Services, such as Web services, in different domains or networks often need to communicate with one another. Federation is an authentication concept that allows users in one domain or network to obtain authenticated access to services in another domain or network. Certain protocols are developed around the exchange of tokens (such as XML tokens) that are distributed by an authentication server (or a login server) in a network. The tokens are consumed by corresponding federation servers as well as “partner websites” or Web services in a different domain or a different network.
When developing and testing a new web service or application, it is important to ensure that the web service or application properly handles defective tokens. Defective tokens may be generated, for example, by a malfunctioning server or by someone attempting to hack into a computer system, hack into a network, or otherwise compromise a computer system or network. A defective token may include one or more of the following: an improper structure, incorrect data, or improper signature).
In a network of web services, a token is typically acquired by contacting an authentication server and requesting a token. This approach is not well-suited to testing a new web service or application for proper handling of defective tokens because a properly functioning authentication server is not likely to generate defective tokens. In a live network environment, it may be undesirable for the authentication server to intentionally generate defective tokens for testing purposes. These defective tokens may disrupt the normal operation of the network.
Therefore, it would be desirable to provide the ability to generate arbitrary tokens, including defective tokens, to determine how web services and/or applications handle the arbitrary tokens.