Central Authentication Service Software Testing

WKES1104: Software Engineering

Prepared by:
Bintang Pamungkas WEK100733

For:
Dr. Nazean Jomhari

Faculty of Computer Science & Information Technology

University of Malaya

1
Question:

Tutorial Software Testing

You have been asked to create CAS (Central authentication Service)

system for company A. This company has a few systems which are not
integrated with each other such as, Leave management system (using
PhP), meeting calendar system (Java), email system (gmail) etc. Identify
the tests of features of the CAS that you are going to build. The
architecture of CAS looks like the figure below.

2
 Introduction

1. Definition
CAS is an enterprise Single Sign-On solution for web services.
Single Sign-On (SSO) means a better user experience when running
a multitude of web services, each with its own means of
authentication. With a SSO solution, different web services may
authenticate to one authoritative source of trust, which the user
needs to log in to, instead of requiring the end-user to log in into
each separate service.1

In short, CAS (Central Authentication Service) is an

authentication system which enables user to log in several web
services which only requires the user to be authenticated once by
the CAS.

1.1 CAS Development

Central Authentication Service (CAS) was invented and

developed by Shawn Bayern of Yale University, later on CAS was
maintained by Drew Mazurek at Yale. The first version of CAS, has
implemented the Single Sign-On feature. After the pioneer, CAS 2.0
was launched with new features on the system, one of the features
that being introduced was multitier proxy authentication.

In December 2004, CAS became a project of JASIG (Java

Architecture Special Interest Group), which since the year of 2008
has been responsible for CAS maintenance and development, that is
why CAS also known as JASIG CAS.

1 https://wiki.jasig.org/display/CAS/Home

3
 Because of its reliability, today CAS has been used widely
among the universities all across the universe, even University of
Malaya also has adopted the CAS that we will see whenever we want
to access the applications which University of Malaya provided, such
as SPECTRUM.

University of Malaya Central Authentication Service

1.2 CAS Client Integration

Until today, there are four official CAS clients according to the
JASIG CAS website. These four official clients are Java, PHP, .NET and

4
 Apache. Besides those four official clients, CAS also can be
integrated to other clients such as Perl, uPortal, Google Web Toolkit,
TikiWiki, etc.

Content

1. Software Testing

The general testing process usually started with the testing of

individual program units such as functions or objects. These tested
units will later be integrated into sub-systems and systems, and then
the interactions of these units were tested. After the system integrated
and completed, we can do a series of acceptance tests to validate and
verify the software built. Software testing is not an easy process, it has
two distinct goals:

i. To demonstrate to the developer and the customer that

the software meets its requirements. In other words,
software testing has the goal to validate the product.
ii.To discover faults or defects in the software. Also can be
interpreted as, verifying the product.

Software validation and software verification are two distinct

things, according to Boehm (Boehm, 1979) succinctly
expressed the difference between them:

• Validation: Are we building the right product?

• Verification: Are we building the product right?

1. CAS Software Testing

Central Authentication Service also needs to pass the software

testing, moreover because it often plays a very crucial role in the

5
system it is used then we have to do the test thoroughly. Company “A”
has a lot of un-integrated applications such as Leave Management
System that uses PHP, Meeting Calendar System that uses Java and
also an email client using Gmail. So, the first thing we want to do is to
do the unit test. We have to check the applications the company
already have. But, since all of the applications are not integrated, we
do not have to check the whole system by pairing and integrating each
application. All we have to do is to integrate every application with the
CAS itself.

After done with the individual tests, we shall proceed to the main
testing, the CAS testing. I have figured out some of the main features
that need to be tested. These features are:

1) Compatibility
First of all, we have to make sure that the client (applications
that the company “A” has) is compatible with the CAS. As already
said in the introduction part of this essay, CAS only supports four
official clients and few unofficial clients. The three examples of
the applications the company “A” has will pass this test, as Java
and PHP are the official clients of JASIG CAS and Gmail also can
be integrated with CAS as Google Web Toolkit considered as
unofficial client of CAS.

Compatibility is one of the most basic things, because

everything will be ruined if we forgot this aspect to be tested.

2) Security
Security in CAS is one of the most crucial things that need to
be tested, because, CAS basically is a tool used as a “ticket” to
pass to varied applications provided in the system. We have to

6
 make sure there are no crucial holes in the system, and if we
found it, we have to fix it as soon as possible.

Testing this aspect can be a little bit tricky, because we have

to find the hole inside the system which is not easy to be seen.
Sometimes, to test the security of software we need independent
team to take a look at the system that we already have. We can
take a look at the method used by the software Mozilla Firefox, on
the October 2010, they let public to try to find any bugs that
might be in the software, this competition results in 12 years old
boy who found a major security hole in the software. Because of
that, the boy, Alex Miller was given $3000 by the company.

3) Stability
Since CAS plays a very important role as a gateway to varied
applications used in the company “A”, we have to make sure its
stability. The CAS has to be able to work for 24/7, and when it is
down it can be fixed in no time (this thing will be covered under
the aspect of maintainability).
To test this aspect, maybe we can try to flood the system with
traffic and see how many traffics it can withstand simultaneously.
If it can handle a lot of traffics simultaneously, then the system is
stable enough to be launched.

4) Maintainability
Maintainability comes after stability, because they system
does not always go as we planned. Here, maintainability plays its
role. Whenever the system is down, it must be repaired as soon
as possible. A maintainable system will help to cut down the cost
and the time of repair.

Done with the main features test, we shall proceed to the

acceptance test. Acceptance testing is the process where the system is

7
tested using customer data to check that it meets the customer's real
needs. (Sommerville, 2007, p.402). Acceptance testing is also known as
Alpha test.

The next step after Alpha test, is the Beta test. Beta test lets some
potential customers to use the software and then reports and gives
feedback to the system developers. The reports and feedbacks will be
used by the system developers as an input to develop the system further.
And after that, usually the team will decide whether the system ready to
be launched or not.

8
 Conclusion

From the explanations above, we can see that software testing plays
an important role to make sure that we are building the right software in
the right way. Software testing in Central Authentication Service will
include a lot of aspects such as, compatibility, security, stability, and also
maintainability. And the test also has to be made in such an appropriate
order. Besides that, we also have to test the un-integrated units first.
Since CAS plays a very important role to the whole system, then we have
to do the test thoroughly and precisely.

9
 References

Sommerville, Ian. (2007). Software Engineering. Essex : Pearson Education

Limited

CAS | JASIG Community. Retrieved March 8, 2011, from

http://www.jasig.org/cas

10