Creating physical web server resources

After you create logical HTTP connections, you must bind them to physical web server resources so that you can use those resources to create tests and virtual services (stubs).

Before you begin

If you are using SSL, ensure that you have valid certificate keystore files in your workspace. See Identity stores and SSL.

About this task

This task describes the manual creation of physical web server resources. However, two alternative automatic methods are available to create these resources:

Procedure

  1. On the toolbar of the Physical view of the Architecture School perspective, click Web > Web Server.

    Alternatively, in the Logical view, right-click an existing HTTP connection and click Set Binding in > environment_name > Create new Web Server.

  2. Optional: In the Name field, enter a name to distinguish this transport from other possible HTTP transports.
  3. Click Settings, if necessary, to configure the basic settings of the transport. These settings define which HTTP traffic to record:
    Table 1. Web server wizard, Settings page fields
    Field Description
    Host The host name or IP address of the computer that hosts the web server to which to connect.
    Port The port number through which to connect.
    Root resource path The path used to resolve relative paths when searching for resources.
  4. Optional: Click Client to configure the connection, proxy server, and authentication settings for the transport:
    Table 2. Web server wizard, Client page fields
    Field Description
    Virtual Client Address The client equivalent of a bind address. This address refers to the network that is used to make the outbound connection. Also known as the local address.
    Max connections per host The maximum number of connections that HCL OneTest API can maintain with the host. The default value is 100.
    Proxy Server
    Proxy Host The host name or IP address of the computer that hosts the proxy server that stands in for the web server.
    Proxy Port The number of the port through which to connect with the proxy server.
    Username The Username used to log on to the Proxy Host.
    Password The password associated with the proxy server Username.
    NTLM Domain The domain name used by NT LAN Manager as part of Microsoft's Integrated Windows Authentication.
    Authentication The following types of authentication are available:
    None
    No credentials are requested.
    Basic
    Username and Password are sent over the network in plain text.
    Digest
    A hash function is applied to the Password before it is sent.
    Kerberos
    Single Sign-On (SSO), or the Kerberos principal and password are used. For details, see Kerberos settings.
    NTLM
    Username, Password, and NT LAN Manager Domain are requested.
    All
    Username, Password, and Domain are required.
    Use preemptive Basic authentication
    Select the check box to enable pre-emptive authentication or clear the check box to disable pre-emptive authentication.

    With pre-emptive authentication, the client sends the Authorization header with all requests rather than only when it's requested by the server.

    The Username, Password, and Domain fields, if completed, are used to authenticate to the web server that lies behind the proxy server.

    Note: Basic authentication and pre-emptive authentication are not secure authentication methods as the user name and password are sent over the network in plain text. For more information see HTTP Specifications RFC 2617.

    Kerberos settings

    Specify the settings for single Sign-On (SSO), or the Kerberos principal and password for HTTP authentication. In case of a Kerberos principal and password, you can configure authentication to the HTTP server in the following two ways:
    • By using a Kerberos Realm and Key Distribution Center
    • By using an external krb5 configuration file
    The following list describes the authentication settings:
    Use SSO (Run with current user credentials)
    Single Sign-On (SSO) allows you to run HTTP transport tests without a username and password. However, the following limitations apply:
    • SSO is available only on the Windows platform.
    • When running a test from HCL OneTest API as a Windows user, you must be authorized to access the configured HTTP server.
    • When running a test from an HCL OneTest API Agent, the agent must have been started as a Windows user that is authorized to access the configured HTTP server.
    • The computer on which the test is running must have a Windows registry setting as follows:
      HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\Kerberos\Parameters
      Value Name: allowtgtsessionkey 
      Value Type: REG_DWORD 
      Value: 0x000000001 (default is 0)
    Principal

    A Kerberos principal represents a unique identity to which Kerberos can assign tickets to access Kerberos-aware services. Enter the alias of the principal that you want to use for authentication.

