Test Script - The class or interface 'SimpleSAML_Logger' is now using namespaces
1. User browse to https://webservices-mahara.catalystdemo.net.nz/admin/users/institutions.php
2. User click SSO Login option
3. confirm user is redirected to Catalyst SSO login page
4. User click the "LDAP User directory" bitton
5. User enter their LDAP username and password
6. Confirm user is redirected back to the Mahara site and user is logged in ✔
7. Log out and log in as admin user for the site
8. Browse around the site and confirm there are no bugs ✔
9. Create a portfolio page and add varous block to the page and confirm functionality is working as expected ✔
Test Script - Admin user set up SAML auth for instution
1. Log in as site admin
2. Create a new Institution
3. Edit the newly created Institution
4. Confirm that there is now a "Authentication plugin" drop down field ✔
5. Select the SAML option
6. Add the following information in the Institution Identity Provider SAML metadata text box
-----------------------------------------------------------------------------------------------
<?xml version="1.0" encoding="UTF-8"?>
<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" entityID="idp.crystal.school.nz">
<md:IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol" WantAuthnRequestsSigned="true">
<md:KeyDescriptor use="signing">
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <ds:X509Data> <ds:X509Certificate>MIIDnTCCAoWgAwIBAgIJAID6W0Acj/k5MA0GCSqGSIb3DQEBBQUAMGUxCzAJBgNVBAYTAk5aMQ8wDQYDVQQIDAZOZWxzb24xDzANBgNVBAcMBk5lbHNvbjEUMBIGA1UECgwLTmVsc29uIExvb3AxHjAcBgNVBAMMFWlkcC5jcnlzdGFsLnNjaG9vbC5uejAeFw0xNDA3MDYxOTQ0MjJaFw0yNDA3MDUxOTQ0MjJaMGUxCzAJBgNVBAYTAk5aMQ8wDQYDVQQIDAZOZWxzb24xDzANBgNVBAcMBk5lbHNvbjEUMBIGA1UECgwLTmVsc29uIExvb3AxHjAcBgNVBAMMFWlkcC5jcnlzdGFsLnNjaG9vbC5uejCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALui2EpTSiuByRDWTLG7Eqsdrb+PeBw1uMGbfa5pstB2TTju7+GxD6nAjRPYeyYkRMrFV6lk7Bu+ZM9irX32O3ly67SPikzl9BuqCjsRRxB9klTu/zJ1YpUp8K2VQqexctJY8GqgIpwY3UC+H/kkJXiox1RuQ/GauPO2NFQ6/keZSr3sFmeF/lWn/21Jobsyi5SXX2mN9eOED4FxptDww+i48U/7tynTtaKzEBDAFlZnU8RmLpd2IBoi3KhrssrCnb0kP3f9MoUl+hVmZanQ446PxKtmS82UM1q6K1ZiK4/lcZH4667vikyxZmjXnTQR7ALg+Edt6H3pPCQNSDaRg9MCAwEAAaNQME4wHQYDVR0OBBYEFM49ucR9Egxt4vYIpNvC1lIKcSUDMB8GA1UdIwQYMBaAFM49ucR9Egxt4vYIpNvC1lIKcSUDMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAEfL2B9CvkwzrP0NTGpg/ZlD8VzRz3q29umJJnZCHmPkfCTi+lHShfH2fTfkw+ntSQo8DbDFiu7G2EO9CgqiE8TiUoLkx8jEeM/On8Rwy6VXLrmzlmcB1YSG44r+RXIekuLvt1f5wHG+HQ4gWVQoON8kbRhfRJBkLTCefzsoELvPIdcWAsYRg1BA5eXmrdfq7W7ALI9O/WWUfNyRjTk7X/RfgB5awkuI1WyMrlsjCrjB4xtNEzcVkg/tvq48xMq6Zsx3GzUXBQu/MhITCYI5xqgbcmAEKjwHyeXcINPh1f8jxfzXIc9u6Or8QgFiSEibtiqrD3IBACksOseJ+m+5aPc=</ds:X509Certificate> </ds:X509Data>
</ds:KeyInfo>
</md:KeyDescriptor>
<md:KeyDescriptor use="encryption">
