How to Test Your CAS Single Sign On

In order to properly test the SSO integration, login credentials for test accounts are required (at minimum, one per user group that is established with SSO). It is recommended that you have test users for each group in your site. These test users must be shared with your Customer Engagement Representative to help in testing and troubleshooting. Only applicants and reviewers should be coming into the Apply site via the SSO; there should not be any co-applicants or recommenders.

The SSO integration should be configured at least two weeks prior to the site going live. Two weeks allows time to sufficiently test as well as troubleshoot issues. During this time Apply requires the SSO technical expert implementing the integration on your side, to be on hand to promptly adjust SSO integration configurations on the IdP as issues appear.

Key scenarios you want to test for are:

Upon signing in as a test applicant through the SSO you will want to check in the administrative end of Apply that they were successfully added in to “Users”. You also want to check in “Users” that all information is being pulled into Apply correctly. I.E. the name of the user, and their email are pulled over and put into the correct fields in Apply. If further user attributes have been mapped you will want to check they have also successfully mapped over. The columns option in the manage user section can be used to add those additional applicant custom fields to your manage users page.

When mapping additional attributes to SM Apply, you can add those custom fields to the table as columns as well.

Once you have successfully signed-on with a test user, and created/started a submission, sign-out of the site and then sign back in as that same individual. Check to make sure it brings you back into that specific Apply account, with a submission already started. If it brings you in, and the work you had previously done as that applicant is not available you will want to check in the administrative end of Apply if there are now two user account profiles for the same test user. If this is the case there is an issue with the UID.

SSO integrations default all new users your Apply site to the Applicant role. In order to ensure your reviewers have the right access in SM Apply you will need to add these users into SM Apply prior to their first SSO sign-on. You can do this by going to Users tab and selecting Add User. Ensure the reviewers are added into the reviewer role.

The reviewers should be brought to the reviewer summary page, not the applicant main screen.

In addition to testing that the sign-in components are working correctly, full tests through complete applications should be run using users coming in through the SSO, testing all potential submissions, links, tasks and resources ensuring everything is working as desired.

If issues are discovered during initial testing of the SSO there are some key pieces of information required to help resolve the issue: the type of user being tested, the login credentials for that user, and the error message (if one is displayed). Screenshots of error messages are always encouraged.