Test: TID request / error counting

[jennifer-richards]

TID request / error counting

This tests that the TID request counting behaves correctly. It is assumed that the format of the monitoring response has already been tested.

For these tests, open two terminals - one for sending TID requests and the other for sending monitoring requests.

Steps

1. Configure a trust router with monitoring enabled with an IdP / RP setup that allows requests to succeed
2. Start the trust router
3. Execute trmon <host> <port> show tid_reqs_processed tid_reqs_pending tid_error_count (result A)
4. Execute several successful TID requests
5. Execute the command from step 3 (result B)
6. Execute several TID requests with invalid IdP or RP realm combinations (nonexistent or disallowed by filters)
7. Execute the command from step 3 (result C)
8. Execute a TID request and immediately run the command from step 3 (result D)
9. Wait 10+ seconds and run the command from step 3 (result E)
10. Execute several invalid TID requests (e.g., by using an invalid credential for connecting to the TID port)
11. Execute the command from step 3 (result F)

Expected results

• Result A: all counts should be 0
• Result B: the tid_reqs_processed should be nonzero and match the number of successful request you made, others should be zero (if you executed the monitoring command immediately after the TID request, the tid_reqs_pending may be nonzero, but should return to zero after no more than 10 seconds)
• ~Result C: tid_reqs_processed should have increased by the number of requests you made, tid_err_count should still be 0~ See "new test" below for Result C
• Result D: tid_reqs_pending should be 1
• Result E: tid_reqs_pending should be 0 and tid_reqs_processed should have incremented by 1
• Resuslt F: tid_err_count should match the number of invalid requests you made, tid_reqs_pending should be 0, and tid_reqs_processed should not have changed

[meadmaker]

• Result A: ✔️
• Result B: ✔️
• Result C: ❌ - Invalid RP realms and non-existant IdP realms do not increment the error count.
• Result D: ✔️
• Result E: ✔️
• Result F: ✔️

[jennifer-richards]

If these resulted in TID responses being sent back (even if the TID requests failed, which they should) these should not be counted as errors. The "tid_reqs_processed" counter should increase.

The "tid_error_count" is intended to count connections on the TID port that could not be completed - i.e., authentication failed or something went wrong in the TID processing. (Whether that's the most useful thing to count I'm not sure, but it is what we do.)

[meadmaker]

I see that I misread your test case, because I was expecting different behavior.

Would it be easy to add a separate entry for when the TR generates a TID error message?

[meadmaker]

Passed.

[meadmaker]

Whoops; I commented on the wrong issue here. Re-opening.

[jennifer-richards]

I was almost able to make it work in 10 minutes so I went ahead and put in the other 10 to wrap it up.

I've added a tid_reqs_failed option that reports the number of TID requests that resulted in error messages being sent. Only successful requests are counted in tid_reqs_processed now.

I'm not sure about the naming of the options any more - I'm having trouble coming up with short labels that clearly indicate what the categories mean. Right now it's "reqs_processed", "reqs_failed", and "error_count"

[jennifer-richards]

New Test

Same as before except Result C should now have the tid_reqs_failed incrementing to count the invalid TID requests. That count should not increment for any of the other cases.

[jennifer-richards]

This was tested / passed