    Password
    The password of the principal that you want to use for authentication.
    Kerberos Realm
    A set of managed nodes that share the same Kerberos database. Typically, this is the fully qualified domain name. For example, MYDOMAIN.ABC.COM.
    KDC
    The fully qualified hostname of the computer that contains the Key Distribution Center (KDC) service. This might also be the domain controller or Active Directory host. For example, DC.MYDOMAIN.ABC.COM.
    Use external krb5 config file
    The folder path to the krb5 configuration file. Click Browse to select one.
  5. Optional: Click Server to configure client socket settings and socket overrides. These settings configure the behavior of the transport when it is used in a stub. Client socket settings define the response that is sent when this transport is used as a server as part of a stub and a request is received that is not matched to a running stub.
    Table 3. Web server wizard, Server page fields
    Field Description
    Client Socket Settings
    Response Timeout (ms) The number of milliseconds a stub is given to respond before the default response is sent.
    Default Response code The default code to be returned by the stub if no match is found for the request. The default value for the default code is 503.
    Default Reason Phrase The default message to be returned by the stub if no match is found. The default value for the default reason is "No Stub available that matches the request".
    Server Socket Overrides
    Port By default, the stub listens on the port specified in the Settings tab. If that port is in use by another program or process, the stub must listen on a different port. If no alternate port is specified in this field, one is chosen at random, which is not a problem as long as the proxy server is routing traffic. However, if the real client needs to address the stub directly, enter an alternate port number in this field. For more information, see Virtualizing HTTP.
    Bind Address You have the option to enter a bind address. If you do not enter a value in this field, the address specified in the HTTP Bind Address field in the Application page of Library Manager is used. If there is no address specified in the HTTP Bind Address field, the transport will bind to all local addresses on the computer that hosts the web server.
    Authentication The following types of authentication are available:
    Basic
    Username and Password are sent over the network in plain text.
    Digest
    A hash function is applied to the Password before it is sent.
    NTLM
    An NT LAN Manager Domain is requested in addition to the other required fields. Either Basic or Digest must also be selected.
    All
    Username, Password, and NT LAN Manager Domain are accepted.
    Realm You can specify a realm name to be prepended, with a slash, to a username, in the form realmName/personalName@domainName.
    Domain You can specify a domain name to be appended, with an at-sign (@), to a username, in the form realmName/personalName@domainName.
    Send Nonce You have the option to send an arbitrary number to be used in digest access authentication.
    Opaque You can specify a string of data to be returned unchanged by the server. This field is used to send state information around a network.
    State You can save the current state between authentication requests.
    Algorithm Specify the algorithm to be used for digest authentication.
    QOP options Specify the quality of protection (QOP) for the authentication. The following values can be used to indicate to the client how the digest value should be calculated:
    • auth
    • auth-int
    Auth Params Specify any additional authorization parameters required as name-value pairs.
  6. Optional: Click Header to add name/value pairs to the header properties.

    These headers are sent with every message action such as Send Request or Send Reply. You can use fixed values or environment tags. Also, you can override the values by manually adding the same header to the messaging action.

    Note: You can use these headers to automatically differentiate stub replies from system replies. Proxied traffic routed to the system under test by way of the stub pass-through mechanism will also contain these headers.
  7. Optional: Click SSL to configure the secure socket layer settings for the transport.
    The SSL settings are described in the following table:
    Table 4. Web server wizard, SSL page fields
    Field Description
    Use SSL Select this check box to enable security for the transport.

    Selecting the check box makes the other controls on the SSL tab available. You can enable security for Testing (Client) or for Virtualization (Server) or both.

    Server certificates to trust All available identity stores are displayed in the drop-down menu. Select one of the following menu items:
    Trust All
    To accept any certificate presented by the server, regardless of its validity. This option is the default, and assumes you are focused on testing an application rather than the security of the server.
    New
    To define a new identity store.
    Identity store
    To specify an identity store that contains certificates that the client is to trust.
    Client identities to give to server All available identity stores are displayed in the drop-down menu. If you use mutual authentication, a suitable identity is selected from the chosen identity store. Select one of the following menu items:
    None
    If the server does not request an identity.
    New
    To define a new identity store.
    Identity store
    To use an existing identity store. Specify an alias in the Identity field.
    Certificate source All available identity stores are displayed in the drop-down menu. You can select one of the following menu items:
    Generated
    To use a certificate that HCL OneTest API generates for you. The source for that certificate is displayed in the Signed by field.
    New
    To define a new identity store.
    Identity store
    To use a certificate from an identity store.
    Signed by If you chose Generated in the Certificate source field, this field holds the location of a certificate within the HCL OneTest API installation directory that is used to generate the new certificate. This is a read-only field.
    Identity If you specified an identity store in the Certificate source field, use this field to specify the alias of a key in that identity store.
    Certificate Authorities a stub will trust All available identity stores are displayed in the drop-down menu. You can select one of the following menu items:
    Trust All
    To accept any certificate presented by the client.
    New
    To define a new identity store.
    Identity store
    To specify an identity store that contains certificates that the stub is to trust.
    Override default protocols If you are required to use a specific version of the secure sockets protocol, such as SSLv2 or TLSv1.2, enter that algorithm name here. For a complete list of algorithms, see Standard Algorithm Name Documentation.
  8. Optional: Click Recording to configure the recording settings of the transport.
    Table 5. Web server wizard, Recording page fields
    Field Description
    Recording Mode The following options are available:
    Packet Capture
    Requires packet capture software.
    • On Windows systems, Network Packet Capture is included in the HCL OneTest API installation program.
    • On non-Windows systems, libpcap is typically installed by default. If necessary, you can download the latest package from http://www.tcpdump.org/.

    For more information about packet capture, see Limitations of packet capture.

    External Proxy Server
    The proxies in HCL Quality Server are used by HCL OneTest API and HCL OneTest Virtualization to record all HTTP(S) traffic that is routed through the proxy. For information about this option, refer to HTTP/TCP proxy setup.
    Note: You can change the default option displayed in the Recording Mode list in the Recording tab. Complete the following tasks:
    1. Open the Preferences window by clicking Project > Preferences in the menu bar. Alternatively, click Window > Preferences in the menu bar.
    2. Click Recording.
    3. Under Transport Specific Recording, click an option in the Default Method for IP based list.
    4. Click Apply.
    5. Click OK.
  9. Click Test Transport to verify that the connection works.
  10. Click OK.

Results

The new physical web server resource is added to your project. In the Physical view of the Architecture School perspective, the web server is displayed with the port number included in the name.

What to do next

To use a physical resource, bind it to a logical resource in an environment. See Creating logical HTTP connections.
Feedback