TESTING APPLICATION CHANGES WITH IMPRIVATA ONESIGN This dcument describes a suggested apprach t testing applicatin changes with Imprivata OneSign befre incrprating them int yur prductin envirnment. The first part describes varius suggestins and ptins relative t the test envirnment. The secnd part ffers sme testing suggestins and scenaris. Befre yu begin testing Always make a backup cpy f the applicatin prfile that is currently in use in yur prductin envirnment. During the testing, yu may need t revert back t the riginal prfile frm time t time s yu shuld have it readily available. The Test Envirnment Whenever pssible, a separate test appliance shuld be used. This will enable yu t d full testing f the existing prfiles withut disruptin t yur prductin envirnment. If yu must test in yur prductin envirnment, yu may be required t mdify a cpy f the existing prductin prfiles which wuld als interfere with managing credential when re-imprting the mdified prfiles. As a result, the interruptin t prductin users may be significant. We strngly recmmend against mdifying the riginal applicatin prfile fr upgrade testing regardless f whether the testing is dne n a separate test appliance r in the prductin envirnment since yu may need t revert t it during yur testing. Instead, we suggest that yu create cpies f the prfile t be tested using ne f the methds described belw and then substitute it fr the riginal prfile when testing and any resulting mdificatins have been cmpleted. Always make a backup cpy f the riginal prductin versin f the applicatin prfile! Cpying a prfile when a separate test appliance will be used fr testing This is the least intrusive prcess. In the end it will verwrite the existing applicatin prfile with the mdified and fully tested prfile withut interruptin t the credentials. The specific steps are as fllws: 1. Exprt the riginal prfile frm the prductin appliance t a lcal file that is accessible t the test envirnment. 2. Imprt the prfile t the test appliance.
3. Test the prfile with the new versin f the applicatin and mdify the prfile as needed, saving yur changes. 4. Perfrm thrugh testing n the mdificatins made t the prfile fr the new versin f the applicatin. 5. Once testing has been cmpleted t satisfactin, exprt the mdified prfile frm the test appliance t a lcal file that is accessible t the prductin envirnment. 6. Imprt the mdified prfile t the prductin appliance. 7. Cnfirm that the prfile has been replaced. Cpying a prfile ver the riginal prfile withut use f credential stre This prcess is perfrmed n a cpy f the applicatin prfile n the prductin appliance. Once the mdificatins are made t the cpy f the prfile and fully tested, the riginal prfile is replaced with the mdified versin. There is n interruptin t the credentials. The specific steps are as fllws: 1. Make a cpy f the riginal applicatin prfile frm within the OneSign interface. 2. Test the cpy f the prfile with the new versin f the applicatin and mdify the prfile as needed, saving yur changes. 3. Perfrm thrugh testing n the mdificatins t the prfile fr the new versin f the applicatin. 4. Once testing has been cmpleted t satisfactin, exprt the mdified prfile t a lcal file 5. G t the deplyment page f the riginal prductin prfile and select replace prfile. 6. Cnfirm prfile replacement n the next screen. Cpying a prfile ver the riginal prfile withut use f a credential stre (pre 4.1 OneSign versin) This prcess is perfrmed n a cpy f the applicatin prfile n the prductin appliance. Once the mdificatins are made t the cpy f the prfile and fully tested, yu ll need t make sme XML edits s the riginal prfile can be replaced with the mdified versin. There is n interruptin t the credentials. The specific steps are as fllws: 1. Make a cpy f the riginal applicatin prfile frm within the OneSign interface. 2. Test the cpy f the prfile with the new versin f the applicatin and mdify the prfile as needed, saving yur changes. 3. Perfrm thrugh testing n the mdificatins t the prfile fr the new versin f the applicatin. 4. Open the riginal applicatin prfile in APG and gt t Edit XML. Near the tp level f the XML cde lcate an nm= xxxxx.xxxx-xx value present in the applicatin-level XML. This is the unique identifier fr the applicatin prfile. 5. Cpy the unique identifier value lcated in step 4 t yur clipbard.
