Central Authentication Service Software Testing

WKES1104: Software Engineering

Prepared by:

Bintang Pamungkas WEK100733

For:

Dr. Nazean Jomhari

Faculty of Computer Science & Information Technology

University of Malaya

1

Question:

Tutorial Software Testing

You have been asked to create CAS (Central authentication Service) system for company A.

This company has a few systems which are not integrated with each other such as, Leave

management system (using PhP), meeting calendar system (Java), email system (gmail) etc.

Identify the tests of features of the CAS that you are going to build. The architecture of CAS

looks like the figure below.

2

Introduction

1. Definition

CAS is an enterprise Single Sign-On solution for web services. Single Sign-On

(SSO) means a better user experience when running a multitude of web services,

each with its own means of authentication. With a SSO solution, different web ser-

vices may authenticate to one authoritative source of trust, which the user needs to

log in to, instead of requiring the end-user to log in into each separate service.1

In short, CAS (Central Authentication Service) is an authentication system

which enables user to log in several web services which only requires the user to be

authenticated once by the CAS.

1.1 CAS Development

Central Authentication Service (CAS) was invented and developed by Shawn

Bayern of Yale University, later on CAS was maintained by Drew Mazurek at Yale. The

first version of CAS, has implemented the Single Sign-On feature. After the pioneer,

CAS 2.0 was launched with new features on the system, one of the features that be-

ing introduced was multitier proxy authentication.

In December 2004, CAS became a project of JASIG (Java Architecture Special

Interest Group), which since the year of 2008 has been responsible for CAS mainte-

nance and development, that is why CAS also known as JASIG CAS.

Because of its reliability, today CAS has been used widely among the universi-

ties all across the universe, even University of Malaya also has adopted the CAS that

1 https://wiki.jasig.org/display/CAS/Home

3

we will see whenever we want to access the applications which University of Malaya

provided, such as SPECTRUM.

1.2 CAS Client Integration

Until today, there are four official CAS clients according to the JASIG CAS web-

site. These four official clients are Java, PHP, .NET and Apache. Besides those four

official clients, CAS also can be integrated to other clients such as Perl, uPortal,

Google Web Toolkit, TikiWiki, etc.

Content

4

University of Malaya Central Authentication Service

1. Software Testing

The general testing process usually started with the testing of individual program

units such as functions or objects. These tested units will later be integrated into sub-

systems and systems, and then the interactions of these units were tested. After the

system integrated and completed, we can do a series of acceptance tests to validate and

verify the software built. Software testing is not an easy process, it has two

distinct goals:

i. To demonstrate to the developer and the customer that the software

meets its requirements. In other words, software testing has the goal

to validate the product.

ii. To discover faults or defects in the software. Also can be interpreted

as, verifying the product.

Software validation and software verification are two distinct things, accord-

ing to Boehm (Boehm, 1979) succinctly expressed the difference between

them:

Validation: Are we building the right product?

Verification: Are we building the product right?

2. CAS Software Testing

Central Authentication Service also needs to pass the software testing, moreover be-

cause it often plays a very crucial role in the system it is used then we have to do the

test thoroughly. Company “A” has a lot of un-integrated applications such as Leave Man-

agement System that uses PHP, Meeting Calendar System that uses Java and also an

email client using Gmail. So, the first thing we want to do is to do the unit test. We have

to check the applications the company already have. But, since all of the applications are

not integrated, we do not have to check the whole system by pairing and integrating

each application. All we have to do is to integrate every application with the CAS itself.

5

After done with the individual tests, we shall proceed to the main testing, the CAS

testing. I have figured out some of the main features that need to be tested. These fea-

tures are:

1) Compatibility

First of all, we have to make sure that the client (applications that the com-

pany “A” has) is compatible with the CAS. As already said in the introduction part

of this essay, CAS only supports four official clients and few unofficial clients. The

three examples of the applications the company “A” has will pass this test, as Java

and PHP are the official clients of JASIG CAS and Gmail also can be integrated with

CAS as Google Web Toolkit considered as unofficial client of CAS.

Compatibility is one of the most basic things, because everything will be ru-

ined if we forgot this aspect to be tested.

2) Security

Security in CAS is one of the most crucial things that need to be tested, be-

cause, CAS basically is a tool used as a “ticket” to pass to varied applications pro-

vided in the system. We have to make sure there are no crucial holes in the sys-

tem, and if we found it, we have to fix it as soon as possible.

Testing this aspect can be a little bit tricky, because we have to find the hole

inside the system which is not easy to be seen. Sometimes, to test the security of

software we need independent team to take a look at the system that we already

have. We can take a look at the method used by the software Mozilla Firefox, on

the October 2010, they let public to try to find any bugs that might be in the soft-

ware, this competition results in 12 years old boy who found a major security hole

in the software. Because of that, the boy, Alex Miller was given $3000 by the

company.

3) Stability

6

Since CAS plays a very important role as a gateway to varied applications used

in the company “A”, we have to make sure its stability. The CAS has to be able to

work for 24/7, and when it is down it can be fixed in no time (this thing will be

covered under the aspect of maintainability).

To test this aspect, maybe we can try to flood the system with traffic and see

how many traffics it can withstand simultaneously. If it can handle a lot of traffics

simultaneously, then the system is stable enough to be launched.

4) Maintainability

Maintainability comes after stability, because they system does not always go

as we planned. Here, maintainability plays its role. Whenever the system is

down, it must be repaired as soon as possible. A maintainable system will help to

cut down the cost and the time of repair.

Done with the main features test, we shall proceed to the acceptance test. Accep-

tance testing is the process where the system is tested using customer data to check that it

meets the customer's real needs. (Sommerville, 2007, p.402). Acceptance testing is also

known as Alpha test.

The next step after Alpha test, is the Beta test. Beta test lets some potential cus-

tomers to use the software and then reports and gives feedback to the system developers.

The reports and feedbacks will be used by the system developers as an input to develop the

system further. And after that, usually the team will decide whether the system ready to be

launched or not.

7

Conclusion

From the explanations above, we can see that software testing plays an important

role to make sure that we are building the right software in the right way. Software testing in

Central Authentication Service will include a lot of aspects such as, compatibility, security,

stability, and also maintainability. And the test also has to be made in such an appropriate

order. Besides that, we also have to test the un-integrated units first. Since CAS plays a very

important role to the whole system, then we have to do the test thoroughly and precisely.

8

References

Sommerville, Ian. (2007). Software Engineering. Essex : Pearson Education Limited

CAS | JASIG Community. Retrieved March 8, 2011, from http://www.jasig.org/cas

9