This is an old revision of the document!
Functional Tests for Service Providers
There are two IdPs available in the test federation for performing functional tests:
DisplayName | EntityID | Remarks |
---|---|---|
DFN Test-IdP 1 | https://testidp.aai.dfn.de/idp/shibboleth | SAML2, requires attribute query |
DFN Test-IdP 2 | https://testidp2.aai.dfn.de/idp/shibboleth | SAML2, standard behaviour (attribute push) |
Test Accounts
The following accounts are available by default:
user | password | eduPersonEntitlement | eduPersonScopedAffiliation | description |
---|---|---|---|---|
test-clt | test | urn:mace:dir:common-lib-terms | member@… | member of the university |
test-na | test | – | affiliate@… | affiliate with no privileges |
test-lwi | test | urn:mace:dir:common-lib-terms | library-walk-in@… | walk-in patron at a library terminal |
test-me | test | urn:mace:dir:common-lib-terms; urn:something… | member@… | member with multiple entitlements |
test-ma | test | urn:mace:dir:common-lib-terms | member@… ; staff@… | member with multiple affiliations |
The primary purpose of these accounts is to test authorisation with typical content providers - in that case the user test-na is not entitled to access any protected content.
In case that further test users are required, providing more specific attribute profiles, please contact hotline@aai.dfn.de.
Attribute-based Authorization
Important: At many Home Organizations (not only in Germany), sind auch Nutzerinnen im jeweiligen Identity Management System registriert, bei denen es sich nicht um Hochschulangehörige im engeren Sinne handelt (→ Landeshochschulgesetz), sondern z.B. um Gäste, Koperationspartner, Alumni etc.
In the overwhelming majority of cases, a service (respectively a Service Provider) is supposed to be available only for a subset of the users at a Home Organization. Daher darf ein erfolgreicher Login am IdP der betreffenden Einrichtung nicht als alleiniges Kriterium für den Zugriff auf einen Dienst gewertet werden. Vielmehr muss eine Autorisierungsentscheidung anhand der vom IdP übertragenen Attribute getroffen werden. Welche Attribute hierfür in Frage kommen, hängt von der Art und der Implementierung des jeweiligen Dienstes ab. If you have any questions, please contact the DFN-AAI Helpdesk.