Jump to: navigation, search

V4/Authentication Indicators/Test Plan

Name: V4/Authentication Indicators/Test Plan
Target version: 4.4.0
Design: V4/Authentication_Indicators
Reviewer: Incomplete.png missing
Last updated: 2016-05-31 by Lryznaro

Overview

Test Plan

Test case: Create new service entry with specified authentication indicator

Autotest

{{{autotest}}}

Setup

Service entry does not exist.

Actions

Create new service entry with '--auth-ind=otp' or '--auth-ind=radius' option.

Expected results

Service entry should be added.

Test case: Update existing service entry to have authentication indicator

Autotest

{{{autotest}}}

Setup

Service entry with no authentication indicator already exists.

Actions

Update existing entry with '--auth-ind=otp' or '--auth-ind=radius' option.

Expected results

Authentication indicator should be added.

Test case: Update existing service entry to different authentication indicator

Autotest

{{{autotest}}}

Setup

Service entry with an authentication indicator already exists.

Actions

Update existing entry with different type of authentication indicator.

Expected results

Authentication indicator should be updated.

Test case: Verify that both authentication indicators can be set for a service

Autotest

{{{autotest}}}

Setup

Service entry with no authentication indicator already exists.

Actions

Try to update the service to contain both 'otp' and 'radius' indicators.

Expected results

Should be successfull.

Test case: Try to access service without authentication indicators

Autotest

{{{autotest}}}

Setup

User already exists with authentication types 'otp', 'radius' and 'password'.

Service with no authentication indicators set already exists.

Actions

  1. Authenticate as a user using any of the authentication types.
  2. Try to access service.

Expected results

Should grant access for all types of authentication.

Test case: Try to access service with insufficient authentication

Autotest

{{{autotest}}}

Setup

User already exists with authentication types 'otp', 'radius' and 'password'.

Service1 with authentication indicator 'otp' or 'radius' already exists.

Service2 with no authentication indicator already exists.

Actions

  1. Run kinit as user with password only.
  2. Try to access service1.
  3. Try to access service2.

Expected results

  1. Should be successful.
  2. Should refuse access to service1.
  3. Should grant access to service2.

Test case: Try to access service with sufficient authentication

Autotest

{{{autotest}}}

Setup

User already exists with authentication types 'otp', 'radius' and 'password'.

Service1 with authentication indicator 'otp' or 'radius' already exists.

Service2 with no authentication indicator already exists.

Actions

  1. Authenticate using 2FA corresponding with service1.
  2. Try to access service1.
  3. Try to access service2.

Expected results

  1. Should be successful.
  2. Should grant access to both services.

Test case: Try to access service with different authentication type

Autotest

{{{autotest}}}

Setup

User already exists with authentication types 'otp', 'radius' and 'password'.

Service with authentication indicator 'otp', alternatively 'radius', already exists.

Actions

  1. Authenticate using 2FA with 'radius', alternatively 'otp' (i.e. the other type than the one allowed for the service).
  2. Try to access service.

Expected results

  1. Authentication should be successful.
  2. Access to service should not be granted.

Test case: Try to access service with one of possible tokens

Autotest

{{{autotest}}}

Setup

User already exists with authentication types 'otp', 'radius' and 'password'.

Service with both authentication indicators already exists.

Actions

  1. Authenticate using 2FA with one authentication type.
  2. Try to access service.

Expected results

  1. Authentication should be successful.
  2. Access to service should be granted.

Run test case again for second authentication type.