| Page Properties | ||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
OVERVIEW
Increasing automated testing is necessary in order to increase the effectiveness, efficiency and coverage of software testing. Currently testing SAML is a manual process that only occurs during release and feature testing. Because testing SAML is a manual process we only test against OneLogin and Okta.
Creating reusable automated tests will make testing and supporting additional SAML providers a much easier process. These tests will ensure a base level of supported functionality. As test coverage increases, supporting a new provider could be as simple as writing the test harness for the given provider.
GOALS
Define the testing architecture for Automated SAML testing.
Define the necessary APIs for manipulating SAML data.
Define the base set of required tests
SCOPE
In scope:
Define a pluggable architecture to test SAML Environment.
Provide a proof of concept.
...
Defining implementation details for specific providers.
Define all tests and all potential data.
Define implementation details for all required tests.
BACKGROUND READING
SPECIFICATIONS
There are three different pieces of functionality to make this work.
Architecture Definition
Define test structure
Define test data
Define base tests to be implemented.
Provider Creation and Setup
Provider Test Creation and API definition
Architectural Definition
Test Structure
The test structure should be configured so that each provider can share the same test. Each provider will have to some of its own provisioning such as Setting up its configuration. At a minimum the SAML Configuration will need to be provided. A sample test flow is shown below. This test is doing a basic SAML login.
...
samlLogout() - logout MM user and ensure login page is displayed
Test Data
The SAML providers will have to have specific users with specific fields to be set appropriately for the accompanying test. This can be accomplished a couple different ways. That data can be created upfront in the SAML provider or each test suite can be responsible to create its own test data prior to each test. If the data in the SAML provider is static, that is it won’t be updated during a test run and be the same from test run to test run. It is suggested to create that data upfront. However, if the test requires the update of the SAML data, for instance to test if SAML fields update properly. Then the data should be either be verified or deleted and recreated before the test run.
If test data is required to be added to the Mattermost database. That data can be added in the following file - ../mattermost-server/cmd/mattermost/commands/sampledata.go.
Base Tests
SAML User Login - New user
SAML User Login - Existing user
SAML Guest Login - New user
SAML Guest Login - Existing user
SAML Admin Login - New user
SAML Admin Login - Existing user
Once the base tests have been completed, the manual release tests will be next.
https://docs.google.com/spreadsheets/d/18nQEYeHRQCkHPRmiDZLd-z8DyMg1TlDfDu-c0qlK8Vs/edit#gid=932310946
Required SAML APIs
Create User - create a new user in SAML Server
...
Certificates - will need loaded
SAML Provider settings may need updated, for server name to callback.
Proof of Concept
In order to ensure that the above specification is at least feasible, a proof of concept was developed.
https://github.com/sbishel/mattermost-webapp/tree/saml-test-pocpoc2
The main files for the POC are located as follows -
..e2e/cypress.json
...
e2e/cypress/support/saml_test_commands.js
The test expects the user to already exist in Mattermost, it won’t. Therefore, the first time through, select the default team. The next time the test will pass. It’s just a POC.