Suomi.fi e-Identification – Joining the customer testing environment
- Suomi.fi e-Identification – Joining the customer testing environment
The customer testing environment of the Suomi.fi e-Identification service is already available for public administration organisations and the developers of their e-services. By joining the customer testing environment, a public administration organisation can prepare for identification service deployment, determine the modifications needed in their e-service and test the e-service implementation.
In the future, public administration organisations can join the customer testing and production environment as a self-service through the support and administration site.
Requirements for joining the customer testing environment:
- Any e-service that requires user identification can be connected to the customer testing environment. The customer testing environment is intended exclusively for testing and development use.
- Customer test environment interface is located on the public network – a trust relationship between the identification service and the e-service is established by exchanging metadata between the services.
- An organisation wishing to join this environment does not need data access authorisation granted by the Population Register Centre, as only testing and training data is in use.
How to join the environment
1. Prepare the e-service
Suomi.fi e-identification is a single sign-on system, therefore service providers that connect to the service need to implement both single sign-on and single logout functionalities.
In practice, this means that the service provider (SP) needs to Implement the following use-cases in development environment:
- sending the AuthnRequest (SP-IdP)
- receiving the Response to the AuthnRequest (IdP-SP)
- sending the LogoutRequest (SP-IdP)
- receiving the LogoutResponse (IdP-SP)
- receiving the LogoutRequest (IdP-SP, Initiated from another SP-session)
- sending the LogoutResponse (SP-IdP)
All these cases need to be tested before joining the actual e-service to the Suomi.fi e-identification production environment.
2. Submit metadata
Submit the metadata file compliant with the SAML2 standard of the e-service to the maintenance team of Suomi.fi e-Identification to the address firstname.lastname@example.org. For a description of the metadata file content, see the document E-service metadata (coming later).
3. Checking the metadata and adding the e-service to the test system
The maintenance team of Suomi.fi e-Identification will check the contents of the submitted metadata file and add the data of the e-service to the customer testing environment.
4. Forming a trust relationship
For the metadata of the identification service customer testing environment, visit https://testi.apro.tunnistus.fi/static/metadata/idp-metadata.xml.
The e-service maintenance team will form a trust relationship with the identification service on the basis of the metadata downloaded from this link.
5. The test use of the identification service can begin
The banking authentication providers connected to the identification service offer a few test users. The details of the test users can for example be found on the site https://support.signicat.com/display/S2/Finnish+Tupas+test+info
Additionally the test method “VETUPAS” can be used with the following login information:
|Username||Password||Social Sec. No.||FirstName||LastName|
6. Additional tips
The authentication flow with all corresponding SAML2 messages can be studied using a SAML tool (for example Firefox SAML tracer -plugin) and the test service at: https://testipalvelu.apro.tunnistus.fi.
The service can also be used to test the single logout (SLO) -functionality of your own Service Provider.
|Version||Action||Date / author|
|1.0||Document published on eSuomi||18.11.16 / NP|
|1.1||Document updated||27.11.17 / NP|
Document identifier: JTO21