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <ds:X509Data> <ds:X509Certificate>MIIDnTCCAoWgAwIBAgIJAID6W0Acj/k5MA0GCSqGSIb3DQEBBQUAMGUxCzAJBgNVBAYTAk5aMQ8wDQYDVQQIDAZOZWxzb24xDzANBgNVBAcMBk5lbHNvbjEUMBIGA1UECgwLTmVsc29uIExvb3AxHjAcBgNVBAMMFWlkcC5jcnlzdGFsLnNjaG9vbC5uejAeFw0xNDA3MDYxOTQ0MjJaFw0yNDA3MDUxOTQ0MjJaMGUxCzAJBgNVBAYTAk5aMQ8wDQYDVQQIDAZOZWxzb24xDzANBgNVBAcMBk5lbHNvbjEUMBIGA1UECgwLTmVsc29uIExvb3AxHjAcBgNVBAMMFWlkcC5jcnlzdGFsLnNjaG9vbC5uejCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALui2EpTSiuByRDWTLG7Eqsdrb+PeBw1uMGbfa5pstB2TTju7+GxD6nAjRPYeyYkRMrFV6lk7Bu+ZM9irX32O3ly67SPikzl9BuqCjsRRxB9klTu/zJ1YpUp8K2VQqexctJY8GqgIpwY3UC+H/kkJXiox1RuQ/GauPO2NFQ6/keZSr3sFmeF/lWn/21Jobsyi5SXX2mN9eOED4FxptDww+i48U/7tynTtaKzEBDAFlZnU8RmLpd2IBoi3KhrssrCnb0kP3f9MoUl+hVmZanQ446PxKtmS82UM1q6K1ZiK4/lcZH4667vikyxZmjXnTQR7ALg+Edt6H3pPCQNSDaRg9MCAwEAAaNQME4wHQYDVR0OBBYEFM49ucR9Egxt4vYIpNvC1lIKcSUDMB8GA1UdIwQYMBaAFM49ucR9Egxt4vYIpNvC1lIKcSUDMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAEfL2B9CvkwzrP0NTGpg/ZlD8VzRz3q29umJJnZCHmPkfCTi+lHShfH2fTfkw+ntSQo8DbDFiu7G2EO9CgqiE8TiUoLkx8jEeM/On8Rwy6VXLrmzlmcB1YSG44r+RXIekuLvt1f5wHG+HQ4gWVQoON8kbRhfRJBkLTCefzsoELvPIdcWAsYRg1BA5eXmrdfq7W7ALI9O/WWUfNyRjTk7X/RfgB5awkuI1WyMrlsjCrjB4xtNEzcVkg/tvq48xMq6Zsx3GzUXBQu/MhITCYI5xqgbcmAEKjwHyeXcINPh1f8jxfzXIc9u6Or8QgFiSEibtiqrD3IBACksOseJ+m+5aPc=</ds:X509Certificate> </ds:X509Data>
</ds:KeyInfo>
</md:KeyDescriptor>
<md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://idp.crystal.school.nz/simplesaml/saml2/idp/SingleLogoutService.php"/>
<md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</md:NameIDFormat>
<md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://idp.crystal.school.nz/simplesaml/saml2/idp/SSOService.php"/>
</md:IDPSSODescriptor>
<md:Organization>
<md:OrganizationName xml:lang="en">Crystal Identity</md:OrganizationName>
<md:OrganizationDisplayName xml:lang="en">Crystal Identity</md:OrganizationDisplayName>
<md:OrganizationURL xml:lang="en">http://www.crystal.school.nz</md:OrganizationURL>
</md:Organization>
<md:ContactPerson contactType="technical">
<md:SurName>Helpdesk</md:SurName>
<md:EmailAddress><email address hidden></md:EmailAddress>
</md:ContactPerson>
</md:EntityDescriptor>
-----------------------------------------------------------------------------------------------
7. Fill in the other required fields and save
8. Log out and Log back in by clicking the SSO button
9. Confirm that user is now Redireted to a Mahara page where a user can select which Identity Providerthey want to log in with https://webservices-mahara.catalystdemo.net.nz/auth/saml/index.php ✔
10. Log in with the Crystal Identity provider
11. Confirm that user can log in ✔
Environment tested: Master
Browser tested: Chrome
------- ------- ------- ------- ------- -- ------- ------- ------- ------- --
Manual Test Script
-------
Preconditions:
1. SAML patches: Please ask Robert to apply them to https:/ /webservices- mahara. catalystdemo. net.nz/ /reviews. mahara. org/#/c/ 8893/2 as that also pulls in https:/ /reviews. mahara. org/#/c/ 8630/8
- It would be patch https:/
2. Catalyst User with LDAP sign in exists (stevens)
