...
IOP (Scott Cantor - cantor.2@osu.edu)
PKIX (unassignedTerry McBride)
[What should be CONFIRMED through testing from this section?]
2.2.2 Metadata Exchange (Scott Cantor - cantor.2@osu.edu)
Test the ability of an implementation to publish and consume metadata documents, and maintain the information in real time.
.bq Publication
Preconditions
- An http/https entityID defined that is suitable for dereferencing
- Appropriate configuration of that entityID is completed
- Multiple details of configuration are available to tester (location of a profile endpoint, a key descriptor, etc.)
...
- Any pre-publishing step required is completed
Test Sequence
1. Access published metadata
The entityID is dereferenced to obtain the metadata document.
Tester CONFIRM: The metadata is available, and correctly reflects the entityID accessed, and is returned with the correct MIME type (application/xml+samlmetadata). The configuration details expected are found in the metadata.
2. Alter metadata and republish
Alter the configuration (changing an endpoint, a key descriptor, etc.) and republish, then repeat the first test.
Tester CONFIRM: As in (1), but also that the implementation did not require a restart or disruption of service.
2.2.2.1 Metadata Verification (Scott Cantor - cantor.2@osu.edu)
...
Responses to Authentication Failure
...
To complete this Test Case, the IdP under test must receive an authentication request for a User it cannot or will not authenticate. The cause of this authentication failure is not relevant but is expected to be an event such as:
- The user chooses to cancel the authentication process.
- The user identity does not exist or the number of failed login attempts has been exceeded.
- The user forgets his/her password and must wait for an email containing the password.
Preconditions
- Metadata exchanged and loaded
- Encryption disabled
- User Identities Not Federated
Test Sequence
1. AuthnRequest from SP to IdP, Redirect Binding, Federate
...