Login Desktop and Web

All login types work on Desktop and Web:

Quick Checklist:

1. An account with domain, log on to
   1. desktop RM
   2. desktop for Users
   3. standalone web client
   4. work-entry web client
   5. barcode scanner
   6. other desktop apps
   7. In Work Desksite log in to IRM from Search-Records
2. Saml account, user can log in
   1. standalone web client
   2. work-entry web client
3. Trusted User Login on Desktop Client - cannot be tested in Test Environment (2018+)
   1. RM
   2. User version
4. Force password change
   1. in web client
   2. in desktop client
   3. upgrade user logs on on latest system
5. Change Password
   1. on web client standalone
   2. on web work version
   3. on Desktop RM
   4. on Desktop User
6. Domain Accounts, use to configure
   1. SPM Irm Agent - account in IRM and SPMAdmin/SPMAgent account in SPM (both with/without/ one with)
   2. Users in SPM system - staffing, otw, external user (some with/without)
   3. FS Agent configuration (with/without)
      1. securityPolicyManager.username=rm1@irm.com
      2. GOV-10469 - on https://wiki.imanage.com/pages/viewpage.action?spaceKey=IRM&title=Manage+In+Place
   4. Policy Service mapping and NRTADMIN account in Work (both with/without/ one with)
      
      

see also: Password Security DW

Standard Login for Desktop Clients

TEST both desktop clients:

• Desktop client for USERS
• Desktop client for RECORD MANAGERS

LOGIN DIALOG:

1. IRM Desktop Profession log in has 3 login options - Trusted Login, SAML Login, Standard Login. Can select any login tab - each log in screen displays correctly (reference link)
2. ERRORS:
   1. Invalid credentials entered. Appropriate, helpful messaging displays: Login failed. Check your username/password and try again
   2. Log in with CMS service not running. Appropriate, helpful messaging displays: RM server not available
3. LOGS IN:
4. Password is case-sensitive. Not accepted if this is entered incorrectly
5. User with domain: Successful login with domain. Fails if domain not entered.
6. Use Automatically connect: Check option - Automatically connect on startup
   1. Login. Close. Launch again. Login not required, automatically connects.
   2. Close, select SHIFT + launch application again, log in screen displays and user can log in again with different credentials
7. Logged in to Desktop client for RECORD MANAGERS > Circulation > Bar Code. Log in to Barcode application. Close
8. Search: IRM Barcode Application. Login. Close.

Note: GOV-18709: IRM Cert

1. https irm web login - https://bel-irmserver001:8443/
2. View certificate security information at url (lock or warning icon)
3. CA Root certificate (not trusted) - Expiry updated to 6/1/2029
4. (there are a lot of other issues with this certificate that seem to be out of reach)

DESKTOP:

On initial login screen:

1. In Library Manager, checkbox: Force password change for any account.
2. On login to Desktop Client, the Change password dialog displays
3. Enter old password. Then New and Confirm New password. Login dialog displays again. Enter new Password and successfully logged in.
4. Setting a new password that is the same as the old password is not allowed:
5. Error message displays (new or upgraded library in 10.0.10 testing)
   1. Message: Password must contain [password security policy ], and be different than the old password
6. Change to a valid new password. Can complete process and logs in
7. After 5 failed attempts, account gets locked out
   1. Message: Your account has been locked out due to failed login attempts. Please contact your administrator.

WEB:

1. Library manager: Create new user, setting Force-Password-Change to TRUE.
2. Web client login: enter this credentials for this user
3. Login form updates to Force Password Change form
   1. Blue Information section (Black border): Information Icon. Text: You must update your password before you can login Black border
   2. Password Requirements if set, else they are hidden. See tests for Change Password
   3. User must enter existing password, new password, confirm new password. See validation test for Chanage Password
4. Cancel. Back to login form. Login. Force Password Change form displays again
5. Enter valid credential for existing and new password.
   1. Force Password Change form closes
   2. Login form closes
   3. User is logged in to web client.
   4. Force-Login set to FALSE on User account, Library manager
   5. This user logs out, then back in. Not required to change password
6. Force password change again. Try to make new password same as existing password. This is not allowed. See tests for Change Password

DESKTOP:

On initial login screen:

1. Change Password. the Change password dialog displays.
2. Can set a new password
3. Cannot set a new password that is same as old password.
4. Set same password. Error message displays: Password must contain [password security policy ], and be different than the old password
5. Edit new/confirm new passwords

Logged in. Tools > Options > Login

• Displays login settings dialog.
• Enter password. Select Password change
• Verify the same as for initial login screen
• With new login set in Tools. Go to Circulation > Bar Code. Can log in with new password

Test both clients: DESKTOP for RECORD MANAGERS and DESKTOP for USERS. New and Upgraded libraries (10.0.10, Build 221+ March 2019)

WEB:

1. Using Standard login, login in
2. Go to User settings (top -right). Reset Password on menu. Text: Reset Password. Icon: padlock
3. Reset Password Pane:
   1. Left panel and main panel look same as login screen (greys, no content)
   2. Icon: Padlock with green bar. Page Title Reset Password
   3. Text fields, all required fields: Existing Password *, New Password *, Confirm New Password *
   4. No domain field
   5. Submit button. Always enabled
   6. Default to hide password input. Hold/Show Icon for each password field
   7. Can show / hide input. Icon updates
4. Enter no text. Submit: Message - Existing password required
5. Enter only current password. Submit: Message - Please provide a new password
6. Enter new password but do not enter confirmation. Submit: Message - Please confirm your password
7. Enter invalid confirmation. Submit: Message - Passwords do not match
8. Enter new and confirmation password that is same as existing password. Submit: Message - New password must be different from previous password
9. Enter invalid existing password. Not accepted
10. Error messaging: red, with x symbol
11. Use valid input - the correct existing password and a different new password, with matching confirmation. Submit. Success messaging displays. Fields clear
    1. Success messaging: green, with check symbol. Still on Reset page. (Same as TM not SPM, design limitation to go back/close. Accepted by PM)

Account locked out (5 failed attempts)

• Web client does not give specific message for this in the way that the desktop client does.
• It gives password error message

Password Requirements:

1. Configuration manager - System Configurations: Minimum requirements set to 0. Password requirements do not display.
2. Configuration manager - System Configurations: Set some Minimum requirements. Password requirements display on Reset password.
   1. Text: Password Requirements
   2. Requirements text GREY, with GREY WARNING icon
   3. As password requirements are met/input, requirements updates
      
      1. Text GREEN, Icon changes to GREEN Success checked symbol
   4. Updates back to GREY when new password changed and no longer meets requirement
3. Add/Remove (0)/edit requirements in System Configurations. Refresh page. Password requirements update

Test change password for :

• Users accounts with domain, without domain
• Users with set of privileges: default (not in group), All privileges (Admin), All non-manager/admin privs (Non-admin), Non-Admin without View User privilege (End-User persona)
• all browser, and on desktop and mobile
• Work-entry / work launcher

Standard Login for all other Desktop apps:

Data Loader
Application Designer
Data Model Migration Utility
Policy Service (when system is configured for SAML, check that Policy Service still works)

Integrates with other products:
File System Agent (when system is configured for SAML, check that MIP still works)
SPM

Work desktop client to irm desktop client: Search Records

SET UP: Install Desksite, then install Desktop Standard. Bitness must match.
Search Records will be available. RM install finds and extends registry entries that should add Search Records commands to the desksite UI

• In work/Desksite, right-click Workspace.
• Select Search Records
• Can log in to record manager and file plan or client/matter associated display
• If automatic log in set on Record Manager: Select Search Records, Record Manager - file plan or client/matter associated display

Desktop User with same bitness will install to C:\Program Files (x86)\Interwoven\WorkSite\Records Manager

GOV-18673: Desksite/Irm Desktop client using SAML login

1. With Saml authentication set up:
   1. saml steps here
   2. remember to set suppress error to false:
      1. in desktop client:
      2. C:\Program Files (x86)\Interwoven\WorkSite\Records Manager
      3. WOMDOTNET.config
      4. <add key="interwoven.recordsmanager.controls.ScriptErrorsSuppressed" value="false"/>
      5. in desksite:
      6. C:\Program Files (x86)\Interwoven\WorkSite
2. copy the desktop client WOMDOTNET file here
3. Check that IRM desktop client saml login works
4. Close Desktop client
5. Launch Desksite
6. Go to Search records (from Search or right-click any workspace)
7. Search records, launches IRM desktop client - login screen
8. Use Saml login. This is successful, user is logged into irm desktop client
   
   

Standard login on Standalone Web client

Test with URL: )

Test with URL: localhost:8443 - if using saml

(GOV-18668, if issues , can use localhost:8079/web/localAuth)

1. Reset Password, (see Password Security test-plan)
2. Force User to change password on logon, (see Password Security test-plan)
3. Login with valid credentials is successful. Displays Client list page in web client
4. Login with invalid - username / passsword / username and password - same general messaging for these cases
5. Login with valid credentials including domain - use valid domain, omit domain, invalid domain
6. Omit password, omit user-name, omit domain, omit all - cannot log in

Note:

• Login Screen: does not yet do what Desktop manager does:
• No Error message when trying to log in with configuration error - no Facility Added
• Authentication Error - logged in, password is changed, try using - CHECK THIS

Standard login from Work Web client (E2E)

checks e2e: user logs in to Work Web client, from its Matter page, this user accesses IRM web client.

As an Admin / Non-Admin / Lowest Priv user / User not in Group (use a variety of accounts):

Using Standard login

Log into Work.

1. Navigate to a Matter. Click View Records link. Log in to irm web client. Records for this matter display
2. Navigate to a Matter. Go to View Records on the matter context menu.
3. GOV-10718: Log-in page, focus on Username field (wont work in Firefox)
4. Log in to irm web client. Records for this matter display

Standard login Web-Entry launcher (for testing if work/irm integration not available)

If Work/IRM integration is not available to test. The Work-Entry Launcher can be used in test to directly log in this version of irm web client.

