation guide for details:
9
10http://proj.badc.rl.ac.uk/ndg/browser/TI12-security/trunk/documentation/InstallationGuide/pdf/NDGSecurityInstallationGuide.pdf?format=raw
11
121) Ensure MyProxy is running on it's host machine.  Depending on how you have
13configured it it may be running as SysV init script or with xinetd or inetd.
14Check with the Installation guide.  To start myproxy-server manually as root
15run,
16
17$ myproxy-server
18
192) Edit sessionMgrProperties.xml in this directory and set the hostname element
20to the fully qualified domain name (FQDN) of the MyProxy host OR alternatively
21set the environment variable MYPROXY_SERVER to the FQDN e.g.
22
23export MYPROXY_SERVER=myproxyhost.somewhere.uk
24
253) Edit sessionMgrTest.cfg and set the username for the MyProxy account you
26wish to test: NDG Security uses MyProxy with a PAM plugin to enable
27authentication against an external source such as a user database or a UNIX
28system account.  The passphrase field can also be filled, or alternatively if
29omitted from the file or commented out it will be prompted for from the
30command line.  Both test1Connect and test3ConnectNoCreateServerSess fields
31should be set.
32 
333) Two test Attribute Authority services are required.  These can be run from
34the Attribute Authority unit test directory.  It's path relative to this
35directory is ../attAuthority. 
36
37The Attribute Authorities accept requests from this Session Manager
38authenticated based on the MyProxy user credentials used in the unit test
39test1Connect.  In order to accept these, the Attribute Authorities must be
40configured to trust the MyProxy CA.  This can be done by including the MyProxy
41CA certificate in the list of trusted CA files in the respective Attribute
42Authority configuration files:
43 i) Copy the CA certificate from your MyProxy host computer to the ca/ sub-
44 directory under THIS directory.
45 
46 The file will be located on the MyProxy server as e.g.
47 
48 /etc/grid-security/certificates/abcdef01.0
49 
50 The exact name of the CA certificate file will be unique to your installation.
51 In the above, it is "abcdef01.0".   
52 
53 i) edit 'caCertFileList' element in
54 ../attAuthority/siteAAttAuthorityProperties.xml and add a new entry for the
55 MyProxy CA:
56
57 -8<---------------------------------------------------------------------------
58    <caCertFileList>
59        <caCertFile>$NDGSEC_AACLNT_UNITTEST_DIR/ca/ndg-test-ca.crt</caCertFile>
60-->     <caCertFile>$NDGSEC_AACLNT_UNITTEST_DIR/ca/abcdef01.0</caCertFile>
61    </caCertFileList>
62 -8<---------------------------------------------------------------------------
63 The exact name of the CA certificate file will be unique to your installation.
64 In the above, it is "abcdef01.0".  Ammend to the correct setting.  Edit
65 ../attAuthority/siteBAttAuthorityProperties.xml and in the same way add a new
66 entry for the MyProxy CA certificate.
67 
68 Nb. You can check the MyProxy certificate file independently with OpenSSL:
69 
70 $ openssl x509 -in  /etc/grid-security/certificates/abcdef01.0 -text
71 
724) Run the tests with the command:
73
74$ python ./test.py
75
765) To run individual tests give the test method name:
77
78$ python ./test.py SessionMgrTestCase.test1Connect
79
80Finally,
81 * See sessionMgrTest.cfg configuration file to change test parameters.
82 * See the installation guide for MyProxy trouble shooting information.
83
Note: See TracBrowser for help on using the repository browser.