Skip to end of metadata
  • Created by Former user, last modified by Former user on May 28, 2010
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 4 Next »

Section numbers correspond to the eGov 2.0 draft profile.

2.2.1 Metadata Profiles

[What should be CONFIRMED through testing from this section?]

2.2.2 Metadata Exchange

[What should be CONFIRMED through testing from this section?]

2.2.2.1 Metadata Verification

[What should be CONFIRMED through testing from this section?]

2.3 Name Identifiers

[What should be CONFIRMED through testing from this section?]

2.4 Attributes

[What should be CONFIRMED through testing from this section?]

2.5.1 Identity Provider Discovery

[What should be CONFIRMED through testing from this section?]

2.5.2.1 Authentication Requests Binding and Security Requirements

[What should be CONFIRMED through testing from this section?]

2.5.2.2 Authentication Requests Message Content

[What should be CONFIRMED through testing from this section?]

2.5.3.1 Responses Binding and Security Requirements

[What should be CONFIRMED through testing from this section?]

* See Bob Sunday's example test case below

2.5.3.2 Responses Message Content

[What should be CONFIRMED through testing from this section?]

2.5.4.1 Artifact Resolution Requests

[What should be CONFIRMED through testing from this section?]

2.5.4.2 Artifact Resolution Responses

[What should be CONFIRMED through testing from this section?]

2.7.1 Proxying Authentication Requests

[What should be CONFIRMED through testing from this section?]

2.7.2 Proxying Responses

[What should be CONFIRMED through testing from this section?]

2.8.1.1 Logout Requests Binding and Security Requirements

[What should be CONFIRMED through testing from this section?]

2.8.1.2 Logout Requests User Interface Behavior

[What should be CONFIRMED through testing from this section?]

2.8.2.1 Logout Responses Binding and Security Requirements

[What should be CONFIRMED through testing from this section?]

3.1.1 Signature and Encryption Algorithms

[What should be CONFIRMED through testing from this section?]

Bob Sunday's example test case

Responses to Authentication Failure

Description

To complete this Test Case, the IdP under test must receive an authentication request for a User it cannot or will not authenticate. The cause of this authentication failure is not relevant but is expected to be an event such as:

  • The user chooses to cancel the authentication process.
  • The user identity does not exist or the number of failed login attempts has been exceeded.
  • The user forgets his/her password and must wait for an email containing the password.
Preconditions
  • Metadata exchanged and loaded
  • Encryption disabled
  • User Identities Not Federated
Test Sequence

1. AuthnRequest from SP to IdP, Redirect Binding, Federate

User/SP attempts Single Sign-On with Persistent Name Identifier with AllowCreate set to true. SP communication to the IdP for the SAML request is through HTTP-Redirect binding. IdP does not recognize User and thus cannot authenticate user.

IdP CONFIRM: User is not authenticated.

2. Response Failure

Being unable to authenticate User, IdP returns SAML Response with error indicating AuthnRequest failed.

SP CONFIRM: IdP returns SAML Response indicating authentication error.

  • No labels