Differences
This shows you the differences between two versions of the page.
Next revision | Previous revision Next revisionBoth sides next revision | ||
en:functionaltest_sp [2017/06/15 14:16] – created Wolfgang Pempe | en:functionaltest_sp [2022/05/17 12:29] – [Test Accounts] added newer test accounts Silke Meyer | ||
---|---|---|---|
Line 1: | Line 1: | ||
====== Functional Tests for Service Providers ====== | ====== Functional Tests for Service Providers ====== | ||
- | There are two IdPs available in the test federation | + | The DFN operates |
^ DisplayName | ^ DisplayName | ||
- | | DFN Test-IdP 1 | https:// | ||
| DFN Test-IdP 2 | https:// | | DFN Test-IdP 2 | https:// | ||
+ | |||
+ | **NB:** There is also an AAI Integration and Test IdP available in the production federation. Accounts are issued on request, please contact [[mailto: | ||
==== Test Accounts ==== | ==== Test Accounts ==== | ||
The following accounts are available by default: | The following accounts are available by default: | ||
Line 12: | Line 13: | ||
| test-me | | test-me | ||
| test-ma | | test-ma | ||
- | The primary purpose of these accounts is to test authorisation with typical content providers - in that case the user test-na is not entitled to access any protected content. | + | |test-all |test |only if required in SP metadata|only if required in SP metadata|all attributes that the SP requires in its metadata| |
- | In case that further test users are required | + | |test-special-charactrers1, |
- | ==== Attribute-based Authorization ==== | + | |test-multi-mail |test |only if required in SP metadata|only if required in SP metadata|multiple values in e-mail attribute, all attributes that the SP requires in its metadata| |
- | **Important: | + | |
- | In aller Regel steht ein Dienst bzw. Service Provider | + | The primary purpose of these accounts is to test authorisation with typical content providers - **in this case the user 'test-na' |
+ | |||
+ | **If more and/or other attributes | ||
+ | * | ||
+ | *==== Attribute-based Authorization ==== | ||
+ | **Important: | ||
+ | In the overwhelming majority of cases, a service (respectively a Service Provider) is supposed to be available only for a subset of the users affiliated with a Home Organization. For this reason, a successful authentication at the home IdP is usually not sufficient for granting access to a protected resource! Rather, the authorization decision must be made by means of the user attributes released by the IdP. Which attributes (and attribute values) are appropriate for this purpose, depends on the type and implementation of the service / Service Provider. If you have any questions, please contact the [[https:// | ||
+ | |||
+ | See also the comprehensive documentation on [[https:// | ||
+ | |||
+ | **Next step:** [[en: |