...
Setting up a SAML Identity Provider (IdP) and using it to test its Service Provider (SP) would be ideal but is non-trivial and therefore in most cases too much effort. Using self-registration IdPs (e.g. https://openidp.feide.no/) and configuring them bilaterally with their Service Provider (SP) might be sufficient for development but as these IdPs are not part of eduGAIN, they don't allow federated login under real conditions from an eduGAIN IdP. Also, self-registration IdPs usually don't allow certain attributes (e.g. affiliation) to be set.
...
Your Service Provider first needs to be registered in eduGAIN metadata. Therefore, you should contact your nearest federation operators (please have a look at the list of eduGAIN member federations) to find out about the local process to join eduGAIN.
Once your SP's metadata is included into eduGAIN, you can start creating test accounts. Before you obtain the test accounts, it is checked that you are a legitimate administrator of your SP. This is achieved via an email challenge sent to the contact address for the Service Provider.
To use the test accounts, initiate a login at your SP. On the Discovery Service, select "eduGAIN Access Check" as your Identity Provider and then use the credentials of one of the created test accounts. Once authenticated, the eduGAIN Access Check IdP will send your SP release a realistic set of user attributesattributes with realistic values, based on those associated with the account, and those explicitely requested by the SP, according to its metadata. This allows you to validate that your service behaves as expected.
...
The code of the eduGAIN Access Check Account manager is published as open source. It's available at: https://code.geant.net/stash/projects/GN4SA2T2/repos/edugain-access-check---account-manager/browseFIXME. Feel free to install it to run you own instance of the service.
...