Suomi.fi e-Identification – Joining the customer testing environment

Print Friendly, PDF & Email
 


The customer testing environment of the Suomi.fi e-Identification service is already available for public administration organisations and the developers of their e-services. By joining the customer testing environment, a public administration organisation can prepare for identification service deployment, determine the modifications needed in their e-service and test the e-service implementation.

In the future, public administration organisations can join the customer testing and production environment as a self-service through the support and administration site.

Requirements for joining the customer testing environment:

  • Any e-service that requires user identification can be connected to the customer testing environment. The customer testing environment is intended exclusively for testing and development use.
  • Customer test environment interface is located on the public network – a trust relationship between the identification service and the e-service is established by exchanging metadata between the services.
  • An organisation wishing to join this environment does not need data access authorisation granted by the Population Register Centre, as only testing and training data is in use.

How to join the environment

1. Prepare the e-service

Suomi.fi e-identification is a single sign-on system, therefore service providers that connect to the service need to implement both single sign-on and single logout functionalities.

In practice, this means that the service provider (SP) needs to Implement the following use-cases in development environment:

  • sending the AuthnRequest (SP-IdP)
  • receiving the Response to the AuthnRequest (IdP-SP)
  • sending the LogoutRequest (SP-IdP)
  • receiving the LogoutResponse (IdP-SP)
  • receiving the LogoutRequest (IdP-SP, Initiated from another SP-session)
  • sending the LogoutResponse (SP-IdP)

All these cases need to be tested before joining the actual e-service to the Suomi.fi e-identification production environment.

2. Submit metadata

Submit the metadata file compliant with the SAML2 standard of the e-service to the maintenance team of Suomi.fi e-Identification to the address tunnistus-kayttoonotot@vrk.fi. For a description of the metadata file content, see the document E-service metadata (coming later).

3. Checking the metadata and adding the e-service to the test system

The maintenance team of Suomi.fi e-Identification will check the contents of the submitted metadata file and add the data of the e-service to the customer testing environment.

4. Forming a trust relationship

For the metadata of the identification service customer testing environment, visit https://testi.apro.tunnistus.fi/static/metadata/idp-metadata.xml.
The e-service maintenance team will form a trust relationship with the identification service on the basis of the metadata downloaded from this link.

5. The test use of the identification service can begin

The banking authentication providers connected to the identification service offer a few test users. The details of the test users can for example be found on the site https://support.signicat.com/display/S2/Finnish+Tupas+test+info

Additionally the test method “VETUPAS” can be used with the following login information:

Username Password Social Sec. No. FirstName LastName
260553-959D 959D 260553-959D Teppo Testaaja
080533-952D 952D 080533-952D Tauno Testaaja
050156-935M 935M 050156-935M Tuomo Testaaja
270944-941C 941C 270944-941C Tero Testaaja

6. Additional tips

The authentication flow with all corresponding SAML2 messages can be studied using a SAML tool (for example Firefox SAML tracer -plugin) and the test service at: https://testipalvelu.apro.tunnistus.fi.

The service can also be used to test the single logout (SLO) -functionality of your own Service Provider.


 Document history

Version Action Date / author
 1.0 Document published on eSuomi 18.11.16 / NP
 1.1  Document updated  27.11.17 / NP

Document identifier: JTO21