This is an old revision of the document!


Functional Tests for Service Providers

The DFN operates two IdPs for performing functional tests in the Test Federation:

DisplayName EntityID Remarks
DFN Test-IdP 1 https://testidp.aai.dfn.de/idp/shibboleth SAML2, requires attribute query
DFN Test-IdP 2 https://testidp2.aai.dfn.de/idp/shibboleth SAML2, standard behaviour (attribute push)

NB: There is also an AAI Integration and Test IdP available within the production federation. Accounts are issued on request, please contact hotline@aai.dfn.de.

The following accounts are available by default:

user password eduPersonEntitlement eduPersonScopedAffiliation description
test-clt test urn:mace:dir:common-lib-terms member@… member of the university
test-na test affiliate@… affiliate with no privileges
test-lwi test urn:mace:dir:common-lib-terms library-walk-in@… walk-in patron at a library terminal
test-me test urn:mace:dir:common-lib-terms; urn:something… member@… member with multiple entitlements
test-ma test urn:mace:dir:common-lib-terms member@… ; staff@… member with multiple affiliations

The primary purpose of these accounts is to test authorisation with typical content providers - in that case the user test-na is not entitled to access any protected content.
In case that further test users are required, providing more specific attribute profiles, please contact hotline@aai.dfn.de.

Important: At many Home Organizations (not only in Germany), there are also users registered with the Identity Management System (and therefore able to login to the IdP) that are not members of the respective Institution in a strict sense, like guests, cooperation partners, almuni etc.
In the overwhelming majority of cases, a service (respectively a Service Provider) is supposed to be available only for a subset of the users at a Home Organization. For this reason, a successful authentication at the home IdP is usually not sufficient for granting access to a protected resource! Rather, the authorization decision must be made by means of the user attributes released by the IdP. Which attributes (and attribute) values are appropriate for this purpose, depends on the type and implementation of the respective service. If you have any questions, please contact the DFN-AAI Helpdesk.

  • Last modified: 3 years ago