Testing

The SWITCH edu-ID service exists in two versions, a test version and a production version.

  • The test version allows to run a variety of tests in an isolated testing environment. In general, testing is limited to test data. No production data is accessible. As the edu-ID Test IdP and the accompanying services are part of the AAI test federation, testing is limited to accessing services in the SWITCHaai test federation.
  • The production version can also be used for certain tests, if testing against production services is required or the organisation's production data (i.e. real accounts) need to be used during testing. The Terms of Use and Service Description of the SWITCH edu-ID apply. The IdP and services of the production version are part of the SWITCHaai production federation, therefore all AAI services in the production federation may be available for testing.
    The Staging IdP runs in the production environment and allows organisations not yet having adopted the edu-ID to test various login scenarios on an IdP instance that behaves practically identical to the production IdP.

The two versions differ in various points that might be relevant for the decision whether to test against the production version or the test version. Find below a comparison of the two instances:

Instance Test Production
EntityID https://test.eduid.ch/idp/shibboleth https://eduid.ch/idp/shibboleth
Federation AAI Test (but allows linking of SWITCHaai identities) SWITCHaai (production)
Availability High Very high (multiple nodes for IdP)
Changes Are added usually without further notice Affected users will be informed ahead of relevant changes
Federation Metadata

http://metadata.aai.switch.ch/metadata.aaitest.xml

Infos on signature validation

http://metadata.aai.switch.ch/metadata.switchaai.xml

Infos on signature validation

edu-ID IdP metatada
https://metadata.aai.switch.ch/entities/eduid-test https://metadata.aai.switch.ch/entities/eduid
Domain test.eduid.ch eduid.ch
Purpose Test/Debugging Use
Pre-Migration Testing
Production Use
Pre-Migration Testing
Special Features No terms of use apply. Create/delete any account for email addresses you own. Deleting own user account on request.
(NOTE: For migrated organisations: no deletion of accounts with active affiliation of the organisation)
Limitations Automatic notification emails (sent by cron jobs) are not sent to account holder but Swiss edu-ID team. Terms of Use allow only to create accounts that belong to a real person with a proper name. Account deletion currently only on manual request.
Account Quality Low attribute quality: attribute values and affiliations can not be trusted because they can be set and changed arbitrarily. High attribute quality of personal identity and affiliation according to the edu-ID quality model.
Accounts Identifiers
edu-ID identifiers differ from production. Always start with prefix "0000-".  Regular edu-ID identifiers.
Affiliations Affiliations in both test and production federation supported.
Always linked with edu-ID test account.
Affiliations in production federation supported only.
Always linked with edu-ID production account.
Affiliation Linking Linked account at organisation must include identifier of edu-ID Test account. Corresponding account at organisation must include identifier of edu-ID production account.
IdP Instance Test IdP
(limited to logins with test edu-ID accounts)
Production IdP
Staging IdP
(both allowing logins with real edu-ID accounts)

Administration Portal

For each home organisation in the production federation, an administration portal is available in the production and in the test version of the edu-ID service. It allows to view, manage and verify data during testing. Especially, it allows to create and view Technical Accounts usable for testing and monitoring.

To get access to the interface, a SWITCHaai account (or an edu-ID account) needs to be listed in the SWITCHaai resource registry of the SWITCHaai home organisation. The person has to be listed either as home organisation administrator or as attribute release policy administrator. More administrators can be added in the portal.

Production version: The administration portal of the production version displays all production edu-ID accounts that are linked to a SWITCHaai account related to the organisation. It is available at:

https://eduid.ch/web/organisation-administrator/

Test version: The administration portal of the test version displays all test edu-ID accounts (especially Technical Accounts) that are linked to a SWITCHaai account related to the organisation. It is available at:

 https://test.eduid.ch/web/organisation-administrator/ 

Determine your edu-ID Identifier

In some testing scenarios, you need to know the edu-ID identifier (UUID) of your own edu-ID test account.

To determine the edu-ID Identifier of your own test account proceed as follows:

This only works for accounts in the edu-ID test system. The identifier is never exposed to users in the edu-ID production environment.

Migration Testing Scenarios

For a description on various testing methods for testing attribute synchronisation, logging in to service via the edu-ID IdP, etc., see

Testing Scenarios

Testing for Organizations with edu-ID Integration

Organizations with edu-ID integration in most cases don't need a particular Test IdP in the Test Federation. After the migration to edu-ID most universities decommision their test IdP.

Testing options available by default:

  • Services with classic or extended attribute model can be tested in the production federation.
  • Services with private edu-ID only identities can be tested in the test federation (using accounts from https://test.eduid.ch).
  • Services with extended attribute model can be tested in the test federation using test accounts with test affiliations.
  • A university can continue to operate its own test-IdP to test services with classic attribute model in the test federation.

Testing options available on request:

  • Services with extended attribute model can be tested in the test federation by default. If particular test affiliations are required, SWITCH staff can add them on request.
  • The test IdP is migrated to edu-ID and is no longer operated by the university. Affiliations are created by the university, and the classic attribute model can be used in the test federation. The setup of this infrastructure is charged for.