e-Identification – Joining the customer testing environment

Print Friendly, PDF & Email

The customer testing environment of the e-Identification service is already available for public administration organisations and the developers of their e-services. By joining the customer testing environment, a public administration organisation can prepare for identification service deployment, determine the modifications needed in their e-service and test the e-service implementation.

In the future, public administration organisations can join the customer testing and production environment as a self-service through the support and administration site.

Requirements for joining the customer testing environment:

  • Any e-service that requires user identification can be connected to the customer testing environment. The customer testing environment is intended exclusively for testing and development use.
  • Customer test environment interface is located on the public network – a trust relationship between the identification service and the e-service is established by exchanging metadata between the services.
  • An organisation wishing to join this environment does not need data access authorisation granted by the Population Register Centre, as only testing and training data is in use.

How to join the environment

1. Prepare the e-service e-identification is a single sign-on system, therefore service providers that connect to the service need to implement both single sign-on and single logout functionalities.

In practice, this means that the service provider (SP) needs to Implement the following use-cases in development environment:

  • sending the AuthnRequest (SP-IdP)
  • receiving the Response to the AuthnRequest (IdP-SP)
  • sending the LogoutRequest (SP-IdP)
  • receiving the LogoutResponse (IdP-SP)
  • receiving the LogoutRequest (IdP-SP, Initiated from another SP-session)
  • sending the LogoutResponse (SP-IdP)

All these cases need to be tested before joining the actual e-service to the e-identification production environment.

2. Submit metadata

Submit the metadata file compliant with the SAML2 standard of the e-service to the maintenance team of e-Identification to the address For a description of the metadata file content, see the document E-service metadata (coming later).

3. Checking the metadata and adding the e-service to the test system

The maintenance team of e-Identification will check the contents of the submitted metadata file and add the data of the e-service to the customer testing environment.

4. Forming a trust relationship

For the metadata of the identification service customer testing environment, visit
The e-service maintenance team will form a trust relationship with the identification service on the basis of the metadata downloaded from this link.

5. The test use of the identification service can begin

The banking authentication providers connected to the identification service offer a few test users. The details of the test users can for example be found on the site

Additionally the test method “Testitunnistaja (urn:oid:” can be used with the following login information:

Social Description attributes LastName(s) FirstName(s)
010280-952L Finnish citizenship = 1 Testilä Tessa
010469-999W Finnish citizenship = 1 Kivi Joni Kristian
010675-9981 e-mail Sallinen Anna-Liisa Milka
261298-998X permanent and temporary addresses Haapakoski Henriksson Kukka-Maaria Jennika Etel
040265-9985 permanent foreign address (EXPAT) Marttila Minerva Alli Aniitta
260991-999R Restricted release of data until 1.1.2021 Huhtiistinen Ilmari Folke
020365-999P deceased 1.11.2010 Grönholm Valtter Niila
020190-9521 Finnish citizenship = 1 Popov Anna Alexandra
110106A998M Finnish citizenship = 0 Johansson Anni Joanna
290574-9981 long Finnish address Sukunimetön Sinna
050391-999B first name contains special characters Parkkonen Äåöàáâãæçð Èèéêë-Ììíîïñòóôõ Øøßþùúûüýÿ
120997-9998 long foreign address, home municipality = 200 Tuulispää Timo
271258-9988 Finnish citizenship = 0, no Finnish residence, Poste Restante Tuulispää Ramona Ulla

6. Additional tips

The authentication flow with all corresponding SAML2 messages can be studied using a SAML tool (for example Firefox SAML tracer -plugin) and the test service at:

The service can also be used to test the single logout (SLO) -functionality of your own Service Provider.

 Document history

Version Action Date / author
 1.0 Document published on eSuomi 18.11.16 / NP
 1.1  Document updated  27.11.17 / NP

Document identifier: JTO21