Special Instructions
Testing of the XUA X-Service-User actor implemented in your system is going to be performed in parallel to the testing of the other transactions protected by XUA. That means that for some of the tests, you will be asked to demonstrate that your system incorporates a SAML assertion in the SOAP header of the sent request. The presence of a SAML token shall be reflected in the audit message produced by your system.
Description
In order to conduct the tests correctly, your system is expected to use the Syslog collector as an ATNA Audit Record Repository. In other words, before the testing starts, configure your systems acting as XUA X-Service-User actor to send its audit messages to the simulator.
When executing a test which requires your system to support the XUA X-Service User actor and to generate an audit message, you need to demonstrate that the information from SAML token has been incorporated in the audit message.
The audit messages produced by SUT should have been recorded by the Syslog collector and be available in Gazelle Security Suite. For one of the step which requires a SAML token:
- Access the audit messages in Gazelle Security Suite from the "Audit Trail" > "Syslog collector" menu;
- Find out the message of interest, you can use the filters to ease your search (we also recommand to do it before you move to the next step);
- Download the audit message
- Upload the audit message file into the "Audit message" section of your ATNA questionnaire.
- Copy/Paste the link to the test instance into the test step below which relates to the IHE actor you are testing.
Evaluation
The monitor is expected to review each test instance referenced in the test steps section below to verify that
- a SAML assertion is present in the SOAP Header of the message produced by the system acting as X-Service User;
- an audit message has been recorded in the ATNA questionnaire and the audit message complies with the requirements from IHE technical framework: the ATNA Audit message UserName element records the X-User Assertion using the following encoding: alias<user@issuer> where:
- alias is the optional string within the SAML Assertion's Subject element SPProvidedID attribute
- user is the required content of the SAML Assertion's Subject element
- issuer is the X-Assertion Provider entity ID contained with the content of SAML Assertion's Issuer element
- The “<” and “>” represent XML control characters
Example: JD<John.Doe@example.com>
If those requirements are met, mark the step "verified" (green check), otherwise, mark it as "failed" (red cross).
At the end of the test session, the test shall be marked as verified only if all the steps related to actors supported by the system under test are marked as "verified". Otherwise, this test is failed.