6. Open the mdified cpy f the applicatin prfile in APG and nce again g t Edit XML. Lcate the nm= xxxxx.xxxx-xx value and replace the unique identifier with the identifier cpied frm the riginal applicatin prfile. 7. Lcate the desc= NAME value within the mdified cpy f the applicatin prfile and change the value t an apprpriate name fr the prfile. 8. Save the XML changes made t the mdified cpy f the applicatin prfile. This will cause the riginal applicatin prfile t be replaced with the mdified versin f the applicatin prfile. Cpy with the use f a credential stre withut use f a Test Appliance (pre 4.1 OneSign versin) This prcess is perfrmed n a cpy f the applicatin prfile n the prductin appliance. Once the mdificatins are made t the cpy and fully tested, yu ll cnfigure the riginal applicatin prfile t use a new credential stre. This new credential stre will include the previusly-learned credentials fr the applicatin. The mdified versin f the applicatin prfile will be cnfigured t use the new credential stre based ff f the initial applicatin deplyment, and als mirrr the user deplyment settings and shutdwn strings that are applicable t the new prfile. The riginal and mdified applicatins prfiles will then be swapped. IMPORTANT: If yu mdify the credential stre setting and get int a state where the credential stre is n lnger assciated with a deplyed applicatin, the credential stre will be lst. Be sure t leave the credential stre assciated with the riginal applicatin prfile as a placehlder t prevent a lss f credentials. The specific steps are as fllws: 1. Make a cpy f the riginal applicatin prfile frm within the OneSign interface. 2. Test the cpy f the prfile with the new versin f the applicatin and mdify the prfile as needed, saving yur changes. 3. Perfrm thrugh testing n the mdificatins t the prfile fr the new versin f the applicatin. 4. Open the deplyment page f the riginal applicatin prfile and cnfigure a NEW credential stre, saving yur changes. 5. Open the deplyment page f the mdified applicatin prfile and cnfigure it t use the credential stre created in step 4. 6. Mirrr the deplyment ptins frm the riginal applicatin prfile t the mdified applicatin prfile. Be aware f any shutdwn strings r additinal deplyment ptins. Save yur changes. 7. In the OneSign interface applicatin list, verify that bth prfiles are using the same credential stre. 8. Als in the OneSign interface applicatin list, select and disable the riginal applicatin prfile.
Testing Suggestins and Scenaris Screen definitins may remain the same in a new versin f a prfiled applicatin but the rder in which thse screens are called by the applicatin may change and such a change wuld render the current applicatin prfile ineffective. Fr this reasn, it is imprtant t remember t fcus yur testing effrts n screen recgnitin and wrkflws, as well as any new r mdified screens. An rganized applicatin wrkflw chart can prvide a reusable test tl which can be effective in ensuring that yur testing effrt is as cmplete as pssible. When testing an applicatin upgrade yu shuld remember t include the fllwing scenaris in yur testing: Validate all knwn existing wrkflws. The applicatin prfile was created t handle the wrkflws that existed in the current versin f the applicatin. Yu ll want t make sure that the wrkflws still functin crrectly in the upgraded versin f the applicatin. Test all pssible failures. Belw are sme cmmn failures scenaris t include: Lgin failures Blank username with valid passwrd Blank username with invalid passwrd Valid username with blank passwrd Invalid username with blank passwrd Change passwrd failures Invalid ld passwrd Blank new passwrd Blank cnfirm passwrd Passwrd plicy failures e.g. mismatch, nt enugh characters, invalid character types etc. (can be handled by ECC r OneSign) Test fr false recgnitins. Smetimes the identifying factrs f a prfiled screen may match up with a screen that has nt been prfiled. Fr example, a prfile may examine the username field f a lgin screen. Later in the applicatin a screen that has nt been prfiled may use the value frm the username field. If the prfiled lgin screen is nt defined in a unique way, the unprfiled screen may be recgnized unintentinally. As a result, yu may bserve seemingly randm keys entered as the agent is trying t prxy smething due t the unintentinal screen recgnitin. When testing a prfile, it is helpful t have isxtrace active t determine if any ther screens are unintentinally recgnized. Agent interactin. On rare ccasin ther (unprfiled) applicatins present n the cmputer may nt run r run imprperly when the Imprivata OneSign agent is present. This type f interactin is usually recgnized quickly, but symptms may include: flickering drpdwn lists (r ther frms f data accumulatin) the applicatin hanging r crashing ne r mre functins n lnger wrk prperly the applicatin UI becmes distrted
Yu shuld cnsider testing thrugh all f the pssibly uses, functins, and screens f c-resident applicatins t determine if there is an interactin caused by the presence f the OneSign agent. Envirnments. The OneSign agent uses the apprpriate perating system versin f the applicatin prfile t prvide single sign-n. We recmmend that yu create a versin f the applicatin prfile fr each perating system that is in use by the users f the applicatin. In additin, we suggest that yu test each applicatin prfile with all f the hardware that will be used by the applicatin. The infrmatin cntained in this dcument is nt intended t be exhaustive. It is a cllectin f infrmatin gathered thrugh ur wn testing experiences and the experiences f custmers as they were reprted t Imprivata Technical Supprt.