source: TI12-security/trunk/python/ndg.security.test/ndg/security/test/sessionMgr/README @ 4139

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI12-security/trunk/python/ndg.security.test/ndg/security/test/sessionMgr/README@4139
Revision 4139, 3.8 KB checked in by cbyrom, 11 years ago (diff)

Further standardise property keywords - consolidating caCertFileList into
caCertFilePathList.

Line 
1Unit tests for NDG Security Session Manager Module
2==================================================
3These tests need some careful attention to their configuration in order to
4correctly set up.  MyProxy and test Attribute Authorities services must be
5configured and started.
6
7MyProxy is installed as part of the NDG Security installation.  See the
8installation guide for details:
9
10http://proj.badc.rl.ac.uk/ndg/browser/TI12-security/trunk/documentation/InstallationGuide/pdf/NDGSecurityInstallationGuide.pdf?format=raw
11
121) Ensure MyProxy is running on it's host machine.  Depending on how you have
13configured it it may be running as SysV init script or with xinetd or inetd.
14Check with the Installation guide.  To start myproxy-server manually as root
15run,
16
17$ myproxy-server
18
192) Edit sessionMgrProperties.xml in this directory and set the hostname element
20to the fully qualified domain name (FQDN) of the MyProxy host OR alternatively
21set the environment variable MYPROXY_SERVER to the FQDN e.g.
22
23export MYPROXY_SERVER=myproxyhost.somewhere.uk
24
253) Edit sessionMgrTest.cfg and set the username for the MyProxy account you
26wish to test: NDG Security uses MyProxy with a PAM plugin to enable
27authentication against an external source such as a user database or a UNIX
28system account.  The passphrase field can also be filled, or alternatively if
29omitted from the file or commented out it will be prompted for from the
30command line.  Both test1Connect and test3ConnectNoCreateServerSess fields
31should be set.
32 
334) Two test Attribute Authority services are required.  These can be run from
34the Attribute Authority unit test directory.  It's path relative to this
35directory is ../attAuthority. 
36
37The Attribute Authorities accept requests from this Session Manager
38authenticated based on the MyProxy user credentials used in the unit test
39test1Connect.  In order to accept these, the Attribute Authorities must be
40configured to trust the MyProxy CA.  This can be done by including the MyProxy
41CA certificate in the list of trusted CA files in the respective Attribute
42Authority configuration files:
43 i) Copy the CA certificate from your MyProxy host computer to the ca/ sub-
44 directory under THIS directory.
45 
46 The file will be located on the MyProxy server as e.g.
47 
48 /etc/grid-security/certificates/abcdef01.0
49 
50 The exact name of the CA certificate file will be unique to your installation.
51 In the above, it is "abcdef01.0".   
52 
53 i) edit 'caCertFilePathList' element in
54 ../attAuthority/siteAAttAuthorityProperties.xml and add a new entry for the
55 MyProxy CA:
56
57 -8<---------------------------------------------------------------------------
58    <caCertFilePathList>
59        <caCertFile>$NDGSEC_AACLNT_UNITTEST_DIR/ca/ndg-test-ca.crt</caCertFile>
60-->     <caCertFile>$NDGSEC_AACLNT_UNITTEST_DIR/ca/abcdef01.0</caCertFile>
61    </caCertFilePathList>
62 -8<---------------------------------------------------------------------------
63 The exact name of the CA certificate file will be unique to your installation.
64 In the above, it is "abcdef01.0".  Ammend to the correct setting.  Edit
65 ../attAuthority/siteBAttAuthorityProperties.xml and in the same way add a new
66 entry for the MyProxy CA certificate.
67 
68 Nb. You can check the MyProxy certificate file independently with OpenSSL:
69 
70 $ openssl x509 -in  /etc/grid-security/certificates/abcdef01.0 -text
71 
725) Run the tests with the command:
73
74$ python ./test.py
75
766) To run individual tests give the test method name:
77
78$ python ./test.py SessionMgrTestCase.test1Connect
79
80Finally,
81 * See sessionMgrTest.cfg configuration file to change test parameters.
82 * See the installation guide for MyProxy trouble shooting information.
83
84Troubleshooting:
85 * http_proxy environment variable settings can cause connection problems to
86the Attribute Authorities.  unset http_proxy or set no_proxy:
87
88$ export no_proxy=http://localhost:5000/AttributeAuthority,http://localhost:5100/AttributeAuthority
Note: See TracBrowser for help on using the repository browser.