rSPA Test Accounts

Introducing rSPAs - Restricted Special Purpose Accounts for application testing.

If you are a campus developer and would like to use rSPA Test accounts, email calnet-admin@berkeley.edu and indicate that you would like to be added to the rSPA access group.

rSPA Test accounts mimic active CalNet accounts for common use cases, such as employee, faculty, and registered student. rSPAs are a new, more secure way to test your application -- instead of replying on a single shared passphrase, as the Universal Test IDs do, these accounts use existing Special Purpose Account infrastructure to allow direct members of the rSPA access group to log in using their own passphrase. You must be added to the rSPA access group in order to use these accounts.


Shared attributes for all test accounts

berkeleyEduTestIDFlag: TRUE
berkeleyEduAffiliations: AFFILIATE-TYPE-SPA
berkeleyEduAffiliations: AFFILIATE-TYPE-TEST

Listing of the current rSPAs

 

CalNet ID

Description

Key selected attribute values

spa-faux-employee-staff

Employee, Staff

uid: 12012723
berkeleyEduAffiliations: EMPLOYEE-TYPE-STAFF
employeeNumber: 019999944
berkeleyEduUCPathID: 019999944
berkeleyEduOfficialEmail: spa-faux-employee-staff @ berkeley.edu
mail: spa-faux-employee-staff @ berkeley.edu

spa-faux-employee-faculty

Employee, Faculty

uid=12012735
berkeleyEduAffiliations: EMPLOYEE-TYPE-ACADEMIC
employeeNumber: 019999945
berkeleyEduUCPathID: 019999945
berkeleyEduOfficialEmail: spa-faux-employee-faculty @ berkeley.edu
mail:spa-faux-employee-faculty @ berkeley.edu

spa-faux-student-registered

Student, Registered

uid=12012740
berkeleyEduAffiliations: STUDENT-TYPE-REGISTERED
berkeleyEduStuID: 9999999997
berkeleyEduCSID: 9999999997
berkeleyEduOfficialEmail: spa-faux-student-registered @ berkeley.edu
mail: spa-faux-student-registered @ berkeley.edu

spa-faux-affiliate-staff-retiree

Affiliate, Staff Retiree

uid: 12012741
berkeleyEduAffiliations: AFFILIATE-TYPE-STAFF RETIREE
berkeleyEduAffID: spa12012741
berkeleyEduOfficialEmail: spa-faux-affiliate-staff-retiree @ berkeley.edu
mail: spa-faux-affiliate-staff-retiree @ berkeley.edu

spa-faux-affiliate-visiting-sch

Affiliate, Visiting Scholar

uid: 12012742
berkeleyEduAffiliations: AFFILIATE-TYPE-VISITING SCHOLAR
berkeleyEduAffID: spa12012742
berkeleyEduOfficialEmail: spa-faux-affiliate-visiting-sch @ berkeley.edu
mail: spa-faux-affiliate-visiting-sch @ berkeley.edu

Values for berkeleyEduIsMemberOf in the directory

 

UID

CNID

berkeleyEduIsMemberOf values (BE == dc=berkeley,dc=edu)

12012723

spa-faux-employee-staff

cn=edu:berkeley:app:auth-cas:box_app:box_app-access,ou=campus groups,BE
cn=edu:berkeley:app:auth-cas:g_suite:g_suite-access,ou=campus groups,BE
cn=edu:berkeley:app:auth-cas:webapp-default:webapp-default-access,ou=campus groups,BE
cn=edu:berkeley:official:affiliates:aff-test,ou=campus groups,BE
cn=edu:berkeley:official:all-accounts,ou=campus groups,BE
cn=edu:berkeley:official:spas,ou=campus groups,BE
cn=edu:berkeley:official:test-accts,ou=campus groups,BE

12012735

spa-faux-employee-faculty

cn=edu:berkeley:app:auth-cas:box_app:box_app-access,ou=campus groups,BE
cn=edu:berkeley:app:auth-cas:g_suite:g_suite-access,ou=campus groups,BE
cn=edu:berkeley:app:auth-cas:webapp-default:webapp-default-access,ou=campus groups,BE
cn=edu:berkeley:official:affiliates:aff-test,ou=campus groups,BE
cn=edu:berkeley:official:all-accounts,ou=campus groups,BE
cn=edu:berkeley:official:spas,ou=campus groups,BE
cn=edu:berkeley:official:test-accts,ou=campus groups,BE

