Haka federation members, partners and those planning to join Haka may test their Identity and Service Providers with CSC's test environment. Test environment consists of both identity and service providers running Shibboleth 2. It is strongly recommended to test a production service with the test environment prior to registering it to Haka.
One must introduce CSC's (signed) test metadata for the IdP/SP-server to be tested, certificate for signature verification is available here.
To test your Service Provider
1. Register your test-SP by using Resource Registry.
2. Download CSC's test metadata and configure your SP to use it (see above).
3. Configure your test-SP to use Haka test-DS, address: https://testsp.funet.fi/shibboleth/WAYF
4. Use browser to access your test service, you should be redirected to haka test-DS. Select CSC's test-IdP "Haka test IdP" as your home organization and use the test account that was sent to you via e-mail after you registered your test-SP.
To test your Identity Provider
1. Register your test-IdP by using Resource Registry. Manual for detailed information is available in Help menu.
If you can't find your own organization from the list in Resource Registry, choose "Haka testiorganisaatio".
2. Download CSC's test metadata and configure your IdP to use it (see above).
3. Configure your IdP to release attributes to CSC's test SP, you may use this attribute filter in your Shibboleth 2 IdP.
4. Try against our test-SP at https://testsp.funet.fi/haka. Select your organization and login using your account. In case of successful login, test service is listing all the attributes released by IdP. If you need any assistance with the problems that you are facing, please contact and provide logs(related to failing authentication) to Haka helpdesk.
Attribute release test of production IdPs
Haka federation operator CSC provides a service for users and services to verify and test attribute release. The service is available to all Haka identity providers and their end users. All Haka identity providers are configured to release user's full set of attributes to this test service enabling users to verify their information at the identity provider.
The service can be found at https://rr.funet.fi/haka.
Other SAML2-implementations
With other SAML2-implementations that Shibboleth 2, it doesn't harm to pay attention to features of the tested implementation. In Haka test servers the used AuthnContext is "urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport", NameFormat of the attributes are "urn:oasis:names:tc:SAML:2.0:attrname-format:uri" and used NameID is "urn:oasis:names:tc:SAML:2.0:nameid-format:transient".
For details please check Haka SAML 2.0 profile!