WCAG - Test environment documentation

Last modified 20 Dec 2024 16:33 +01:00
Table of Contents

 

Cooperation introduction

Evolveum has worked with Internet2/InCommon and several universities to make the midPoint self-service interface accessible to end users with disabilities. We have completed the implementation for WCAG and are preparing for certification of WCAG 2.2.

HAN University did a quick check according to WCAG 2.1 guidelines and sent us a bug report, which we have incorporated, for which we thank them very much.

Point of interest

The main reason is to improve Midpoint’s environment in terms of self-service. The purpose is to make the environment flexible and adaptable for people with disabilities and thus to make the overall work with the platform easier and usable for all without any discrimination.

The aforementioned self-service consists of 10 basic parts:

Self-service item Definition

Dashboard (Home)

Dashboard is configurable object in midpoint, providing basic information about state of Midpoint/User. The dashboard contains the basic most important data in order to deliver information about the user’s status as quickly as possible. This is mainly about the user’s accesses, requests and other miscellaneous information whose importance is specifically determined by the client. Elements can be in the form of a dashboard, table or widget.

Profile

It is used to manage basic user information in midPoint. It consists of various attributes whose values can be freely managed by the user (if allowed by internal policy). These are then automatically (in most cases) provisioned to the user’s assigned accounts in the associated applications/accesses. Among other things, from here the user can manage his accesses, see his accounts, track history, etc.

Credential management

This functionality is used to quickly reset/change password(s) for user account(s).

Access request

Functionality used to request access on demand. The mechanism imitates shopping in an e-shop where the user chooses/can choose from a catalogue of different accesses, add them to the basket, specify the activation period and then send a request ("order").

Approval process

A more advanced feature extending the access request process (for example). The process is that a specific user has been given the ability to evaluate access requests and decide on the outcome.

Self-Registration

Registration of new account.

Log in

Log in in two different ways, one using the classic login form with name and password and one using the OIDC login via the Identity Provider server.

Post-authentication form

Fill in the required details after first logging in.

Reset password

The process of recovering the password if the user forgets it.

Identity recovery

The process of identifying a username based on correlation information from the user.

 

Environment

When you click on the link for demo, you will be taken to the platform login screen.

The test environment contains two parts that are not subject to testing:

  • one is the login page for OIDC on the Azure server

  • the other is downloading the email notification and opening the link it contains.

The pre-login pages consist of a central panel that can contain input fields, messages and buttons.

Once logged in, you will be taken to the main "Home" screen. The interface consists of a main navigation menu (left), a title bar with additional information and features (top), and a dynamic window that displays content based on the item you have selected from the navigation.

 

Taskflow

Self-Registration

Self-registration is a classic process that we see on other systems when a new account is created. In our test environment it will be a new student.

Please use a real email when registering as you will receive an email with a link that you must open to complete the registration.
Task 1: Observe the environment and flow of register new user (expand for solution) 
1) Click on "Register new account"
2) Fill in all inputs (Given name, Family name, Email and Password).
3) Click on "Register" at the end of form.
4) Open the link in the email you received to confirm your registration.
5) Now we can see that the registration was successful.
6) Click "Back to login" at the bottom of the panel to return to the basic login page.

Log-in (Students)

In the testing environment we have two ways of logging in: for students and for employees. In this case, we will use our registered account and log in as a student.

Username and password for logging in can be found in the email you received when you registered.
Task 1: Observe the environment and flow of login process (expand for solution) 
1) In the login panel, select "Student" and click "Submit".
2) Fill in username and password.
3) Click on "Sign in" at the end of form.
4) You are now logged in.

Dashboard (Homepage)

Home page consists of different configurable widgets. For now, there are two types of widgets, link widgets and preview widgets. Link widgets can be configured and used for better and quicker navigation to desired pages (even external links are supported). Preview widgets show concrete data, and it is also possible to define custom navigation actions.

In this process is important to keep the observation capability simple and the scanning difficulty as easy/efficient as possible.

    Task 1: Observe the environment of Dashboard/Homepage
 

Profile management

The Profile page displays all necessary information about the logged-in user (or service). The information displayed is influenced by permissions and GUI customisations. By combining these two mechanisms, it is possible to define what kind of information is shown to a specific (logged-in) user.

    Task 1: Observe the environment

Task 2: Update the profile (expand for solution) 
1) Go to Profile (from side menu)
2) Click on "show empty fields" at the end of form
3) Choose input field and change the values (e.g. Nickname, Preferred Language, Date of birth, External student)
4) Click Save (green button at top) to apply change
5) Observe form of saving process

 

Credential management

Changing password functionality is located on the separate page to make this process easy and fast. This page contains only the essentials to make the process as quick and straightforward as possible. The user is asked to enter their old password, the new password and repeat the new password again. A password strength indicator assists the user in the password change process, along with password conditions, which are located on the right side. For more complex configurations, the user is also supplied with a section in which the user can select which resources will be affected by the change and can also be informed whether the change can occur at all.