Login using web client launcher

Download web-client-launcher, launch client on any/all browsers. Test STANDARD and SAML log in.

UI:

1. GOV-10718: Log-in page, focus on Username field (wont work in Firefox)
2. Error page is styled to match iframe with top and side bar, back buttons

Error Messaging:

1. Username invalid, error message
2. Password invalid, error message
3. IRM server down, error message

Logging in:

1. Not logged in, "Login to IRM", log in, records displayed
2. Not logged in, "Form based login to IRM", log in, records displayed
3. Not logged in, "Clear IRM Authentication", returned to launch page, when select "View Records" prompted to log in
4. Not logged in, "View Records", log in, records displayed
5. Already logged in, "Login to IRM", log in, records displayed
6. Already logged in, "Form based login to IRM", log in, records displayed
7. Already logged in, "Clear IRM Authentication", when select "View Records" prompted to log in
8. Already logged in, "View Records", records displayed

Access:

Error message when attempt to access record with invalid client/matter ID

Usage: Work version Launcher:

Expected message/handling:

• Unable to load matter.
• Link back to login page

Scenarios for access from WORK web client's workspace page to IRM web client's client/matter page (*1 not all may be valid configuration)

1. When a workspace is not configured without client or matter.
2. When a workspace is configured with a client but not a matter, what happens.
3. When a workspace is configured with no client and is configured with a matter. CANNOT do this
4. When a workspace is configured with both a client and a matter and the user does not have access to the client
5. When a workspace is configured with both a client and a matter and the user does not have access to the matter.
6. When a workspace is configured with both a client and a matter and the user does not have access to either.
7. When a workspace is configured with both a client and a matter and client does not exist
8. When a workspace is configured with both a client and a matter and matter does not exist
9. When a workspace is configured with both a client and a matter and client does not exist
10. When a workspace is configured with both a client and a matter and neither exists.

Saml Login for Desktop Clients

Login dialog → Saml login

follow set up steps for Saml

Saml Login for all other Desktop apps:

Policy Service (when system is configured for SAML, check that Policy Service still works)

Integrates with other products:
File System Agent (when system is configured for SAML, check that MIP still works)

Saml login Standalone Web client

Set auth: loginType: to saml on .yml file

Enter https://localhost:8443 and redirects to https://beldc1.cantona.net/adfs/ls/

Enter valid user credential (IRM_Test / Govern123 and this username should have been added as a Trustee in Library Manager)

User is logged into Standalone web client - File plan displaying

With Saml configured, also check that Requests page can be opened in a new tab, Request page display without requiring login

GOV-9983: on application yml set domainNameKey: domain. Test with valid domain (GOVERN.COM) set on the Irm_Test Trustee account, successful log in

Test with no domain set on the Irm_Test Trustee account, log in fails

(Error: Internal Server Error exception: org.springframework.security.core.userdetails.UsernameNotFoundException message: GOVERN.COM:Irm_Test)

Test with invalid Domain (Cantona) set on the Irm_Test Trustee account, authentication will fail.

With domainNameKey not configured, trustee has domain. Log in will fail (If trustees have domain, domainNameKey mapping should be configured)

Check that Requests page can be opened in a new tab. Request page displays without requiring login as SAML is enabled

Sign-out, can log back in using localhost:8443 or localhost:8443/login

PREVIOUS Releases: rmserver/lib/rest-server.jar > formLoginSuccess.html Should not contain: if (loginHelper && loginHelper.basePath)\{ (Also in Release Ready tests)

Saml login Work Web client

As an Admin / Non-Admin / Lowest Priv user / User not in Group:

Using Saml login:

1. Log into Work with saml account.
2. Click View Records link and records for this matter display with need to log in again
3. On session time-out, the user will be prompted for SAML log in.

Session / tokens:

Standard login / SAML, remain logged in after token refresh
Standard login / SAML, logged out after token expiry

OTHER:

GOV-8927: no messaging when SAML not set up

GOV-6548: Other - Verify IRM Web launcher page

Log in with IRM Web Client URL lowercase/uppercase/mixed case

Log in with default/custom IRM Web Client port

Able to logon explicitly to IRM Web using a domain-user (GOV-9511)

Domain added to Web Client login page, tests:

Login with Domain:

1. User without domain can login to IRM Web, domain field left blank
2. User without domain cannot login to IRM Web when domain field is populated
3. User with domain can login to IRM Web when valid domain is specified (also test with password in lowercase/uppercase/mixed case)
4. User with domain cannot login to IRM Web when domain field is left blank
5. User with domain cannot login to IRM Web when invalid domain is specified

Username/Domain combinations:

1. Two users with same username, one with domain and one without, both can login to IRM Web by specifying / not specifying domain
2. Two users with same username, each with different domain, both can login to IRM Web by specifying valid domain
3. Two users with same username, each with different domain, cannot login without specifying domain