Versions Compared

Old Version 11

changes.mady.by.user Ivan Kanakarakis

Saved on

compared with

New Version Current

changes.mady.by.user Ivan Kanakarakis

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Section

This environment is used to test the connection of services against the GÉANT AAI Service. Services ensure that they works correctly, in line with the policies and restrictions set by the GÉANT AAI Service.

The test environment is exactly the same as Production environment, but only a restricted group of people can access the connected services. This group is defined by the members of the Sandbox group.

In the test environment, services-owners ensure:

  • the connection between the service and the GÉANT AAI Service is properly established
  • the authentication flow is successful when connecting using the SAML or OpenID Connect protocols
  • the configuration of the service is stable and properly set
  • the service can correctly process the attributes and entitlements of users (see also Attributes available to Connected Services)


Section

Requirements to connect a service on the Test environment

See the Required fields for Service Registration for the requirements to connect a service to the Test environment.

The required fields in the service registration form are less strict for the Test environment. Only mandatory information for the service connection is needed. The reason is to be able to test the service even before all requirements are ready.


Section

How can a user become a member of the Sandbox group?

The first time a user tries to access a service that is connected to the Test environment, the user will get a message denying access to the service, unless the user joins the Sandbox group.

By clicking on the link that is presented for the Sandbox group, the user is directed to a registration page that allows to opt-in to the Sandbox group.

From then on, the user will see a warning about the status of the service status on the consent page.

Membership to the Sandbox group is valid for three months. After that period, the user will have to register again.


Section

Transition to the Production environment

Your service is ready to be part of the Production environment when:

  • All required fields in the service form have been provided
  • Your service is tested and behaves as expected in the Test environment


...

The Production environment

Description

Once the service owner is

sure

certain that the connection of the service with the GÉANT AAI Service is fully working as expected, the service owner can request to promote the service to the Production environment.

Access

to the service

on GÉANT AAI Service will be then

re-configured in the GÉANT AAI Service

reconfigured to allow access

to

from all GÉANT users, or a subset of GÉANT users, as defined by

their entitlements. This restriction

the authorization policies set for the service. These policies and restrictions can be further discussed and configured with

a

the help of the GÉANT

support

Helpdesk team.


Section
Section
- help@geant.org

All users accessing the production service have to go through registration to consent to the GÉANT AAI Service Acceptable Use Policy.

Section

Requirements to connect a service on the Production environment

See the Required fields for Service Registration for the requirements to connect a service to the Production environment.

The required fields in the service registration form are less strict for the Test environment. Only mandatory information for the service connection is needed. The reason is to be able to test the service even before all requirements are ready.

The requirements to connect to the production environment are stricter, and service-owners must ensure that their service meets all of them before

Section

Requirements

The requirements for the production service are more strict, and you should be sure that they have all been met before requesting the promotion of the service to the production environment.

Please check these pages:

  • Requirements for Services
    • Required fields for Service Registration