Test a sample proxy application

Topics

Assign the application

  1. Sign in to your Okta tenant as an administrator.
  2. In the Admin Console, go to ApplicationsApplications.
  3. Click the name of the newly added header application.
  4. Select the Assignments tab.
  5. Select .AssignAssign To People.
  6. Select an appropriate user and click Assign.

    Testing is typically initially done using the same user who is associated with administering Access Gateway.

  7. Click Done.

Perform simple application testing

  1. Click Goto application and select IDP Initiated to verify that the application is working.

    Test a sample cookie application

  2. In the application page, review and verify that the sample policy app matches your profile information.
    Example policy information

Configure application for simulation testing

This section covers testing using header based simulation and is only required if testing passing of values using application headers.

To configure an application for header or simulation testing:

To configure an application for policy simulation testing:

  1. Navigate to the Access Gateway Admin UI console
  2. From the Topology tab or the Applications tab, open the application.
  3. Select the Settings pane.
  4. Expand the Essentials tab.
  5. Note the current value of Protected Web Resource.
  6. Change the Protected Web Resource field to:
    ValueBehavior
    http://header.service.spgwWhen running a test, this displays information about the header, cookie, session, and other information.
    http://policy.service.spgwWhen running a test, this displays information about the application policy.

    Copy and save the original back-end Protected Web Resource value.

  7. Clear the Customize checkbox to disable the post-login URL.
  8. Expand the Advanced tab.
  9. Enable Debug mode.

    When enabling Debug mode, ensure that the download log has also been set to level debug. Application debug events aren't visible in downloadable logs unless download logs are also configured to emit Debug level log events. See Manage log verbosity

  10. Click Done.
  11. When debugging header-based applications, consider testing attributes with static known good values. For example, change dynamic IDP-based fields to static with known good values.

    When debugging policy-based applications, test with no policy or open policy first.

Configure Access Gateway for debug and monitoring

You can optionally configure Access Gateway Management console to output a running display of all system log messages.

To enable this debugging mode and monitor Access Gateway:

  1. Open a terminal and use SSH to connect to the Access Gateway Management console (ssh oag-mgmt@gw-admin.<domain.tld>).
  2. Enter 4 - Monitoring.
  3. Enter 2 - Enable Debug.
  4. Enter 1 - Monitor logs. This starts the running display of all log messages.

Return to the Access Gateway Admin UI console console. You can test your application and examine the results in the running logs. Use[ctrl][c] to exit the log display.

See Monitor for more details about monitoring, including a list of available commands.

The debug logging level rapidly generates log messages. Always disable debug logging when you've finished examining the logs.

Not disabling debug logging can lead to rapid log file growth, which can result in errors due to lack of storage space.

Simulation testing

Header and policy simulation testing involves temporarily replacing the Protected Web resource field in an application and then testing various target URLs, evaluating whether the headers and policies return the expected result.

To test an application using header or policy simulation:

  1. Configure the application for header or policy simulation testing as described in the Configure application for simulation testing section.
  2. Connect to the Access Gateway Management console and begin monitoring.

    For details see the monitoring section in Troubleshooting Applications.

  3. Select the Applications tab.
  4. On the row containing the application, click Goto application SP Initiated.
  5. Examine the header or policy information returned.
  6. Repeat for each protected URI.
  7. When complete disable debugging as described in the Disable debug section.

Completed application testing

Completed application testing as required.

  1. The Applications tab, on the row containing the application, click Goto application SP Initiated.
  2. Repeat testing using Goto application IDP Initiated.
  3. Repeat testing using each specialized policy URI.
  4. If required, disable debugging.

Completed application testing as required.

Disable debug

If displaying debug statements at the command line:

  1. Return to the Access Gateway Management console.
  2. Enter [ctrl][c] to exit the log display.
  3. Enter 3 - Disable debug.
  4. Exit the command line console

If application debug is enabled:

  1. Return to the Access Gateway Admin UI console
  2. Navigate to the application being tested
  3. Expand the Setting sub tab.
  4. Expand the Essentials sub tab.
  5. Return the Protected Web Resource field back to its original value.
  6. Expand the Advanced sub tab.
  7. Set the Debug toggle to Disable.
  8. Save your changes.