central authentication service software testing
TRANSCRIPT
Central Authentication Service Software Testing
WKES1104: Software Engineering
Prepared by:
Bintang Pamungkas WEK100733
For:
Dr. Nazean Jomhari
Faculty of Computer Science & Information Technology
University of Malaya
1
Question:
Tutorial Software Testing
You have been asked to create CAS (Central authentication Service) system for company A.
This company has a few systems which are not integrated with each other such as, Leave
management system (using PhP), meeting calendar system (Java), email system (gmail) etc.
Identify the tests of features of the CAS that you are going to build. The architecture of CAS
looks like the figure below.
2
Introduction
1. Definition
CAS is an enterprise Single Sign-On solution for web services. Single Sign-On
(SSO) means a better user experience when running a multitude of web services,
each with its own means of authentication. With a SSO solution, different web ser-
vices may authenticate to one authoritative source of trust, which the user needs to
log in to, instead of requiring the end-user to log in into each separate service.1
In short, CAS (Central Authentication Service) is an authentication system
which enables user to log in several web services which only requires the user to be
authenticated once by the CAS.
1.1 CAS Development
Central Authentication Service (CAS) was invented and developed by Shawn
Bayern of Yale University, later on CAS was maintained by Drew Mazurek at Yale. The
first version of CAS, has implemented the Single Sign-On feature. After the pioneer,
CAS 2.0 was launched with new features on the system, one of the features that be-
ing introduced was multitier proxy authentication.
In December 2004, CAS became a project of JASIG (Java Architecture Special
Interest Group), which since the year of 2008 has been responsible for CAS mainte-
nance and development, that is why CAS also known as JASIG CAS.
Because of its reliability, today CAS has been used widely among the universi-
ties all across the universe, even University of Malaya also has adopted the CAS that
1 https://wiki.jasig.org/display/CAS/Home
3
we will see whenever we want to access the applications which University of Malaya
provided, such as SPECTRUM.
1.2 CAS Client Integration
Until today, there are four official CAS clients according to the JASIG CAS web-
site. These four official clients are Java, PHP, .NET and Apache. Besides those four
official clients, CAS also can be integrated to other clients such as Perl, uPortal,
Google Web Toolkit, TikiWiki, etc.
Content
4
University of Malaya Central Authentication Service
1. Software Testing
The general testing process usually started with the testing of individual program
units such as functions or objects. These tested units will later be integrated into sub-
systems and systems, and then the interactions of these units were tested. After the
system integrated and completed, we can do a series of acceptance tests to validate and
verify the software built. Software testing is not an easy process, it has two
distinct goals:
i. To demonstrate to the developer and the customer that the software
meets its requirements. In other words, software testing has the goal
to validate the product.
ii. To discover faults or defects in the software. Also can be interpreted
as, verifying the product.
Software validation and software verification are two distinct things, accord-
ing to Boehm (Boehm, 1979) succinctly expressed the difference between
them:
Validation: Are we building the right product?
Verification: Are we building the product right?
2. CAS Software Testing
Central Authentication Service also needs to pass the software testing, moreover be-
cause it often plays a very crucial role in the system it is used then we have to do the
test thoroughly. Company “A” has a lot of un-integrated applications such as Leave Man-
agement System that uses PHP, Meeting Calendar System that uses Java and also an
email client using Gmail. So, the first thing we want to do is to do the unit test. We have
to check the applications the company already have. But, since all of the applications are
not integrated, we do not have to check the whole system by pairing and integrating
each application. All we have to do is to integrate every application with the CAS itself.
5
After done with the individual tests, we shall proceed to the main testing, the CAS
testing. I have figured out some of the main features that need to be tested. These fea-
tures are:
1) Compatibility
First of all, we have to make sure that the client (applications that the com-
pany “A” has) is compatible with the CAS. As already said in the introduction part
of this essay, CAS only supports four official clients and few unofficial clients. The
three examples of the applications the company “A” has will pass this test, as Java
and PHP are the official clients of JASIG CAS and Gmail also can be integrated with
CAS as Google Web Toolkit considered as unofficial client of CAS.
Compatibility is one of the most basic things, because everything will be ru-
ined if we forgot this aspect to be tested.
2) Security
Security in CAS is one of the most crucial things that need to be tested, be-
cause, CAS basically is a tool used as a “ticket” to pass to varied applications pro-
vided in the system. We have to make sure there are no crucial holes in the sys-
tem, and if we found it, we have to fix it as soon as possible.
Testing this aspect can be a little bit tricky, because we have to find the hole
inside the system which is not easy to be seen. Sometimes, to test the security of
software we need independent team to take a look at the system that we already
have. We can take a look at the method used by the software Mozilla Firefox, on
the October 2010, they let public to try to find any bugs that might be in the soft-
ware, this competition results in 12 years old boy who found a major security hole
in the software. Because of that, the boy, Alex Miller was given $3000 by the
company.
3) Stability
6
Since CAS plays a very important role as a gateway to varied applications used
in the company “A”, we have to make sure its stability. The CAS has to be able to
work for 24/7, and when it is down it can be fixed in no time (this thing will be
covered under the aspect of maintainability).
To test this aspect, maybe we can try to flood the system with traffic and see
how many traffics it can withstand simultaneously. If it can handle a lot of traffics
simultaneously, then the system is stable enough to be launched.
4) Maintainability
Maintainability comes after stability, because they system does not always go
as we planned. Here, maintainability plays its role. Whenever the system is
down, it must be repaired as soon as possible. A maintainable system will help to
cut down the cost and the time of repair.
Done with the main features test, we shall proceed to the acceptance test. Accep-
tance testing is the process where the system is tested using customer data to check that it
meets the customer's real needs. (Sommerville, 2007, p.402). Acceptance testing is also
known as Alpha test.
The next step after Alpha test, is the Beta test. Beta test lets some potential cus-
tomers to use the software and then reports and gives feedback to the system developers.
The reports and feedbacks will be used by the system developers as an input to develop the
system further. And after that, usually the team will decide whether the system ready to be
launched or not.
7
Conclusion
From the explanations above, we can see that software testing plays an important
role to make sure that we are building the right software in the right way. Software testing in
Central Authentication Service will include a lot of aspects such as, compatibility, security,
stability, and also maintainability. And the test also has to be made in such an appropriate
order. Besides that, we also have to test the un-integrated units first. Since CAS plays a very
important role to the whole system, then we have to do the test thoroughly and precisely.
8
References
Sommerville, Ian. (2007). Software Engineering. Essex : Pearson Education Limited
CAS | JASIG Community. Retrieved March 8, 2011, from http://www.jasig.org/cas
9