The SWITCH edu-ID service exists in two versions, a test version and a production version.
- The test version allows to run a variety of tests in an isolated testing environment. In general, testing is limited to test data. No production data is accessible. As the edu-ID Test IdP and the accompanying services are part of the AAI test federation, testing is limited to accessing services in the SWITCHaai test federation.
The Staging IdP runs in the production environment and allows organisations not yet having adopted the edu-ID to test various login scenarios on an IdP instance that behaves practically identical to the production IdP.
The two versions differ in various points that might be relevant for the decision whether to test against the production version or the test version. Find below a comparison of the two instances:
|Federation||AAI Test (but allows linking of SWITCHaai identities)||SWITCHaai (production)|
|Availability||High||Very high (multiple nodes for IdP)|
|Changes||Are added usually without further notice||Affected users will be informed ahead of relevant changes|
|edu-ID IdP metatada
(NOTE: For migrated organisations: no deletion of accounts with active affiliation of the organisation)
|Account Quality||Low attribute quality: attribute values and affiliations can not be trusted because they can be set and changed arbitrarily.||High attribute quality of personal identity and affiliation according to the edu-ID quality model.|
||edu-ID identifiers differ from production. Always start with prefix "0000-".||Regular edu-ID identifiers.|
|Affiliations||Affiliations in both test and production federation supported.
Always linked with edu-ID test account.
|Affiliations in production federation supported only.
Always linked with edu-ID production account.
|Affiliation Linking||Linked account at organisation must include identifier of edu-ID Test account.||Corresponding account at organisation must include identifier of edu-ID production account.|
|IdP Instance||Test IdP
(limited to logins with test edu-ID accounts)
(both allowing logins with real edu-ID accounts)
For each home organisation in the production federation, an administration portal is available in the production and in the test version of the edu-ID service. It allows to view, manage and verify data during testing. Especially, it allows to create and view Technical Accounts usable for testing and monitoring.
To get access to the interface, a SWITCHaai account (or an edu-ID account) needs to be listed in the SWITCHaai resource registry of the SWITCHaai home organisation. The person has to be listed either as home organisation administrator or as attribute release policy administrator. More administrators can be added in the portal.
Production version: The administration portal of the production version displays all production edu-ID accounts that are linked to a SWITCHaai account related to the organisation. It is available at:
Test version: The administration portal of the test version displays all test edu-ID accounts (especially Technical Accounts) that are linked to a SWITCHaai account related to the organisation. It is available at:
Determine your edu-ID Identifier
In some testing scenarios, you need to know the edu-ID identifier (UUID) of your own edu-ID test account.
To determine the edu-ID Identifier of your own test account proceed as follows:
- go to https://test.eduid.ch/ and log in
- go to https://test.eduid.ch/web/Shibboleth.sso/Session
- the edu-ID identifier is the value in Swiss_edu-ID
This only works for accounts in the edu-ID test system. The identifier is never exposed to users in the edu-ID production environment.
Migration Testing Scenarios
For a description on various testing methods for testing attribute synchronisation, logging in to service via the edu-ID IdP, etc., see
Testing for Organizations with edu-ID Integration
Organizations with edu-ID integration in most cases don't need a particular Test IdP in the Test Federation. After the migration to edu-ID most universities decommision their test IdP.
Testing options available by default:
- Services with classic or extended attribute model can be tested in the production federation.
- Services with private edu-ID only identities can be tested in the test federation (using accounts from https://test.eduid.ch).
- Services with extended attribute model can be tested in the test federation using test accounts with test affiliations.
- A university can continue to operate its own test-IdP to test services with classic attribute model in the test federation.
Testing options available on request:
- Services with extended attribute model can be tested in the test federation by default. If particular test affiliations are required, SWITCH staff can add them on request.
- The test IdP is migrated to edu-ID and is no longer operated by the university. Affiliations are created by the university, and the classic attribute model can be used in the test federation. The setup of this infrastructure is charged for.