Release-check tester


These alternative options are provided only for testing purposes and are generally for use only by expert users.

SWAMID Best Practice Attribute Release check

In order for SWAMID to work as effectively as possible for students and employees as well as for service providers and identity providers, SWAMID recommends that service providers use entity categories to get the attributes that they require.

In order for services within the SWAMID federation to work as effectively as possible, SWAMID recommends the use of entity categories. Entity categories benefits not only students and employees but also administrators of relying and identity providers by providing a stable framework for the release of attributes.

During autumn 2019, SWAMID has updated its entity category recommendations and these will be implemented in our production environment during 2020.

This service is designed to help administrators of identity providers verify that their IdP follows the new recommendations.

SWAMID’s current recommendations for attribute release are available at https://wiki.sunet.se/display/SWAMID/SAML+WebSSO+Service+Provider+Best+Current+Practice.

Example configuration for Shibboleth can be found in the section entitled “Example of metadata configuration, attribute resolvers and attribute filters” on the following wiki page https://wiki.sunet.se/display/SWAMID/SAML+WebSSO+Identity+Provider+Best+Current+Practice.

A new version of the ADFSToolkit will be released which will help ADFS IdPs to follow the new recommendations.

The SWAMID best practice attribute release check consists of the following tests:

      Test 0 - Shows information from the IdP’s metadata. Checks SIRTFI etc.
      Test 1 - The IDP should NOT release any attributes if no entity category is requested
      Test 2 - The IDP SHOULD release name, email and eduPersonPrincipalName is the requested entity category is Refeds R&S
      Test 3 - The IdP SHOULD release some requested attributes in accordance with Géant Code of Conduct (CoCo) (from a SWAMID-based service provider)
      Test 4 - The IdP SHOULD release some other requested attributes in accordance with Géant Code of Conduct (CoCo) (from a SWAMID service provider)
      Test 5 - The IdP should NOT release a Swedish civic number (personnummer) in accordance with Géant Code of Conduct (CoCo) (from a non-SWAMID service provider)