Tuesday, July 21, 2009


Here's an interesting article that talks about SOAPSonar vs. SOAPUI.


SOAPSonar has been dominant in the SOA Testing space and is the only product that provides comprehensive SOA Testing across Functional, Performance, Interoperability and Security domains. Crosscheck Networks, the provider of SOAPSonar, recently acquired Forum Systems. With this acquisition, Crosscheck Networks now provides a wide array of integrated product offerings that comprehensively covers services life cycle across building, testing and securing SOA deployments.

Here's another article that highlights why a testing tool that is commercially built is better suited for SOA Testing: Limits of Open source SOA Testing tools.

Monday, July 06, 2009

How-to test SAML tokens

SAML tokens are often used with XML and SOAP messages for identity related functions. Typically an XML Gateway, such as Forum Sentry, or an application server such as SAP Application Server consume or generate SAML artifacts for Authentication and Authorization or carrying Attribute information from the sender.

For testing SOA deployments that use SAML tokens, SOAPSonar from Crosscheck Networks provides all the provisions required to dynamically construct and send SAML tokens within a web services invocation. The configuration screen for the SAML tokens that supports both SAML 1.1 and SAML 2.0 provides the flexibility to set:
  1. Issuer

  2. Name Identifier (emailAddress, unspecified, entity, kerberos, persistent, transient, unspecified, X509SubjectName)

  3. Confirmation Method (bearer, holder-of-key, sender-vouches)

  4. Statement Type (Authorization, Authentication, Attribute)

  5. Dynamic Time Stamps, Time-to-Live, Include Not-Before, Include, Not-After

  6. Signatures

Issuing a valid SAML token requires time-related elements that have to be dynamically generated for each request. Timestamps, TTL, Not-Before, Not-After elements and attributes provide a temporal aspect to SAML assertions that have to be properly enforced by the services endpoint (server, or gateway) and have to be fully tested using dynamic tools such as SOAPSonar. It is also recommended that the integrity of the SAML assertion be maintained through signatures on the assertion. This signature has to be properly generated by the client (SOAPSonar for testing) and properly verified by the service endpoint.

A trial enterprise version of SOAPSonar can be downloaded here.

Sunday, July 05, 2009

Intro to SOA Regression Testing: A Hands-on Approach

Here's a hands-on approach to SOA-based Regression Testing using XML/Web Services that is useful for developers and SOA QA professionals who want to ensure that the rapid pace of changes made to web services do not degrade the quality of their services.

Intro to SOA Regression Testing: A Hands-on Approach

In this article, techniques for SOA Regression Testing through a hands-on approach are described with a walk through of:

  • Setting up a simple web services consumer (client) and producer (server) environment.
  • Establishing an external MS Excel data source for driving test scenarios.
  • Recording an acceptable base-line run.
  • Simulating regression by changing producer service.
  • Re-running external test data and identify producer service regression.

This article was initially published on Code Project by Crosscheck Networks, Inc.