Test PingOne Authorize Trust Framework elements from end-to-end with tools that show the complete processing flow.
Testing enables you to validate the type conversion of policy information points (PIP) included in decision requests and the logical behavior of conditions. Although policy testing indirectly tests your Trust Framework elements, testing each Trust Framework element individually allows you to immediately view the output of element processing without needing to parse policy test results.
Use Trust Framework testing to:
- Verify attribute or service value settings.
If you are testing an attribute with a value type other than
String
, the decision service must convert this attribute from a string provided in the request to the correct type. Testing an attribute or service allows you to verify that the formatting required for this conversion is correct. - Test the behavior of value processors.
The decision service's conversion of request parameters from strings to other data types, such as
Number
, might involve a chain of processors configured in the attribute definition. Testing an attribute allows you to determine whether such processing produces the desired outcome, before runtime. - Test the behavior of resolvers.
If you define multiple resolvers on an attribute, you can use testing to confirm the order in which the decision service checks these resolvers for a value.
- Test the logic of conditions.
With testing, you can confirm that your conditional logic produces the desired outcome, before implementing that logic in your authorization policies.
Test additional Trust Framework elements with multiple value processors or resolvers.
- Example: Testing an attribute with multiple resolvers
-
The following example extends the Datetime attribute by adding a Constant resolver. The expected behavior is that the decision service first checks the decision request for a Datetime parameter to resolve the attribute from, and if there is no such parameter, the decision service resolves the attribute from a specified constant value.
After executing the testing scenario without any parameters defined, you can check the
attributes.Datetime.resolvedBy
field under the Response tab to verify the order in which the decision service checks resolvers for attribute values. - Example: Testing an attribute with multiple processors
-
The following example defines a User.Age attribute of type Number, which uses a series of processors to calculate a user's age:
The primary value processor, Calculate Age of User, defines three subordinate PingOne Expression Language processors that each use the Datetime attribute from above and a new User.Date of Birth attribute. The User.Date of Birth attribute is not connected to the built-in PingOne.User attribute.
- Calculate year:
#datetime.getYear({{Datetime}}) - #datetime.getYear({{User.Date of Birth}})
- Calculate
month:
#this.value - (#datetime.getMonth({{Datetime}}) < #datetime.getMonth({{User.Date of Birth}}) ? 1 : 0)
- Calculate
day:
#this.value - ((#datetime.getMonth({{Datetime}}) == #datetime.getMonth({{User.Date of Birth}})) && (#datetime.getDayOfMonth({{Datetime}}) < #datetime.getDayOfMonth({{User.Date of Birth}})) ? 1 : 0)
The decision service resolves the User.Date of Birth attribute from the User attribute and uses the following JSON Path and SpEL processors:
The following testing scenario verifies that the above chain of processing works as intended, where a user's birthday is February 11, 2000:
- Calculate year: