source: TI12-security/trunk/python/ndg.security.test/ndg/security/test/sessionMgrClient/README @ 3196

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI12-security/trunk/python/ndg.security.test/ndg/security/test/sessionMgrClient/README@3196
Revision 3196, 4.1 KB checked in by pjkersha, 12 years ago (diff)

security/architecture/uml/ndg2-dews-security-beta.eap: update from EA upgrade

security/python/ndg.security.client/setup.cfg,
security/python/ndg.security.common/setup.cfg,
security/python/ndg.security.server/setup.cfg,
security/python/ndg.security.test/setup.cfg,
security/python/setup.cfg: new release tag for OMII-UK 1st drop

security/python/ndg.security.server/ndg/security/server/MyProxy.py: iimprove error message for cert file not found - incl. CA cert.

security/python/ndg.security.test/ndg/security/test/sessionMgrClient/README: addtional note about ensuring MYPROXY_SERVER env for server.py shell
security/python/ndg.security.test/ndg/security/test/sessionMgrClient/server.sh: deleted - server.py replaces it

security/python/ndg.security.test/ndg/security/test/sessionMgrClient/SessionMgrClientTest.py: working version with test certs included in SVN and unit test env var refs.

security/python/ndg.security.test/ndg/security/test/sessionMgrClient/sessionMgrProperties.xml: incl. default serverCNprefix elem setting

security/python/ndg.security.test/setup.py: important fixes to ensure test data and test certs are included in package data for egg.

Line 
1Unit tests for Session Manager Web Service Client
2=================================================
3This is the most complicated unit test suite and requires a number of services
4to be running:
5 * Test Session Manager web service run from this directory
6 * MyProxy server
7 * Two test Attribute Authorities run from the Attribute Authority unit test
8 directory ../attAuthority
9 
10It is worthwhile trying out the Attribute Authority (../attAuthority) and
11Session Manager (../sessionMgr) unit tests first.  These tests differ from
12the Session Manager unit tests in that they test a SOAP *client* to a
13Session Manager web service whereas the Session Manager tests just the server
14side code.
15
16MyProxy is installed as part of the NDG Security installation.  See the
17installation guide for details:
18
19http://proj.badc.rl.ac.uk/ndg/browser/TI12-security/trunk/documentation/InstallationGuide/pdf/NDGSecurityInstallationGuide.pdf?format=raw
20
211) Ensure MyProxy is running on it's host machine.  Depending on how you have
22configured it it may be running as SysV init script or with xinetd or inetd.
23Check with the Installation guide.  To start myproxy-server manually as root
24run,
25
26$ myproxy-server
27
282) Edit sessionMgrProperties.xml in this directory and set the hostname element
29to the fully qualified domain name (FQDN) of the MyProxy host OR alternatively
30set the environment variable MYPROXY_SERVER to the FQDN e.g.
31
32export MYPROXY_SERVER=myproxyhost.somewhere.uk
33
34If you use the environment variable it must be set in the shell in which you
35run the test Session Manager service - see step 4).
36
373) Edit sessionMgrClientTest.cfg and set the username for the MyProxy account
38you wish to test: NDG Security uses MyProxy with a PAM plugin to enable
39authentication against an external source such as a user database or a UNIX
40system account.  The passphrase field can also be filled, or alternatively if
41omitted from the file or commented out it will be prompted for from the
42command line.  Both test1Connect and test3ConnectNoCreateServerSess fields
43should be set.
44 
453) Two test Attribute Authority services are required.  These can be run from
46the Attribute Authority unit test directory.  It's path relative to this
47directory is ../attAuthority. 
48
49The Attribute Authorities accept requests from this Session Manager
50authenticated based on the MyProxy user credentials used in the unit test
51test1Connect.  In order to accept these, the Attribute Authorities must be
52configured to trust the MyProxy CA.  This can be done by including the MyProxy
53CA certificate in the list of trusted CA files in the respective Attribute
54Authority configuration files:
55 i) edit 'caCertFileList' element in
56 ../attAuthority/siteAAttAuthorityProperties.xml and add a new entry for the
57 MyProxy CA:
58
59 -8<---------------------------------------------------------------------------
60    <caCertFileList>
61        <caCertFile>$NDGSEC_AACLNT_UNITTEST_DIR/ca/ndg-test-ca.crt</caCertFile>
62-->     <caCertFile>/etc/grid-security/certificates/abcdef01.0</caCertFile>
63    </caCertFileList>
64 -8<---------------------------------------------------------------------------
65 The exact name of the CA certificate file will be unique to your installation.
66 In the above, it is "abcdef01.0".  Ammend to the correct setting.  Edit
67 ../attAuthority/siteAAttAuthorityProperties.xml and in the same way add a new
68 entry for the MyProxy CA certificate.
69 
70 Nb. You can check the MyProxy certificate file independently with OpenSSL:
71 
72 $ openssl x509 -in  /etc/grid-security/certificates/abcdef01.0 -text
73
744) Start the Session Manager test service in this directory but from a separate
75terminal:
76
77$ python ./server.py
78
79Nb. If you've specified the MyProxy server host with the MYPROXY_SERVER
80environment variable, make sure it's set in this shell.
81
825) Run the tests with the command:
83
84$ python ./SessionMgrClientTest.py
85
866) To run individual tests give the test method name:
87
88$ python ./SessionMgrClientTest.py SessionMgrClientTestCase.test1Connect
89
90Finally,
91 * See sessionMgrClientTest.cfg configuration file to change test parameters.
92 * See the installation guide for MyProxy trouble shooting information.
93
Note: See TracBrowser for help on using the repository browser.