Test Script - The class or interface 'SimpleSAML_Logger' is now using namespaces
1. User browse to https:/ /webservices- mahara. catalystdemo. net.nz/ admin/users/ institutions. php
2. User click SSO Login option
3. confirm user is redirected to Catalyst SSO login page
4. User click the "LDAP User directory" bitton
5. User enter their LDAP username and password
6. Confirm user is redirected back to the Mahara site and user is logged in ✔
7. Log out and log in as admin user for the site
8. Browse around the site and confirm there are no bugs ✔
9. Create a portfolio page and add varous block to the page and confirm functionality is working as expected ✔
Test Script - Admin user set up SAML auth for instution
1. Log in as site admin ------- ------- ------- ------- ------- ------- ------- ------- ------- ------- ------- ------- ---- iptor xmlns:md= "urn:oasis: names:tc: SAML:2. 0:metadata" xmlns:ds="http:// www.w3. org/2000/ 09/xmldsig#" entityID= "idp.crystal. school. nz"> criptor protocolSupport Enumeration= "urn:oasis: names:tc: SAML:2. 0:protocol" WantAuthnReques tsSigned= "true"> KeyDescriptor use="signing"> www.w3. org/2000/ 09/xmldsig#">
<ds:X509Data>
<ds: X509Certificate >MIIDnTCCAoWgAw IBAgIJAID6W0Acj /k5MA0GCSqGSIb3 DQEBBQUAMGUxCzA JBgNVBAYTAk5aMQ 8wDQYDVQQIDAZOZ Wxzb24xDzANBgNV BAcMBk5lbHNvbjE UMBIGA1UECgwLTm Vsc29uIExvb3AxH jAcBgNVBAMMFWlk cC5jcnlzdGFsLnN jaG9vbC5uejAeFw 0xNDA3MDYxOTQ0M jJaFw0yNDA3MDUx OTQ0MjJaMGUxCzA JBgNVBAYTAk5aMQ 8wDQYDVQQIDAZOZ Wxzb24xDzANBgNV BAcMBk5lbHNvbjE UMBIGA1UECgwLTm Vsc29uIExvb3AxH jAcBgNVBAMMFWlk cC5jcnlzdGFsLnN jaG9vbC5uejCCAS IwDQYJKoZIhvcNA QEBBQADggEPADCC AQoCggEBALui2Ep TSiuByRDWTLG7Eq sdrb+PeBw1uMGbf a5pstB2TTju7+ GxD6nAjRPYeyYkR MrFV6lk7Bu+ ZM9irX32O3ly67S Pikzl9BuqCjsRRx B9klTu/ zJ1YpUp8K2VQqex ctJY8GqgIpwY3UC +H/kkJXiox1RuQ/ GauPO2NFQ6/ keZSr3sFmeF/ lWn/21Jobsyi5SX X2mN9eOED4FxptD ww+i48U/ 7tynTtaKzEBDAFl ZnU8RmLpd2IBoi3 KhrssrCnb0kP3f9 MoUl+hVmZanQ446 PxKtmS82UM1q6K1 ZiK4/lcZH4667vi kyxZmjXnTQR7ALg +Edt6H3pPCQNSDa Rg9MCAwEAAaNQME 4wHQYDVR0OBBYEF M49ucR9Egxt4vYI pNvC1lIKcSUDMB8 GA1UdIwQYMBaAFM 49ucR9Egxt4vYIp NvC1lIKcSUDMAwG A1UdEwQFMAMBAf8 wDQYJKoZIhvcNAQ EFBQADggEBAEfL2 B9CvkwzrP0NTGpg /ZlD8VzRz3q29um JJnZCHmPkfCTi+ lHShfH2fTfkw+ ntSQo8DbDFiu7G2 EO9CgqiE8TiUoLk x8jEeM/ On8Rwy6VXLrmzlm cB1YSG44r+ RXIekuLvt1f5wHG +HQ4gWVQoON8kbR hfRJBkLTCefzsoE LvPIdcWAsYRg1BA 5eXmrdfq7W7ALI9 O/WWUfNyRjTk7X/ RfgB5awkuI1WyMr lsjCrjB4xtNEzcV kg/tvq48xMq6Zsx 3GzUXBQu/ MhITCYI5xqgbcmA EKjwHyeXcINPh1f 8jxfzXIc9u6Or8Q gFiSEibtiqrD3IB ACksOseJ+ m+5aPc= </ds:X509Certif icate>
</ds:X509Data> KeyDescriptor> KeyDescriptor use="encryption"> www.w3. org/2000/ 09/xmldsig#">
<ds:X509Data>
