SSO Testing
Test scenarios and setup for testing DRYD-1518: Add SSO ID field to user accounts and populate with SAML assertionClosed using Auth0 as an IdP
Configuration Scenario 1 |
|
---|---|
Scenario Description | Email address used for both |
CSpace User Setup | Create a user on CSpace with the email testconfig1@example.com |
Relevant SAML Config on CSpace Server | <assertion-username-probes>
. <attribute name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" />
</assertion-username-probes>
<assertion-sso-id-probes>
. <attribute name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" />
</assertion-sso-id-probes> |
Relevant Auth0 IDP Metadata excerpt |
|
Expected behavior upon initial login | User is found and login succeeds |
Expected behavior after changing email address on Auth0 IdP | User is not found and login fails |
Configuration Scenario 2 |
|
---|---|
Scenario Description | Email address used for both |
Preconditions | Create a user on CSpace with the email testconfig2@example.com |
Auth0 Mappings | {
"mappings": {
"email": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier"
}
} |
Relevant SAML Config on CSpace Server | (Note the use of the <assertion-username-probes>
. <attribute name="http://schemas.auth0.com/name" />
</assertion-username-probes>
<assertion-sso-id-probes>
. <name-id/>
</assertion-sso-id-probes> |
Relevant Auth0 IDP Metadata excerpt |
|
Expected behavior upon initial login | User is found and login succeeds |
Expected behavior after changing email address on Auth0 IdP | User is not found and login fails |
Configuration Scenario 3 |
|
---|---|
Scenario Description | Email address used for both |
Precondition | Create a user on CSpace with the email testconfig3@example.com |
Auth0 Mappings | |
Relevant SAML Config on CSpace Server | (Note the use of the |
Relevant Auth0 IDP Metadata excerpt |
|
Expected behavior upon initial login | User is found and login succeeds |
Expected behavior after changing email address on Auth0 IdP | User is not found and login fails |
Configuration Scenario 4 |
|
---|---|
Scenario Description | Email address used for both |
Precondition | Create a user on CSpace with the email testconfig4@example.com |
Auth0 Mappings | |
Relevant SAML Config on CSpace Server | |
Relevant IDP Metadata excerpt |
|
Expected behavior upon initial login | User is found and login succeeds |
Expected behavior after changing email address on Auth0 IdP | User is not found and login fails |
Configuration Scenario 5 |
|
---|---|
Scenario Description | Email address asserted as |
Precondition | Create a user on CSpace with the email testconfig5@example.com |
Auth0 Mappings | |
Relevant SAML Config on CSpace Server | |
Relevant IDP Metadata excerpt |
|
Expected behavior upon initial login | User is found and login succeeds |
Expected behavior after changing email address on Auth0 IdP | User is found and login succeeds (because attribute that is used for sso-id hasn’t changed) |
Configuration Scenario 6 | THIS IS THE MOST LIKELY IDP SETUP |
---|---|
Scenario Description | Email address asserted as |
Precondition | Create a user on CSpace with the email testconfig6@example.com |
Auth0 Mappings | |
Relevant SAML Config on CSpace Server | |
Relevant IDP Metadata excerpts |
|
Expected behavior upon initial login | User is found and login succeeds |
Expected behavior after changing email address on Auth0 IdP | User is found and login succeeds (because name identifier in the subject that is being used for sso-id hasn’t changed) |
Configuration Scenario 7 |
|
---|---|
Scenario Description | Email address asserted as |
Precondition | Create a user on CSpace with the email testconfig7@example.com |
Auth0 Mappings | |
Relevant SAML Config on CSpace Server | (Note the use of the identifier attribute for sso-id )
|
Relevant IDP Metadata excerpts |
|
Expected behavior upon initial login | User is found and login succeeds |
Expected behavior after changing email address on Auth0 IdP | User is found and login succeeds (because the value for identifier attribute used for sso-id hasn’t changed) |
Configuration Scenario 8 | Mimics 8.0 functionality in 8.1 |
---|---|
Scenario Description | Email address asserted as |
Precondition | Create a user on CSpace with the email testconfig8@example.com |
Auth0 Mappings | |
Relevant SAML Config on CSpace Server | |
Relevant IDP Metadata excerpts |
|
Expected behavior upon initial login | User is found and login succeeds |
Expected behavior after changing email address on Auth0 IdP | User is found and login fails |
Configuration Scenario 9 | Mimics 8.0 functionality in 8.1 |
---|---|
Scenario Description | Email address asserted as |
Precondition | Create a user on CSpace with the email testconfig9@example.com |
Auth0 Mappings | |
Relevant SAML Config on CSpace Server | |
Relevant IDP Metadata excerpts |
|
Expected behavior upon initial login | User is found and login succeeds |
Expected behavior after changing email address on Auth0 IdP | User is found and login fails |
Configuration Scenario 10 | Mimics 8.0 functionality in 8.1 - SUCCESS SEQUENCE |
---|---|
Scenario Description | Email address asserted as |
Precondition | Create a user on CSpace with the email testconfig10@example.com |
Auth0 Mappings | |
Relevant SAML Config on CSpace Server (Step 1) | |
Relevant IDP Metadata excerpts (Step 1) |
|
Expected behavior upon initial login | User is found and login succeeds |
Relevant SAML Config on CSpace Server (Step 2) | |
Relevant IDP Metadata excerpts (Step 2) |
|
Expected behavior after SAML config change | User is found and login succeeds |
Expected behavior after changing email address on Auth0 IdP after SAML config change | User is found and login succeeds |