12012740

spa-faux-student-registered

cn=edu:berkeley:app:auth-cas:box_app:box_app-access,ou=campus groups,BE
cn=edu:berkeley:app:auth-cas:g_suite:g_suite-access,ou=campus groups,BE
cn=edu:berkeley:app:auth-cas:webapp-default:webapp-default-access,ou=campus groups,BE
cn=edu:berkeley:official:affiliates:aff-test,ou=campus groups,BE
cn=edu:berkeley:official:all-accounts,ou=campus groups,BE
cn=edu:berkeley:official:spas,ou=campus groups,BE
cn=edu:berkeley:official:test-accts,ou=campus groups,BE

12012741

spa-faux-affiliate-staff-retiree

cn=edu:berkeley:app:auth-cas:box_app:box_app-access,ou=campus groups,BE
cn=edu:berkeley:app:auth-cas:g_suite:g_suite-access,ou=campus groups,BE
cn=edu:berkeley:app:auth-cas:webapp-default:webapp-default-access,ou=campus groups,BE
cn=edu:berkeley:official:affiliates:aff-test,ou=campus groups,BE
cn=edu:berkeley:official:all-accounts,ou=campus groups,BE
cn=edu:berkeley:official:spas,ou=campus groups,BE
cn=edu:berkeley:official:test-accts,ou=campus groups,BE

12012742

spa-faux-affiliate-visiting-sch

cn=edu:berkeley:app:auth-cas:box_app:box_app-access,ou=campus groups,BE
cn=edu:berkeley:app:auth-cas:g_suite:g_suite-access,ou=campus groups,BE
cn=edu:berkeley:app:auth-cas:webapp-default:webapp-default-access,ou=campus groups,BE
cn=edu:berkeley:official:affiliates:aff-test,ou=campus groups,BE
cn=edu:berkeley:official:all-accounts,ou=campus groups,BE
cn=edu:berkeley:official:spas,ou=campus groups,BE
cn=edu:berkeley:official:test-accts,ou=campus groups,BE

 

Values stored in BPR/CAT for uid=12012723

Basic Information data

Name: Faux-employee-staff SP_Account
Calnet Affiliate Id: spa12012723
CalNet ID: spa-faux-employee-staff
Roles: ldapNoExpDate, calnetAffilCalnetAffiliate, masterAccountActive, ouPeople   

Sample CAS client web application results display

The following table shows the properties and attribute values returned by the CAS server to a sample CAS client app hosted at the URL https://cas-p2.calnet.berkeley.edu/webapp-auth-vip when accessed using the spa-faux-employee-staff rSPA test/fake/faux account.

Authenticated User Id: 12012723 

Attributes

Key

Value

samlAuthenticationStatementAuthMethod

Multi-valued attribute: 2

  • urn:oasis:names:tc:SAML:1.0:am:password
  • urn:oasis:names:tc:SAML:1.0:am:unspecified

credentialType

Multi-valued attribute: 2

  • UsernamePasswordCredential
  • DuoCredential

uid

12012723

isFromNewLogin

true

bypassMultifactorAuthentication

false

authenticationDate

2019-05-03T16:56:13.607-07:00[America/Los_Angeles]

authnContextClass

mfa-duo

authenticationMethod

Multi-valued attribute: 2

  • BerkeleyAuthenticationHandler
  • mfa-duo

successfulAuthenticationHandlers

Multi-valued attribute: 2

  • BerkeleyAuthenticationHandler
  • mfa-duo

berkeleyEduIsMemberOf

Multi-valued attribute: 7

  • cn=edu:berkeley:official:spas,ou=campus groups,dc=berkeley,dc=edu
  • cn=edu:berkeley:app:auth-cas:box_app:box_app-access,ou=campus groups,dc=berkeley,dc=edu
  • cn=edu:berkeley:app:auth-cas:g_suite:g_suite-access,ou=campus groups,dc=berkeley,dc=edu
  • cn=edu:berkeley:app:auth-cas:webapp-default:webapp-default-access,ou=campus groups,dc=berkeley,dc=edu
  • cn=edu:berkeley:official:test-accts,ou=campus groups,dc=berkeley,dc=edu
  • cn=edu:berkeley:official:affiliates:aff-test,ou=campus groups,dc=berkeley,dc=edu
  • cn=edu:berkeley:official:all-accounts,ou=campus groups,dc=berkeley,dc=edu

berkeleyEduAffiliations

Multi-valued attribute: 3

  • AFFILIATE-TYPE-SPA
  • EMPLOYEE-TYPE-STAFF
  • AFFILIATE-TYPE-TEST

longTermAuthenticationRequestTokenUsed

false