<ds: X509Certificate >MIIDnTCCAoWgAw IBAgIJAID6W0Acj /k5MA0GCSqGSIb3 DQEBBQUAMGUxCzA JBgNVBAYTAk5aMQ 8wDQYDVQQIDAZOZ Wxzb24xDzANBgNV BAcMBk5lbHNvbjE UMBIGA1UECgwLTm Vsc29uIExvb3AxH jAcBgNVBAMMFWlk cC5jcnlzdGFsLnN jaG9vbC5uejAeFw 0xNDA3MDYxOTQ0M jJaFw0yNDA3MDUx OTQ0MjJaMGUxCzA JBgNVBAYTAk5aMQ 8wDQYDVQQIDAZOZ Wxzb24xDzANBgNV BAcMBk5lbHNvbjE UMBIGA1UECgwLTm Vsc29uIExvb3AxH jAcBgNVBAMMFWlk cC5jcnlzdGFsLnN jaG9vbC5uejCCAS IwDQYJKoZIhvcNA QEBBQADggEPADCC AQoCggEBALui2Ep TSiuByRDWTLG7Eq sdrb+PeBw1uMGbf a5pstB2TTju7+ GxD6nAjRPYeyYkR MrFV6lk7Bu+ ZM9irX32O3ly67S Pikzl9BuqCjsRRx B9klTu/ zJ1YpUp8K2VQqex ctJY8GqgIpwY3UC +H/kkJXiox1RuQ/ GauPO2NFQ6/ keZSr3sFmeF/ lWn/21Jobsyi5SX X2mN9eOED4FxptD ww+i48U/ 7tynTtaKzEBDAFl ZnU8RmLpd2IBoi3 KhrssrCnb0kP3f9 MoUl+hVmZanQ446 PxKtmS82UM1q6K1 ZiK4/lcZH4667vi kyxZmjXnTQR7ALg +Edt6H3pPCQNSDa Rg9MCAwEAAaNQME 4wHQYDVR0OBBYEF M49ucR9Egxt4vYI pNvC1lIKcSUDMB8 GA1UdIwQYMBaAFM 49ucR9Egxt4vYIp NvC1lIKcSUDMAwG A1UdEwQFMAMBAf8 wDQYJKoZIhvcNAQ EFBQADggEBAEfL2 B9CvkwzrP0NTGpg /ZlD8VzRz3q29um JJnZCHmPkfCTi+ lHShfH2fTfkw+ ntSQo8DbDFiu7G2 EO9CgqiE8TiUoLk x8jEeM/ On8Rwy6VXLrmzlm cB1YSG44r+ RXIekuLvt1f5wHG +HQ4gWVQoON8kbR hfRJBkLTCefzsoE LvPIdcWAsYRg1BA 5eXmrdfq7W7ALI9 O/WWUfNyRjTk7X/ RfgB5awkuI1WyMr lsjCrjB4xtNEzcV kg/tvq48xMq6Zsx 3GzUXBQu/ MhITCYI5xqgbcmA EKjwHyeXcINPh1f 8jxfzXIc9u6Or8Q gFiSEibtiqrD3IB ACksOseJ+ m+5aPc= </ds:X509Certif icate>
</ds:X509Data> KeyDescriptor> SingleLogoutSer vice Binding= "urn:oasis: names:tc: SAML:2. 0:bindings: HTTP-Redirect" Location="https:/ /idp.crystal. school. nz/simplesaml/ saml2/idp/ SingleLogoutSer vice.php"/> NameIDFormat> urn:oasis: names:tc: SAML:2. 0:nameid- format: transient< /md:NameIDForma t> SingleSignOnSer vice Binding= "urn:oasis: names:tc: SAML:2. 0:bindings: HTTP-Redirect" Location="https:/ /idp.crystal. school. nz/simplesaml/ saml2/idp/ SSOService. php"/> IDPSSODescripto r> OrganizationNam e xml:lang= "en">Crystal Identity< /md:Organizatio nName> OrganizationDis playName xml:lang= "en">Crystal Identity< /md:Organizatio nDisplayName> OrganizationURL xml:lang="en">http:// www.crystal. school. nz</md:Organizati onURL> Organization> "technical" > SurName> Helpdesk< /md:SurName> EmailAddress> <email address hidden> </md:EmailAddre ss> ContactPerson> riptor> ------- ------- ------- ------- ------- ------- ------- ------- ------- ------- ------- ------- ---- /webservices- mahara. catalystdemo. net.nz/ auth/saml/ index.php ✔
2. Create a new Institution
3. Edit the newly created Institution
4. Confirm that there is now a "Authentication plugin" drop down field ✔
5. Select the SAML option
6. Add the following information in the Institution Identity Provider SAML metadata text box
-------
<?xml version="1.0" encoding="UTF-8"?>
<md:EntityDescr
<md:IDPSSODes
<md:
<ds:KeyInfo xmlns:ds="http://
</ds:KeyInfo>
</md:
<md:
<ds:KeyInfo xmlns:ds="http://
</ds:KeyInfo>
</md:
<md:
<md:
<md:
</md:
<md:Organization>
<md:
<md:
<md:
</md:
<md:ContactPerson contactType=
<md:
<md:
</md:
</md:EntityDesc
-------
7. Fill in the other required fields and save
8. Log out and Log back in by clicking the SSO button
9. Confirm that user is now Redireted to a Mahara page where a user can select which Identity Providerthey want to log in with
https:/
10. Log in with the Crystal Identity provider
11. Confirm that user can log in ✔
Catalyst QA Approved ✔