...
| Tip | ||
|---|---|---|
| ||
For the technically advanced users who know what a "hosts" file is: Change your "hosts" file on your desktop client machine to add the line "128.36.64.90 auth.yale.edu". Browsers have a DNS lookup cache that remembers the IP address of recently used hosts. Google for something like "firefox dns cache" and choose an article that tells you how to use "about:config" to flush or disable it, or use a Browser you don't normally use that will not have a recent entry for "auth.yale.edu". From a Browser on the desktop client machine, login to your application. If it works, the test is done. If there is a problem, report it. Now delete or comment out the change just made to the "hosts" file. |
...
- Copy the test "hosts" file to the "etc" directory. To make sure it is working, issue the command "ping auth.yale.edu" and verify that the address being used is 128.36.64.90.
- Most Browsers have a DNS cache that remembers the IP address of recently visited servers. If you have an installed browser you don't normally use, then use it for testing. Otherwise, you have to Google for "firefox dns cache" (for FireFox or replace with your browser) choose an article that tells you how to turn DSN caching off.
- Launch a "Private Browser Window" so you have no existing session with CAS, Shib, or your application.
- Login to your application. If it works, the test is successful.
- Copy the original saved file to the "etc" directory.
...
Is There Another Way to Do This?
All Browsers have an Advanced section of their Options where under Network you can configure desktop Browers have a configuration option to specify the network address of a Proxy Server. When we have the time, we will set up a Proxy Server and then you can test Shibboleth using a change to the Browser configuration instead of a change to the hosts file. Doing this is actually a bit more complicated, but because of the bad association of hosts file changes and malware, some people today may feel better about this change. We have not yet set up the proxy.We have also set up a Windows VM in the "SpinUp" test environment that always has the modified hosts file. If for some reason you do not want to make the hosts change on your computer, you can request that your Netid be added to the users who can login to that computer, and then you can perform the test through the Remote Desktop sessionWe could create a special Proxy Server that reroutes requests for "auth.yale.edu" to the Pre-Production machine. However, after messing with a hosts file, the second most popular malware trick is to mess with the Proxy configuration. Routing Web traffic, particularly traffic to high security applications like CAS and Shibboleth, through a Proxy machine is not a good practice and we do not want to encourage it. You are certainly free to use Proxy servers that you control in your own testing.
We have created a Windows VM and permanently set the hosts file to point to Pre-Production. If someone were unable to make changes to their own machine, we could add their Netid to the list of users who can use Remote Desktop to login to the machine and test their application using one of the Browsers. Again this does not appear to be an optimal solution, and again you are free to install a VM host on your desktop (we recommend Virtualbox from Oracle) and run test cases in a VM that you would rather not run on your regular operating system.
Generally speaking, it is not possible to change the hosts file on a normal (non "rooted") Android computer, so you cannot test from a phone or tablet computer.
Changing the hosts file is simple and easy to understand, and it is completely under your control. Many people still have some laptop they replaced 6 years ago sitting on a shelf, and it is perfectly acceptable to run the test on that machine.