Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revisionBoth sides next revision | ||
en:functionaltest_sp [2017/06/15 14:43] – Wolfgang Pempe | en:functionaltest_sp [2022/05/17 12:29] – [Test Accounts] added newer test accounts Silke Meyer | ||
---|---|---|---|
Line 2: | Line 2: | ||
The DFN operates two IdPs for performing functional tests in the Test Federation: | The DFN operates two IdPs for performing functional tests in the Test Federation: | ||
^ DisplayName | ^ DisplayName | ||
- | | DFN Test-IdP 1 | https:// | ||
| DFN Test-IdP 2 | https:// | | DFN Test-IdP 2 | https:// | ||
- | **NB:** There is also an AAI Integration and Test IdP available in the production | + | |
+ | **NB:** There is also an AAI Integration and Test IdP available in the production | ||
==== Test Accounts ==== | ==== Test Accounts ==== | ||
The following accounts are available by default: | The following accounts are available by default: | ||
Line 13: | Line 13: | ||
| test-me | | test-me | ||
| test-ma | | test-ma | ||
- | The primary purpose of these accounts is to test authorisation with typical content providers - in that case the user test-na is not entitled to access any protected content. | + | |test-all |test |only if required in SP metadata|only if required in SP metadata|all attributes that the SP requires in its metadata| |
- | In case that further test users are required, providing more specific | + | |test-special-charactrers1, |
- | ==== Attribute-based Authorization ==== | + | |test-multi-mail |test |only if required in SP metadata|only if required in SP metadata|multiple values in e-mail attribute, all attributes that the SP requires in its metadata| |
- | **Important: | + | |
- | In the overwhelming majority of cases, a service (respectively a Service Provider) is supposed to be available only for a subset of the users at a Home Organization. For this reason, a successful authentication at the home IdP is usually not sufficient for granting access to a protected resource! Rather, the authorization decision must be made by means of the user attributes released by the IdP. Which attributes (and attribute) values are appropriate, | + | The primary purpose of these accounts is to test authorisation with typical content providers - **in this case the user 'test-na' |
+ | |||
+ | **If more and/or other attributes | ||
+ | * | ||
+ | *==== Attribute-based Authorization ==== | ||
+ | **Important: | ||
+ | In the overwhelming majority of cases, a service (respectively a Service Provider) is supposed to be available only for a subset of the users affiliated with a Home Organization. For this reason, a successful authentication at the home IdP is usually not sufficient for granting access to a protected resource! Rather, the authorization decision must be made by means of the user attributes released by the IdP. Which attributes (and attribute values) are appropriate | ||
+ | |||
+ | See also the comprehensive documentation on [[https:// | ||
+ | |||
+ | **Next step:** [[en: |