Metadata for test serviceshttps://haka.funet.fi/metadata/haka_test_metadata_signed.xml
Signing certificate for the metadata
Address for the DS-servicehttps://testsp.funet.fi/shibboleth/WAYF

Test environment

Haka federation members, partners and those planning to join Haka may test their Identity and Service Providers with CSC's test environment. Test environment consists of both identity and service providers running Shibboleth. It is strongly recommended to test a production service with the test environment prior to registering it to Haka.

It is recommended to apply same practices in relying to the test environment SAML metadata as with production Haka metadata.

The metadata and results of testing are public. No real personal data should be handled or transferred in test environment. If you have special requirements of you experience difficulties in testing, please contact.

To test your Service Provider

1. Register your test-SP by using Resource Registry.

  • If you can't find your own organisation in the list, please select: "Haka testiorganisaatio".

2. CSC will send you a notification e-mail as soon as your SP is added to Haka test metadata and ready to be tested in Haka test federation. E-mail will also include a test user account information to enable the use of CSC's Haka test IdP.

3. Download CSC's test metadata and configure your SP to use it (see above).

4. Configure your test-SP to use Haka test-DS.

5. Use browser to access your test service, you should be redirected to haka test-DS. Select CSC's test-IdP "Haka test IdP" as your home organization and use the test account that was sent to you via e-mail after you registered your test-SP.

To test your Identity Provider

1. Register your test-IdP by using Resource Registry. Manual for detailed information is available in Help menu.

If you can't find your own organization from the list in Resource Registry, choose "Haka testiorganisaatio".

2. Download CSC's test metadata and configure your IdP to use it (see above).

3. Configure your IdP to release attributes to CSC's test SP. List of requested attributes is included in the metadata for the test service.

4. Try against our test-SP at https://testsp.funet.fi/haka. Select your organization and login using your account. In case of successful login, test service is listing all the attributes released by IdP. If you need any assistance with the problems that you are facing, please contact and provide logs (related to failing authentication) to Haka helpdesk.

Attribute release test of production IdPs

Haka federation operator CSC provides a service for users and services to verify and test attribute release. The service is available to all Haka identity providers and their end users. All Haka identity providers are configured to release user's full set of attributes to this test service enabling users to verify their information at the identity provider.

The service can be found at https://rr.funet.fi/haka.

Other SAML2-implementations

With other SAML2-implementations that Shibboleth 2, it doesn't harm to pay attention to features of the tested implementation. In Haka test servers the used AuthnContext is "urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport", NameFormat of the attributes are "urn:oasis:names:tc:SAML:2.0:attrname-format:uri" and used NameID is "urn:oasis:names:tc:SAML:2.0:nameid-format:transient".

For details please check Haka SAML 2.0 profile!