    Task 1: Open Credentials from sidemenu and observe the environment and layout

Task 2: Update the password (expand for solution) 
1) Select Credentials from side menu
2) Fill previous password and the new one
3) Click Change password
4) Remember a new password and use it for future logins
5) Observe saving process

 

Access request

Role (Access) requesting tries to resemble a kind of wizard that will guide you through the entire request process and should feel and give the impression that someone is helping you. This process simply allows users to request access pretty much anywhere they need it (Application/Service/Resource/etc.) depending on the configuration of midPoint and its so-called role catalog, of course.

    Task 1: Open Request access from sidemenu and observe the environment and layout

Task 2: Request a role for group/others (expand for solution) 
1) Go to Request access (option in sidemenu)
2) Go along with the instructions (select group)
3) Select 'kblair' (try both possibilities via input field and select button)
4) Now this task is finished. The next steps are the same as in the next task, so we only needed to test select user in the previous step.
5) Now we need to refresh the access request process, so we remove the selected user 'kblair' and go back to the first step of the wizard.
Task 3: Request a role for myself (expand for solution) 
1) Go to Request access (option in sidemenu)
2) Go along with the instructions (select myself)
3) Go along with the instructions (select default)
4) Observe the Shopping catalogue
5) Go to 'Roles of teammate' (option in catalog menu)
6) Select 'jsmith' (again try both possibilities via input field and select button)
7) Add to cart role named as "Auditorium A1"
8) Go to 'Access to building' -> 'Auditoriums' (option in catalog menu)
9) Add to cart role named as "Auditorium A2"
10) Go to 'All roles' (option in catalog menu)
11) Add to cart role named as "Auditorium B"
12) Go to 'Access to building' -> 'Laboratories' (option in catalog menu)
13) Add to cart role named as "Laboratory B"
14) Click "Next:Shoppig cart" button or click on Cart icon in title bar
15) In table of 'Items in cart' edit access with name 'Laboratory B (default)'
16) In popup fill in 'Valid to' and for 'Organization reference' select org 'Chemistry' and save changes
17) Select validity "1 year"
18) Now we request role, that have conflict, so open conflict solver
19) Keep Auditorium A1 and fix conflict
20) Observe the result and go back to shopping card
21) Click "Submit my request"
22) Observe the saving process
23) We can see sent request in table 'My requests'

 

Approval process

When midPoint encounters access request operation it will consult the policies (Policy Rules) and decide whether the operation needs to be driven through an approval process. If an approval is needed then midPoint will automatically compute the approvers and start a workflow process to drive the approvals. Now we log-in as approver and approve previous request.

During the login process we will be redirected to ID provider sites, these pages are not subject to certification.

    Task 1: Observe the environment and layout

Task 2: Approve the request (expand for solution) 
1) Logout if you are logged in.
2) Login as employee, select "Employee" and click "Submit"
3) As OpenId provider select 'Azure'
4) Now fill username and password for approver. (This credential has been privately distributed.)
5) We were redirected to the post-authentication page, where we had to add some necessary information, as this was the approver's first login to midPoint.
6) Fill 'approver' as nickname, select 'english' as preferred language, select some image for photo, select 'false' as external employee and click on 'Submit'
7) Go to Cases -> My work items (option in sidemenu)
8) Approve assigning roles "Laboratory B" and "Auditorium A1" and reject assigning role "Auditorium B"
9) Now you can logout as approver and log in as you registered student
10) We can see new accesses in table 'My accesses'

Identity recovery

Identity recovery feature brings the possibility to recover user’s data in case they were forgotten. User can recover their login name or other data depending on the configuration.

Suppose we have forgotten our username and password and want to log into the system. First we find out our username and then we reset our password.

    Task 1: Observe the environment and layout

Task 2: Approve the request (expand for solution) 
1) Logout if you are logged in.
2) Click on 'Recover your identity'
1) Select "Student" and click "Submit".
3) Fill in your given name and family name that we used for registration.
4) Now we see our found identity, copy/remember the name and click on 'Confirm my identity'.
2) Click on 'Reset password'
2) Fill copied/remembered name and submit
5) Now we click on link in received mail, fill in new password and click on 'Change password'
6) Now we can log in with new password, so select 'Student' and fill in name and new password

Recovery to initial state

If you need to restore the server to its initial state in order to start testing again, please contact Evolveum with the request to restore the server to its initial state.

Was this page helpful?
YES NO
Thanks for your feedback